On Fri, Jul 19, 2024 at 10:28 AM Cathy Hu <cahu@suse.de> wrote:
I'm excited about this change, personally. :)
yay :)
Does this mean the kernel config will change so that CONFIG_DEFAULT_SECURITY_SELINUX=y will be set instead of CONFIG_DEFAULT_SECURITY_APPARMOR=y? That is, I don't need to set "selinux=1" in the kernel commandline anymore for new setups? I would really like that to be included in this change...
So far our plan is that we will *not* change the kernel config. We will only change the default MAC setting in the installer to SELinux. The installer will then take care of setting the kernel command line in your bootloader for you, so no need to manually set selinux=1 then.
Hope that helps, let me know if it doesn't :)
Is this at least happening for the SFO/ALP kernels? Eventually I'd like to see this in Tumbleweed too. Regardless, a bunch of us are using configurations of openSUSE not made by an installer, so having these defaults handled in the kconfig ensures the right things happen out of the box for first party, second party, and third party folks. -- 真実はいつも一つ!/ Always, there's only one truth!