openSUSE Linux announced earlier this week that they are adopting SELinux as the default mandatory access control (MAC) system for new openSUSE Tumbleweed installations.
Until this change, openSUSE Tumbleweed shipped with AppArmor, a security module in the Linux kernel that allows system administrators to restrict the capabilities of programs with per-program profiles.
Starting with the openSUSE Tumbleweed snapshot 20250211, which is the latest ISO release at the moment of writing, AppArmor has been replaced with SELinux, a Linux kernel security module that supports access control security policies, including mandatory access control (MAC).
This change won’t affect existing openSUSE Tumbleweed installations. And, since we’re living in modern times where you can choose freely whatever you think it’s best for you, openSUSE gives users the choice of selecting between using SELinux or AppArmor as the default mandatory access control (MAC) system during the installation.
Furthermore, openSUSE said that the openSUSE Tumbleweed minimal VM image will be shipped with SELinux in enforcing mode. Also, Tumbleweed users who want to migrate from AppArmor to SELinux will be able to do so by using a guide provided on the openSUSE Wiki.
openSUSE also confirmed that its stable openSUSE Leap 15.x operating system series is not affected by this change in any way and will stay with AppArmor as the default mandatory access control (MAC) system.
Why this change? According to well-known Linux developer Neal Gompa working for Fedora Linux, openSUSE Linux, CentOS, and Mageia, SELinux has a larger community, is better accepted for higher security environments, and has a much better upstream development story.
Content retrieved from: https://9to5linux.com/opensuse-replaces-apparmor-with-selinux-on-new-tumbleweed-installations.
