Madhav Kobal's Blog

This blog will be dedicated to Linux, Open Source and Technology news, affairs, how-tos and virtually EVERYTHING in these domains.

SUSE Linux Desktop Moves Ahead

Posted by madhavkobal on 20/08/2009

What’s New?

SLED 11 leverages all the updates found in openSUSE 11.1 to bring a fully up-to-date distribution to the enterprise. In addition, SLED 11 includes a number of Novell developed features, such as the AppArmor application security tool, specifically targeted at enterprise users. It also includes proprietary applications like Adobe Acrobat Reader, not typically included with an open source distribution.

Single-click install is another new-to-SLED 11 feature that makes installing application programs a breeze. We tested this out with the just-released MonoDevelop 2.0. There are actually three options on the download page, and you’ll need to pick the openSUSE 11.1 button for SLED 11. Version 2.4 of the core Mono components were also released this week. The download page has instructions for using the zypper command line tool to add the mono repository and perform the upgrade with three instructions.

The default file system has changed from ReiserFS to ext3 with SLED11. There are some basic differences between the two, including maximum individual file size. For ext3 that number is 2 TB and shouldn’t be an issue for the typical desktop user. ReiserFS supports file sizes up to 1024 TB or 1 EB (Exabyte) and would make sense in a server-based environment.


The entire process takes less than 30 minutes start to finish. After the first boot we ran into a minor problem with broadcom wireless networking in that we couldn’t see any networks. This required a driver downloaded from the Broadcom site. Once that’s obtained you simply double click on the file, and installation happens automatically.

This is a known issue, and Novell support identified it right off. SLED 11 uses Novell’s update service to provide automated security and program updates. This requires an activation code that you get from Novell. You will be prompted during the installation process for this code although you can choose to skip that step and configure the service later. You’ll also need an active Internet connection to complete the registration process.

Another feature carried over from the previous version has to do with Windows networking interoperability. By default SLED has the firewall turned on and all interfaces assigned to the “external” zone. This is the highest level of protection and essentially blocks the ability to browse a Windows network. There are several ways to fix this issue depending on your approach to security. You could just turn off the firewall, but this isn’t a recommended best practice. The easiest way is to set your network interface to the internal zone. This probably works fine for a wired connection but not the best idea for a laptop you use to connect to public WiFi. The third option is to set a few firewall rules to open up the proper ports for Windows networking, but this one requires some understanding of port numbers and the firewall configuration tool.

SLED 11 has a definite high intensity focus on security, and it includes both SELinux and AppArmor. With that in mind it’s important to note that basic SELinux (Security-Enhanced Linux) capabilities have been added but not enabled in the base distribution. While the capabilities have been added, Novell is not offering direct support for this configuration at this time.

Novell’s AppArmor product ships as an integral part of SLED 11. From the SLED 11 release notes: “The AppArmor intrusion prevention framework builds a firewall around your applications by limiting the access to files, directories, and POSIX capabilities to the minimum required for normal operation. AppArmor protection can be enabled via the AppArmor control panel, located in YaST under Novell AppArmor.” Note that you should use only SELinux or AppArmor; don’t use both at the same time.

Should you choose to implement this feature you should take heed to the following statement: “The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users find our profiles too restrictive for their environments.”

Bottom Line

This release of the SLED product brings features from the latest distributions to a fully-supported enterprise offering. If you were a previous SLED user it had to be hard to watch the innovation happening with openSUSE and not have the same features available for use. The increased emphasis on security should help get the product more notice from the decision makers that count.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: