SUSE/openSUSE has a long history with the AppArmor Linux security module going back to the Novell days and when AppArmor was originally known as SubDomain. OpenSUSE/SUSE and Ubuntu Linux have been big proponents of AppArmor for Linux security but now moving forward on new installations of openSUSE Tumbleweed it will be defaulting to Security Enhanced Linux (SELinux).
It was announced today on the openSUSE Factory list that new openSUSE Tumbleweed rolling-release installations will begin defaulting to SELinux rather than AppArmor. Existing openSUSE Tumbleweed installations will not be affected unless manually changing over to SELinux. The announcement notes:
“We would like to announce that with the next openSUSE Tumbleweed snapshot 20250211 the default mandatory access control (MAC) system selected by the installer will be switched from AppArmor to SELinux in enforcing mode. Additionally, the openSUSE Tumbleweed minimalVM will be shipped with SELinux in enforcing mode.
Users installing openSUSE Tumbleweed via the ISO image will see SELinux in enforcing mode as default option in the installer. If the user prefers to use AppArmor instead of SELinux, they are able to change the selection to AppArmor manually in the installer. AppArmor continues to be excellently maintained by Christian Boltz (@cboltz) exactly as before.
Existing installations using AppArmor will *not* be migrated. In case the user wishes to migrate manually to SELinux, a guide is provided on the openSUSE wiki.”
OpenSUSE Leap 15.x will also keep to using AppArmor by default. The matter of switching from AppArmor to SELinux has been an openSUSE discussion point for the better part of the past year.
