update RPM dependency for EL8

[balonik]

Hi,

EL8 (CentOS) is already using newer container-selinux package -> link Could you please update the dependency in spec file?

Thanks.

[Oats87]

The reason we have capped EL8 support is due to conflicting file contexts that were merged upstream. As such, we're dealing with needing to reconcile against these conflicting file contexts.

The capping for the container-selinux is done here: https://github.com/k3s-io/k3s-selinux/pull/21

The conflicting file contexts were merged here: https://github.com/containers/container-selinux/pull/140

@dweomer I think at some point it is likely reasonable for us to amend our policy for EL8 to comment out the conflicting upstream policies, but I do worry about breaking backwards compatibility for our users who are not willing to update to the latest set of RPMs.

[balonik]

@Oats87 is this conflict present in the 0.3 version as well? Should I be concerned having k3s-selinux-0.3 and container-selinux-2.167.0?

[Oats87]

Yes, the conflict exists in all versions of k3s-selinux today.

[larsks]

I think this is the same problem.

I've just upgraded from Fedora 34 to 35, and I see:

 Problem: package container-selinux-2:2.170.0-2.fc35.noarch conflicts with k3s-selinux <= 0.4-1 provided by k3s-selinux-0.2-1.el7_8.noarch
  - cannot install the best update candidate for package container-selinux-2:2.169.0-1.fc35.noarch
  - problem with installed package k3s-selinux-0.2-1.el7_8.noarch

Or when trying to install k3s-selinux:

 Problem: conflicting requests
  - nothing provides container-selinux < 2:2.164.2 needed by k3s-selinux-0.4-1.el8.noarch

[zdzichu]

@larsks you have k3s-selinux 0.4-1, try with https://github.com/k3s-io/k3s-selinux/releases/tag/v0.5.testing.1

[larsks]

@zdzichu thanks, that installs without the conflict, at least. Nothing has broken yet, so it seems to be working :).

[dweomer]

Fixed via #24 and https://github.com/k3s-io/k3s-selinux/releases/tag/v0.5.stable.1