SLED 11 has a definite high intensity focus on security, and it includes both SELinux and AppArmor. With that in mind it's important to note that basic SELinux (Security-Enhanced Linux) capabilities have been added but not enabled in the base distribution. While the capabilities have been added, Novell is not offering direct support for this configuration at this time.
Novell's AppArmor product ships as an integral part of SLED 11. From the SLED 11 release notes: "The AppArmor intrusion prevention framework builds a firewall around your applications by limiting the access to files, directories, and POSIX capabilities to the minimum required for normal operation. AppArmor protection can be enabled via the AppArmor control panel, located in YaST under Novell AppArmor." Note that you should use only SELinux or AppArmor; don't use both at the same time.
Should you choose to implement this feature you should take heed to the following statement: "The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users find our profiles too restrictive for their environments."
This release of the SLED product brings features from the latest distributions to a fully-supported enterprise offering. If you were a previous SLED user it had to be hard to watch the innovation happening with openSUSE and not have the same features available for use. The increased emphasis on security should help get the product more notice from the decision makers that count.
It's hard to argue with facts like straight up cost comparisons. SLED 11 includes everything a typical business user needs to get their job done for one annual subscription cost of $120. That number may vary depending on number of seats and the level of support. SLED 11 is definitely worth the look as a solid enterprise-ready desktop platform.
This article was first published on Linux Planet.