Hi all, *see TL;DR down below* We would like to give you a progress update about the change of the default mandatory access control (MAC) system selection in the Tumbleweed installer from AppArmor to SELinux. For context, please refer to the email: "RFC: SELinux as default MAC system on new Tumbleweed installations" sent to this list on 2024-07-19. What has been done so far: We have prepared the change [0] in the Yast installer, which selects SELinux in enforcing mode as the default MAC system instead of AppArmor. ** This change, however, is *not* in Tumbleweed yet. This means that the MAC system selected by default in the installer is still AppArmor at this time. ** During testing, we found and fixed multiple bugs on the distribution side, with major help from different teams and people, especially Fabian Vogt from the Future Technologies team (thanks!). However, there is still a long way to go, as there are still blockers on the list [1], so it will take some more time. Additionally, openQA tests were assuming AppArmor as the only MAC system in some cases, so they needed to be adjusted to the change, and additional tests added for SELinux. Thanks to the openQA devs, especially the qe-core squad, multiple tickets have already been resolved. However, same as on the distribution side, there are still a lot of topics open [2]. Timeline update: We announced in our last email that we aimed to make this change latest by the end of 2024. Unfortunately, this goal was too optimistic and there is still a lot of work to do. Moving forward, we want to make the change in 2025, and I will provide you with further updates about the progress. TL;DR: - The default MAC system selected by the Tumbleweed installer at this time is still AppArmor. - During testing, we found some bugs on the distribution side, many of which have been resolved by now, but some are still open blockers. - openQA tests are being adjusted to the change as well, but there are still some that are not done yet. - We will move forward with a different timeline (2025, instead of end of 2024). - We are not introducing any other change to the previous plan. Thank you very much :) Kind regards, Cathy [0] https://build.opensuse.org/request/show/1198720 [1] https://bugzilla.suse.com/show_bug.cgi?id=1230118 [2] https://progress.opensuse.org/issues/166613 -- Cathy Hu <cahu@suse.de> SELinux Security Engineer GPG: 5873 CFD1 8C0E A6D4 9CBB F6C4 062A 1016 1505 A08A SUSE Software Solutions Germany GmbH Frankenstrasse 146 90461 Nürnberg Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)