https://bugzilla.suse.com/show_bug.cgi?id=1230118 https://bugzilla.suse.com/show_bug.cgi?id=1230118#c14 --- Comment #14 from Cathy Hu <cathy.hu@suse.com> --- pasting the progress update from the email to factory: Progress Update: SELinux as default MAC system on new Tumbleweed installations We would like to give you a progress update about the change of the default mandatory access control (MAC) system selection in the Tumbleweed installer from AppArmor to SELinux. For context, please refer to the email: "RFC: SELinux as default MAC system on new Tumbleweed installations" sent to this list on 2024-07-19. What has been done so far: We have prepared the change [0] in the Yast installer, which selects SELinux in enforcing mode as the default MAC system instead of AppArmor. ** This change, however, is *not* in Tumbleweed yet. This means that the MAC system selected by default in the installer is still AppArmor at this time. ** During testing, we found and fixed multiple bugs on the distribution side, with major help from different teams and people, especially Fabian Vogt from the Future Technologies team (thanks!). However, there is still a long way to go, as there are still blockers on the list [1], so it will take some more time. Additionally, openQA tests were assuming AppArmor as the only MAC system in some cases, so they needed to be adjusted to the change, and additional tests added for SELinux. Thanks to the openQA devs, especially the qe-core squad, multiple tickets have already been resolved. However, same as on the distribution side, there are still a lot of topics open [2]. Timeline update: We announced in our last email that we aimed to make this change latest by the end of 2024. Unfortunately, this goal was too optimistic and there is still a lot of work to do. Moving forward, we want to make the change in 2025, and I will provide you with further updates about the progress. TL;DR: - The default MAC system selected by the Tumbleweed installer at this time is still AppArmor. - During testing, we found some bugs on the distribution side, many of which have been resolved by now, but some are still open blockers. - openQA tests are being adjusted to the change as well, but there are still some that are not done yet. - We will move forward with a different timeline (2025, instead of end of 2024). - We are not introducing any other change to the previous plan. [0] https://build.opensuse.org/request/show/1198720 [1] https://bugzilla.suse.com/show_bug.cgi?id=1230118 [2] https://progress.opensuse.org/issues/166613 -- You are receiving this mail because: You are on the CC list for the bug.