You need to create a policy configuration for it first. Look at documentation to create SELinux policies for a new program.

There is a GUI tool that does help a bit, try to set it to listen and connect only on some random high TCP/UDP ports so it should block normal traffic (that goes to ports 80 and 433 and other known ports) https://pandeyarpit.wordpress.com/se...-gui-overview/

It's somewhat similar for AppArmor, you basically need to learn its syntax and write a config file for it.

I know it is possible to do because I've seeen enough configurations that do that (see here for httpd) https://wiki.centos.org/TipsAndTricks/SelinuxBooleans , but I never did much with SELinux or AppArmor myself because it's stupidly complex and it's not my job (I work mostly with Windows servers).

At this point I know this method to start application without Internet access:

```
sudo setcap cap_sys_admin+ep /usr/bin/unshare
unshare -n google-chrome
```

But it is not good solution - program needs to be manually started via `unshare` every time...

Do you know maybe how to configure SELinux to block Internet access for one particular application/process? I tried to find it but without success - everyone saying it could be done via SELinux but no info how...

The only difference is that AUR compiles and/or builds the package on your own system (yes there are binary-only AURs too, you are downloading and repackaging binaries from somewhere), and that OBS allows you to compile stuff with their own infrastructure if you want.
Otherwise AUR, OBS and PPAs are exactly the same. Places where you can find anything and there is no official distro maintainer guaranteeing that it isn't bullshit.



FYI: the "free" RHEL is called CentOS, and both Fedora and CentOS are paid for by Red Hat.

Also SUSE and OpenSUSE are managed by "different groups" in the same way. The people on the opensource side are not necessarily involved with the SUSE enterprise side.

Afaik the only things that break are apps, win32 applications are fine.

If lacking a comma breaks your text parsing algorithms, I suggest you to update them asap.

While it's not the first time that I get breakage on third party stuff made for Leap, when I try to install it in Tumbleweed.

There's still a lot of people who browse this forum from work, so let's maybe be a bit more careful about the images we post. It's not puritanical, but professional. Even if they seem the same thing, the one we actually care about involves having to explain how relevant our network traffic is to our jobs. Though the pictures aren't really any worse than the words, the "classy" internet conversation usually gets a lot less scrutiny than the images. Until someone starts posting fanfics, I guess.

That said, I *know* the barrier to entry for comments is a lot lower on systemd, Redhat and Wayland posts. But we can still try. Reading industry updates on someone else's time is a treasure I'd rather like to keep.

Compiled from known sources (AUR/OBS) and binaries compiled from a random party with sources you don't select (PPA) are not the same. All have the same "at your own risk" disclaimer, but that's about as similar as they are. The OBS still has that "binary from a random place" stigmata that PPAs have, but at least you know the packages used at build time and have control over the building process.

Suse's release model is the closest Linux distribution analog to Windows since both are the only ones who really support both LTS and rolling release. There's Fedora/RHEL where one is free, one isn't, one is LTS, one isn't...only they're managed by different groups, unlike Suse or Windows, so they don't count.

Windows 10 LTSB doesn't always run what Windows 10 Pro/Home can run due to it lagging behind in regards to various features. They're currently in sync, but that hasn't always been the case -- don't ask me for specifics because it's just stuff I came across when I was reading up on LTSB before I installed it recently and I'm just pointing out that running the same software from one to the other doesn't always work just like with Leap and Tumbleweed. Google specifics if they really matter to you because it doesn't matter to me.

I see a bunch of words that only make up half a sentence.

Is that supposed to be "Tumbleweed, but then I compiled it myself and there were no breakages.", "Tumbleweed; Flatpak was a great alternative and ran the aforementioned stuff that broke just fine.", "Tumbleweed, but since AMDGPU-Pro needs older software and only supports Leap there really wasn't a whole lot I could do.", or "Tumbleweed, but after so many times of having stuff break I switched to Ubuntu."?

You are making 0 sense. AUR and OBS are the same as PPAs and they are all "at your own risk" things.

Not really. Leap isn't the same kind of different from Tumbleweed as LTSB differs from Pro/home.

Normal Windows applications will work the same on either version because apart from a pile of modern bullshit none really cares about they are basically the same.

While it's not the first time that I get breakage on third party stuff made for Leap when I try to install it in Tumbleweed.

Using the "either/or" way to split ideas makes it mean "pick one of the three choices" since the user could either do this, that, or the other which was followed by two examples where users could pick more than one of those choices in a distribution. I understood what you wrote just fine. You didn't write what you meant in a clear manner.

Web security and security in general aren't necessarily gaming or entertainment related yet both are things that should be as up-to-date as possible. AMDGPU isn't necessarily gaming related either. KDE and Gnome suck without a proper GPU driver. Putting AMDGPU between "Steam" and "other gaming reasons" doesn't make that very clear much like you going with "either/or" didn't help make your point very clear since "either/or" is speaking in absolutes.

Gaming and media/entertainment related tools are a big part of desktop computer usage and are some of the main reasons people run rolling release/bleeding edge desktops.

Your reading comprehension is worse than mine and you also need a primer course on comma usage that includes: Colons and Where to Use Them; Your Friend, The Semicolon; and my favorite chapter entitled "Place Me After "and" and "but" When Preceded By Two or More Complete Ideas; The Oxford Comma". The following graphic explains my favorite chapter:

You didn't understand what I wrote. I didn't say small, for-profit or fast progress were mutually exclusive. Arch and Manjaro are small. SuSE is big and for-profit. My point was that it's very difficult to build a distribution that will be fast moving, free of charge and has packages for everything.

Your second point assumes that gaming and entertainment is the only valid use case for desktop computers, which is false.

Or why I'll pretty much stick with the Arch family or the Suse family. Tools like the AUR and OBS are essential. One might never need to use those, but if they do they're damn glad their distribution cares enough to provide the tools to make it that easy.

Since the trust model keeps cropping up, I trust what I build with community vetted sources over pre-compiled binaries that a PPA/etc provides me.

Oh, and also Microsoft. They follow the Suse method with Windows 10. Leap = LTSB/Enterprise and Tumbleweed = Pro/Home.

Also Fedora.

Still, the main issue of the distribution model is that you have a limited choice of applications, or versions of said applications, which is why most decent distros have "third party repositories" where third parties can upload or compile packages that aren't vetted by maintainers.

You know, AUR, OBS, PPAs and whatever Fedora/CentOS use.

For example, I needed a VPN client application that didn't suck for AirVPN, since their client on Linux works but does malfunction, and it's using its own OpenVPN and stuff from its folder which isn't exactly ideal.

I had to find a third party application for that, Qomui, which has a OBS, as no such application was available in Tumbleweed repositories.