How to switch from SELinux to AppArmor in Leap 16

Since openSUSE Tumbleweed now default ships with SELinux instead apparmor this change is also in the openSUSE leap 16, so in this article I will show you how to change from SELinux to apparmor in openSUSE leap 16 alpha. Why is this important? ⇒ Because some things are not compatible with SELinux (for example nix package manager).

• So first step is to install apparmor pattern with ⇒ sudo zypper in --type pattern apparmor

• Secondly you must edit (with Sudo) your grub file in /etc/default/grub so I recommend to make backup of the file. sudo nano /etc/default/grub and you must change this line:

  GRUB_CMDLINE_LINUX_DEFAULT="BOOT_IMAGE=(hd0)/boot/x86_64/loader/linux mitigations=auto quiet security=selinux selinux=1 enforcing=1"

to this:

  GRUB_CMDLINE_LINUX_DEFAULT="BOOT_IMAGE=(hd0)/boot/x86_64/loader/linux mitigations=auto quiet security=apparmor"

• Thirdly you need to rebuild the grub config an after that reboot.

  sudo grub2-mkconfig -o /boot/grub2/grub.cfg

  sudo reboot

• after reboot check your apparmor status:

  aa-status

or

  sudo systemctl status apparmor

and for sure you can check if SELinux is disabled by running

  sudo getenforce 

if it doesn’t work you can run

  more /proc/cmdline

and check if your edit the BOOT_IMAGE parameter correctly (the important part should be similar to this: BOOT_IMAGE=(hd0)/boot/x86_64/loader/linux mitigations=auto quiet security=apparmor)