A closer look at OpenSUSE 10.1

OpenSUSE 10.1, Novell's attempt to keep a general-purpose version of its Linux freely available to the open source community - is both aided by and suffers from the lack of attention from Novell

OpenSUSE 10.1, Novell's attempt to keep a general-purpose version of its Linux freely available to the open source community - is both aided by and suffers from the lack of attention from Novell.

In our tests of OpenSUSE, we found several items that made this version feel more like a set of experiments rather than a coherent project with which the public should try to work seriously. For example, Xen, new server virtualization software, was especially frustrating to use, and AppArmor, a tool that's supposed to help lock down applications running on the OpenSUSE machine, was more like a puzzle than a working security application.

OpenSUSE in most ways is to Novell as Fedora Core is to RedHat. Both are community versions of their commercial cousins. Ostensibly, these versions receive contributions as hand-me-downs from the commercial releases and aren't supported by the shipping vendor except via community IRCs and forums. So far, these community versions are similar to the commercial versions, though Novell says there are commercial version-specific improvements to the kernel, device drivers and other components. We did find that the kernel for the SUSE Linux Enterprise Server (SLES) performed slightly better in our performance tests.

We can also verify that the commercial update services provided by Novell are quite good and nearly manic in their constant issuance of updates. Additionally, Novell has taken pains to make sure that all of the applications shipped with the commercial version work well together and has harmonized a patch/update schedule that takes into account the interdependence of the applications.

Novell does offer OpenSUSE in CD/DVD form (for a US$60 fee) with documentation and 90 days of free installation support. The support is scant but better than none at all.

Overall, our tests showed that OS10 is a solidly built generic version of Linux that can be used for a wide variety of purposes, including LAMP, file/print services, DNS/NFS/SAMBA-related exercises. The open source applications providing the underlying services are quite up-to-date, we found, but there are some minor security issues that will warrant user attention (for example, weak passwords, too many initial services turned on and light encryption).

The primary administration tool for OpenSUSE is the open sourced YaST (Yet another System Tool), and it does a good job of aiding administrators in both setup and use of OpenSUSE. YaST combines features of Windows-like functionality as represented by Windows Control Panel and the Microsoft Management Console, though there are no add-in widgets available for YaST. Our one complaint is that there are a number of repetitive controls where applications are listed under two categories. Often YaST is used to feed user selections to command-line tools, which then execute a change that's been chosen. This sometimes produces strange delays in the responsiveness of the tool, as it depend on the actions of other programs rather than directly manipulating functions. As an example, changing a screen resolution can have lots of odd latency.

We attempted to use the highly touted Xen server session-building software that uses a paravirtulization scheme to host SUSE (or other Xen-compatible/modifiable operating systems) into mostly autonomous sessions. This process requires building a hypervisor, an application that's tuned to the host hardware and serves as the microkernel there. It is subsequently used to launch a modified SUSE operating system on the host computer. This modified operating system has been compiled with Xen changes and is termed "Xen-ified."

There were script errors, which Novell knows about and have likely been fixed since our testing, that prevented us from installing Xen sessions on OpenSUSE. We fixed the scripts and still had difficulty getting more than two instances of Xen-hosted sessions moving, either on the 32- or 64-bit OpenSUSE kernels. Xen promises to run even Windows kernels eventually, but it may take a while for this to arrive, as indicated by our lack of success with the OpenSUSE implementation. We found that most (but not all) of the scripting difficulties with Xen have been fixed in SLES10. OpenSUSE has a number of community-offered fixes for the scripting problems, but there is no official methodology as of yet. We advise users to turn to XenSource.com and study OpenSUSE's Web site resources for ongoing resource fulfillment should they choose to use Xen.

AppArmor is designed to provide security at the application level. AppArmor uses policies to control how the application can be accessed, how it relates to other components recorded in the operating system's permissions profiles and not only prevents applications from purposeful damage but can limit damage that these applicatons can do to a host operating system.

Novell provides quite a few profiles with the OpenSUSE bundle. We tested several, and both used built-in policy profiles and built custom policies. A moderately high level of expertise is needed to make applications protected with AppArmor both safe and usable.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AMDApacheAppleCompaqCompaq PresarioHewlett-Packard AustraliaHPMicrosoftNovellSpeedSSHSuseToshibaVIA

Show Comments