Ghostboard pixel
Latest news
Development Updates

openSUSE Tumbleweed Ditches AppArmor for SELinux

openSUSE Tumbleweed has changed its default mandatory access control (MAC) system.

Sourav Rudra
opensuse logo is in the center with the apparmor logo to the left and selinux logo to the right
2 min read

openSUSE Tumbleweed is hands down one of the best rolling release Linux distributions out there. Many people prefer it over other distributions due to its stability and consistent updates, providing a near bleeding-edge experience.

There is another edition from the same project called openSUSE Leap, which focuses on long-term support and is a great option for those who prefer a more stable and laid-back distro experience.

Anyhow, an important change has been made to Tumbleweed, which mostly affects fresh installations. Let’s take a closer look. 👇

What's Happening: Announced on the openSUSE Factory mailing lists, upcoming snapshots of openSUSE Tumbleweed will ship with SELinux (in enforcing mode) as the default mandatory access control (MAC) system on the installer, with an option to switch to AppArmor if someone prefers that.

The developers mention that they have tested the SELinux implementation both manually and automatically (via openQA) to ensure stability and reliability.

To clarify things, a MAC system is an essential security mechanism on Linux (and other platforms) that strictly regulates access to files, processes, and system resources by enforcing a set of predefined policies.

SELinux and AppArmor are the most widely deployed offerings for Linux, with SELinux being a more secure option thanks to its system-wide enforcement instead of being app-specific like AppArmor. It's highly granular, label-based controls manage access across the entire system, mitigating potential breaches.

What to Expect: The Tumbleweed developers have based this on Fedora's SELinux policy, but with some openSUSE-specific changes to integrate it seamlessly.

Existing Leap 15.x users don't need to worry, as this change doesn't affect their installs, and users of existing AppArmor-equipped Tumbleweed installs can migrate to SELinux if they'd like to, but it's completely optional.

Via: Phoronix

Suggested Read 📖

openSUSE Leap vs Tumbleweed: What’s the Difference?
openSUSE is a very popular Linux distros, especially in the enterprise world. SUSE has been around in one form or another since 1996. During most of that time, they have only had one version. Then, in 2015, they changed things up and decided to offer two versions: Leap and Tumbleweed.
It's FOSSJohn Paul Wohlscheid

It's FOSS turns 13! 13 years of helping people use Linux ❤️

And we need your help to go on for 13 more years. Support us with a Plus membership and enjoy an ad-free reading experience and get a Linux eBook for free.

To celebrate 13 years of It's FOSS, we have a lifetime membership option with reduced pricing of just $76. This is valid until 25th June only.

If you ever wanted to appreciate our work with Plus membership but didn't like the recurring subscription, this is your chance 😃

Get Lifetime Membership of It's FOSS
Published in: Development Updates
Author
Sourav Rudra

Sourav Rudra

A nerd with a passion for open source software, building custom gaming rigs/workstations, motorsports, and more.

View articles

Read next

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS News.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.