There's still a lot of people who browse this forum from work, so let's maybe be a bit more careful about the images we post. It's not puritanical, but professional. Even if they seem the same thing, the one we actually care about involves having to explain how relevant our network traffic is to our jobs. Though the pictures aren't really any worse than the words, the "classy" internet conversation usually gets a lot less scrutiny than the images. Until someone starts posting fanfics, I guess.

That said, I *know* the barrier to entry for comments is a lot lower on systemd, Redhat and Wayland posts. But we can still try. Reading industry updates on someone else's time is a treasure I'd rather like to keep.

The only difference is that AUR compiles and/or builds the package on your own system (yes there are binary-only AURs too, you are downloading and repackaging binaries from somewhere), and that OBS allows you to compile stuff with their own infrastructure if you want.
Otherwise AUR, OBS and PPAs are exactly the same. Places where you can find anything and there is no official distro maintainer guaranteeing that it isn't bullshit.



FYI: the "free" RHEL is called CentOS, and both Fedora and CentOS are paid for by Red Hat.

Also SUSE and OpenSUSE are managed by "different groups" in the same way. The people on the opensource side are not necessarily involved with the SUSE enterprise side.

Afaik the only things that break are apps, win32 applications are fine.

If lacking a comma breaks your text parsing algorithms, I suggest you to update them asap.

While it's not the first time that I get breakage on third party stuff made for Leap, when I try to install it in Tumbleweed.

At this point I know this method to start application without Internet access:

```
sudo setcap cap_sys_admin+ep /usr/bin/unshare
unshare -n google-chrome
```

But it is not good solution - program needs to be manually started via `unshare` every time...

Do you know maybe how to configure SELinux to block Internet access for one particular application/process? I tried to find it but without success - everyone saying it could be done via SELinux but no info how...

You need to create a policy configuration for it first. Look at documentation to create SELinux policies for a new program.

There is a GUI tool that does help a bit, try to set it to listen and connect only on some random high TCP/UDP ports so it should block normal traffic (that goes to ports 80 and 433 and other known ports) https://pandeyarpit.wordpress.com/se...-gui-overview/

It's somewhat similar for AppArmor, you basically need to learn its syntax and write a config file for it.

I know it is possible to do because I've seeen enough configurations that do that (see here for httpd) https://wiki.centos.org/TipsAndTricks/SelinuxBooleans , but I never did much with SELinux or AppArmor myself because it's stupidly complex and it's not my job (I work mostly with Windows servers).