diff --git a/patterns-base.changes b/patterns-base.changes
index b21ccca..10ba461 100644
--- a/patterns-base.changes
+++ b/patterns-base.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jan 16 12:52:36 UTC 2025 - Fabian Vogt <fvogt@suse.com>
+
+- selinux: Turn recommends for container-selinux into a hard but
+  conditional dependency
+
 -------------------------------------------------------------------
 Thu Dec 19 13:12:09 UTC 2024 - Fabian Vogt <fvogt@suse.com>
 
diff --git a/patterns-base.spec b/patterns-base.spec
index f34ab7f..2817a2e 100644
--- a/patterns-base.spec
+++ b/patterns-base.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package patterns-base
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -672,9 +672,11 @@ Requires:       selinux-policy
 Requires:       selinux-policy-base
 Requires:       selinux-tools
 Requires:       pattern() = minimal_base
+# Needed for podman et al.
+Requires:       (container-selinux if libcontainers-common)
 Recommends:     checkpolicy
-Recommends:     container-selinux
-Recommends:     selinux-policy-targeted
+# Use targeted as default policy if none was explicitly requested.
+Suggests:       selinux-policy-targeted
 
 %description selinux
 Security-Enhanced Linux (SELinux) provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).