The developers of the Opensuse announced plans to adopt Selinux as the default access control system for the openSuse Tumbleweed distribution. Tumbleweed, known for its continuous update of program versions (rolling-release model), will now come pre-configured with Selinux starting from the update 20250211 for new installations. Ready-made virtual machine images of Opensuse Tumbleweed Minimalvm will also include Selinux by default.
Although Selinux will be the default choice for new installations, support for Apparmor will continue to be available. Existing configurations using Apparmor will not be affected, and users can choose to activate Apparmor in new installations. Instructions for migrating from Apparmor to SELINUX are provided for those who wish to switch. Opensuse Leap 15.x will continue to use Apparmor as its access control system.
The decision to promote Selinux is a part of the effort to expand the usage of this access control system in SUSE and Opensuse. Selinux is preferred over Apparmor in corporate environments due to its advanced functionality. Red Hat Enterprise Linux also utilizes Selinux, while Ubuntu relies on Apparmor.
In terms of configuration, Apparmor is easier to set up as it links access profiles to file paths. On the other hand, Selinux uses a more sophisticated description language and provides greater flexibility by encompassing various types of resources. Selinux focuses on defining security margins and contexts, enabling detailed control over process interactions. Apparmor, in comparison, primarily focuses on defining allowable actions for individual applications.