openSUSE has officially announced the transition from AppArmor to SELinux as the default mandatory access control (MAC) system for new installations of openSUSE Tumbleweed. This change is effective starting with the Tumbleweed snapshot released on February 11, 2025.
Prior to this update, openSUSE Tumbleweed utilized AppArmor, a security module that limited the abilities of programs through defined profiles. With this new implementation, SELinux will provide enhanced security features, including refined access control policies.
Existing installations of Tumbleweed will remain unaffected by this switch, ensuring that users will not automatically transition to SELinux. For users setting up new systems, SELinux will be pre-selected in enforcing mode during installation, though the option to revert to AppArmor remains available. As stated by Cathy Hu from the openSUSE Security team, this offers users flexibility in choosing their preferred security framework during the installation process.
Additionally, openSUSE’s minimal VM images will ship with SELinux enabled by default. Users currently on AppArmor who wish to migrate to SELinux can follow detailed instructions available on the openSUSE Wiki.
It’s noteworthy that the stable openSUSE Leap 15.x series will continue to utilize AppArmor as the default security system. The adoption of SELinux is supported by advocacy from prominent Linux developers, including Neal Gompa, who highlighted its stronger community support and suitability for enhanced security contexts.
For further details, interested users can explore the official announcement.