Dear Tumbleweed users and hackers,
From an engineering point of view, this week was exciting. Hopefully, you have seen on news.opensuse.org that the default LSM has been switched from AppArmor to SELinux for new installations. This has been a long ongoing effort. It took quite some time as we did not just want to release it onto users (as default) before we trusted it to work, with policies that make sense out of the box. There might still be rough edges, and there are almost certainly some policy issues to be uncovered in the next weeks with more workloads running on it. Considering MicroOS and Aeon have been configured with SELinux as their LSM for quite some time, there is also high confidence in this. And bringing MicroOS, Aeon and Tumbleweed closer together makes for easier administrative switching for those distributions, as they all behave equally.
Of course, that’s not all that changed this week though – we have published 4 snapshots (0206, 0207, 0209, and 0211), bringing you these changes:
- sssd 2.10.2
- pam_pkcs11 0.6.13: smartcard auth for PAM, CVE fix
- KDE Gear 24.12.2
- GNOME Shell 47.4
- KDE Plasma 6.3.0
- GIMP 3.0.0 RC3
- SELinux is the default LSM for new installs; AppArmor can still be selected during the installation process
The developers have submitted these changes, which are currently tested in the staging areas and by openQA:
- Pipewire 1.3.82
- Linux kernel 6.13.2
- Reworked kernel-firmware package, allowing them to be updated in smaller chunks
- Zypper 1.14.84: aborts dup in case of repositories not being available
- cURL 8.12.1
- Qemu 9.2.1
- PostgreSQL 12 is EOL and will be removed from the repository
- Boost 1.87
- glibc 2.41: please help work out the errors in https://build.opensuse.org/project/show/openSUSE:Factory:Staging:O
- Python 3.13 as the default Python interpreter: Pending issues can be seen at https://build.opensuse.org/project/show/openSUSE:Factory:Staging:A
Leave a Reply