Hi, On Tue, Nov 17, Neal Gompa wrote:

I'm personally looking to switch my openSUSE servers and desktops to having SELinux enabled in enforcing mode with the targeted policy, and I'm happy to help wherever I can to make that work. My personal pie-in-the-sky hope is that we can be in a place soon where we could be comfortable with having it as a default across the board (even if we might not necessarily do so).

Tumbleweed: Install the selinux pattern, add "security=selinux selinux=1" to the kernel commandline, touch /.autorelabel and reboot. Yes, YaST support and documentation is still missing.

I know right now the focus has been to get the targeted policy working in openSUSE MicroOS, do we know what's left here to make this happen?

Don't install apparmor pattern but selinux pattern, make sure you are really "current": - transactional-update >= 2.28.3 - microos-tools >= 2.9 Run "transactional-update setup-selinux" and reboot. And yes, YaST support and documentation is still missing... Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)