Hi all, We would like to announce that with the next openSUSE Tumbleweed snapshot 20250211 the default mandatory access control (MAC) system selected by the installer will be switched from AppArmor to SELinux in enforcing mode. Additionally, the openSUSE Tumbleweed minimalVM will be shipped with SELinux in enforcing mode. Users installing openSUSE Tumbleweed via the ISO image will see SELinux in enforcing mode as default option in the installer. If the user prefers to use AppArmor instead of SELinux, they are able to change the selection to AppArmor manually in the installer. AppArmor continues to be excellently maintained by Christian Boltz (@cboltz) exactly as before. Existing installations using AppArmor will *not* be migrated. In case the user wishes to migrate manually to SELinux, a guide [0] is provided on the openSUSE wiki. Leap 15.x is not affected by this change in any way and will stay with AppArmor. For broader context, please refer to: - "RFC: SELinux as default MAC system on new Tumbleweed installations" sent to this list on 2024-07-19. - "Progress Update: SELinux as default MAC system on new Tumbleweed installations" sent to this list on 2024-12-21. We have tested the change manually and automatically via openQA. However, if you encounter any issues that could be related to SELinux, please feel encouraged to open a bug as it is really helpful to us: https://en.opensuse.org/openSUSE:Bugreport_SELinux To learn more about SELinux, you can visit the SELinux wiki page: https://en.opensuse.org/Portal:SELinux Thanks a lot to all the people in different teams who helped us achieve this change, especially Fabian Vogt, Dominique Leuenberger, Ana Guerrero Lopez, Douglas DeMaio, all the people from the openQA qe-core, qe-container, qe-security teams and the SELinux group! Kind regards, Cathy [0] https://en.opensuse.org/Portal:SELinux/Setup#Setup_SELinux_on_existing_Tumbl... -- Cathy Hu <cahu@suse.de> SELinux Security Engineer GPG: 5873 CFD1 8C0E A6D4 9CBB F6C4 062A 1016 1505 A08A SUSE Software Solutions Germany GmbH Frankenstrasse 146 90461 Nürnberg Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)