Re: Wow
So, if I'm understanding you correctly, OpenSUSE is now supported for 10 years the same as SLES, and it's basically the same distro now?
This sounds very similar to what happened with CentOS - CentOS was community only, Redhat came along and said "Hey we just want to fund you for the good of the community, don't worry we won't try to change CentOS" (essentially, not word for word).
Well a couple of years later here we are. I remember reading a few months (or years?) ago OpenSUSE split from SUSE and went community only - has this changed now?
My last question, how well is SELinux supported on SUSE? I've found with Debian SELinux support is patchy at best and for the most part to actually make it work I'm writing my own policies for stuff which should be done out of the box (Like it is in RHEL/Fedora) - I had to fix a couple of policies just to get Debian w/ SELinux to boot in enforcing mode. (I was testing/working on that yesterday, on christmas day, it's more fun than family and gifts anyway lol)
Although, most people will tell you "just disable SELinux you don't need it!" - I've always disagreed with that sentiment, I'd rather stuff gets blocked and breaks until I fix it (or distro devs) than just runs and causes havoc if it's bad.
Debian's works - but it doesn't have setroubleshoot, so you're relying on classic tools such as ausearch and audit2why etc.
Thankfully, I'm well versed in SELinux due to my CentOS/Fedora experience.
Yes, I'm well aware Debian and many other distro's would rather use apparmor - but that's only effective if you have policies on an application by application basis, and allows all except the applications with a policy. - I prefer the SELinux method of block all and fix later.
Biting the hand that feeds IT
