Miguel Rozsas wrote:
I think it was a bad move.
From my previous experience with RHEL, SELinux is unmanageable by the regular user.
If the user does not find a proper fix to this problem, they just put SELinux in permissive mode or even worse, disabled and never think about it again.
I would like to know if this issue has been sufficiently discussed with the user community (not just among devs) and if there is any reason, in addition to following the trend, that motivated this decision.
What are the problems with AppArmour that SELinux will solve/fix ?
I totally agree with you. When I saw the announcement, I hastily migrated from AppArmor by following the provided guide [0]. I was like, okay, this will be the new default, and since I've got an already installed system, I always do everything as it comes out to avoid forgetting in the future. However, I’ve already faced a few bottlenecks with SELinux, one of which is its complexity. While AppArmor has its separate YaST GUI, SELinux has no GUI by default, except for Cockpit (more on this later). My biggest problem was that suddenly all my games through Lutris got blocked because of the .exe files and such. Everything that worked before with AppArmor, out of the box, now stopped working. If it weren’t for my knowledge and sheer luck a couple of weeks ago—learning that even YaST is being removed soon and Cockpit will take its place—I wouldn’t have known how to manage SELinux. Thanks to Cockpit, I was able to "unblock" the programs because it has a nifty built-in tool that tells me what to type into the terminal. But if it weren’t for Cockpit, how would a regular user (like myself) without knowledge of a proper SELinux front-end handle these kinds of issues? So, I also think that this switch was too sudden. However, if we—the userbase—could get some official suggestions from the openSUSE team on how to use SELinux, or if Cockpit is the recommended way, I’d appreciate an official statement somewhere on the news page. A proper guide on how to manage this MAC properly and SAFELY without nuking the distro or locking ourselves out would be incredibly helpful. [0] https://en.opensuse.org/Portal:SELinux/Setup#Setup_SELinux_on_existing_Tumbl...