Removing selinux-policy-* may break dnf when another selinux-policy-* package is installed

[vmojzis]

Removing selinux-policy- package when another selinux-policy- package is present may break dnf (error: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) No such file or directory error: Plugin selinux: hook psm_pre failed) and potentially the system (reboot may fail). This is user error since they are supposed to adjust /etc/selinux/config, but because of the possibility of preventing the next boot, we should address it.

checkConfigConsistency does not address the issue unless some selinux-policy- is installed/updated in the same transaction as the selinux-policy- currently in use is removed (e.g. when selinux-policy-mls is installed in the same transaction as selinux-policy-targeted is removed and SELINUXTYPE=targeted).

How reproducible:

# dnf install selinux-policy-mls
# dnf remove selinux-policy-targeted
# dnf reinstall vim-enhanced
Reinstalling:
 vim-enhanced                                                        x86_64                                                        2:8.2.2637-20.el9_1                                                           rhel-AppStream                                                        1.8 M

Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
RPM: error: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) No such file or directory
RPM: error: Plugin selinux: hook tsm_pre failed
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Could not run transaction.