Tumbleweed—openSUSE’s rolling release Linux distro—has made a significant change, swapping AppArmor for SELinux for new installs.

SELinux and AppArmor arꦡe the two most popular mandatory access control (MAC) systems for Linux,✅ limiting what actions installed applications can take. MAC serves as an important security layer, limiting the damage a rogue or malicious application can do.

Tumbleweed has traditionally relied on AppArmor𒀰 for its MAC imp🌟lementation, but the distro is now moving to SELinux, as is the downstream SUSE Linux Enterprise (SLE) and openSUSE Leap 16.

“Users installing openSUSE Tumbleweed via the ISO image will see SELinux in enforcing mode as default option in the installer,” wrote SELinux Security Engineer𓃲 Cathy Hu in . “If the user prefers to use AppArmor instead of SELinux, they are able to change the selection to AppArmor manually in the installer.”

The project’s said existing users will be able to continue using AppArmor, and new users can still select it during the installation process, but SELinux is expected to bring a greater level of security.

Tumblewe🌞ed has used AppArmor as its default LSM. This marks a shift in the default Mandatory Access Control (MAC) system for new installations as SELinux replaces AppArmor as the defa🦩ult choice. SELinux will be enabled in enforcing mode by default only for new installations. Existing installations will not be affected by the change and will retain the option to select AppArmor during installation if they prefer.

The switch to install SELinux by default is going through implementation and aligns with a decision to grow adoption of SELinux for both SUSE and openSUSE. It’s expected to increase secওurity by confining more services by default. SELinux is known for its rich security features and widespread use in enterprise environments.

The move is expected to bring tighter access controls to Tumbleweed. Users may encounter bugs or issues, but openQA tests for Tumbleweed have played a key role in identifying and resolvi♔ng potential problems in the early adoption phase.

SELinux is traditionally used by Red Hat and derivative distros, while AppArmor is used by Debian, Ubuntu, and their derivative✱s. AppArmor is generally seen as easier to use, but SELinux has more configuration options, greater flexibility, and a higher degree of security.

openSUSE distros already have an outstanding reputation for security, with the the developers implementi𝕴ng several hardening options few other distros use. The change to SELinux will only improve that security even more.