openSUSE Tumbleweed Ditches AppArmor for SELinux
If you're an openSUSE Tumbleweed user, you can expect a major change to the distribution.
OpenSUSE Tumbleweed is a rolling release that is as secure as any Linux distribution, and it offers plenty of tools for power users (such as YaST). For years, it has used AppArmor as its underlying security layer, but that is about to change.
As a bleeding-edge distribution, the Tumbleweed developers don't mind making dramatic changes, especially with the internals. One such dramatic change, which was announced on the openSUSE Factory mailing list, will be the move from AppArmor to SELinux for mandatory access control.
SELinux will be set to enforcing mode on openSUSE Tumbleweed. However, if you would like to stick with AppArmor, you can do so manually in the OS installer.
It is also important to note that existing installations will not be switched to SELinux. Leap users don't have to fear, as this move will not affect their installations.
According to Cathy Hu (SELinux security engineer for SUSE), "We have tested the change manually and automatically via openQA. However, if you encounter any issues that could be related to SELinux, please feel encouraged to open a bug as it is really helpful to us."
Many believe SELinux to be the superior security option, while some believe it can be a bit too cumbersome.
