New to Suse and SLED I’m learning every day this is a whole different approach. Much is surprisingly well done getting to know Suse, other aspects make me scratch my head and shift on my seat.
To my surprise Suse does not have Yama enabled, there is also no documentation on this when searching documentation.suse.com
For Selinux there are no policies available and also some tools are missing such as for the GUI. Creation of SELinux policies appears to also not be encourage or well documented.
I know there is AppArmor, it is just not my area of focus at this time.
Also looking at Tomoyo and Akari which do appear somewhat supported.
Can someone introduce me a bit how to go about working with Yama, SeLinux on SLED ?
my output is quite different for SLED 15.5
CONFIG_LSM=“integrity,apparmor”
looking at zcat /proc/config.gz | grep -i -e CONFIG_SECURITY -e LSM -e bpf i do get a lot of related showing SELinux and others are available to enable and other LSM are not (Smack, Loadpin, safesetid)
So it’s not that bad
I don’t mind recompiling a kernel once in a while, i just hope SLED has a nice way of dealing with customer kernels as with Ubuntu that was not a pleasant experience.
@JLT If it’s there as a module but set to n then you could just build the missing ones and add rather than a full recompile. I would grab your current kernel-source, copy to a user directory, and test compiling the modules.
