Setting Up AppArmor and Snapd on Arch Linux: A Step-by-Step Guide
If you’re looking to enhance the security of your Arch Linux system, integrating AppArmor is a great way to go. AppArmor provides an additional layer of security by enforcing restrictions on program capabilities. Snapd is a another way to install applications.
From Arch Wiki:
If AppArmor is not enabled in your system then all snaps will run in devel mode which mean they will have the same unrestricted access to your system as apps installed from Arch Linux repositories.
Running untrusted code is never safe, sandboxing cannot change this.
Step 1: Installing AppArmor
To get started, open your terminal and run the following command to install AppArmor:
sudo pacman -S apparmor
This command utilizes Pacman, the package manager for Arch Linux, to download and install AppArmor.
Step 2: Verify and Install Snapd
Next, we need to check if Snapd is already installed on your system. You can do this by executing:
pacman -Qs snapd
If Snapd is not installed, you can easily install it using an AUR helper like yay. Run the following command:
yay -S snapd
Step 3: Auto-Launch AppArmor on Boot
To ensure that AppArmor launches on boot, you need to modify your boot configuration. First, check where your boot entries are located:
ls /boot/loader/entries/
Depending on your system configuration, your path might be /efi/loader/entries/. Look for the file that corresponds to your Arch Linux installation, typically named arch.conf. Open it with a text editor:
sudo nano /boot/loader/entries/arch.conf
In this file, locate the existing options line. You will want to add the following parameters to the end of this line:
lsm=landlock,lockdown,yama,integrity,apparmor,bpf
Your modified entry should look something like this:
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options root=UUID=xxxx-xxxx rw quiet lsm=landlock,lockdown,yama,integrity,apparmor,bpf
Step 4: Reboot and Verify
Unlike GRUB, you do not need to run a "config update" command since systemd-boot reads these files directly every time you start your system. Now, reboot your machine:
sudo reboot
Once your system has restarted, check the status of AppArmor with the following command:
aa-enabled
If it returns "Yes," then the AppArmor Shield is active and running successfully.
Step 5: Trigger the Snapd Service
Now that your kernel is aware of AppArmor, it’s time to get Snapd running smoothly. Start by enabling the AppArmor engine:
sudo systemctl enable --now apparmor.service
Next, you'll want to force Snapd to recognize the new kernel state:
sudo systemctl restart snapd.service
Finally, enable and start the Snapd AppArmor service:
Congratulations! You have successfully installed and configured AppArmor and Snapd on your Arch Linux system. With AppArmor providing an additional layer of security and Snapd enabling easy management of Snap packages, your system is now more secure and versatile.
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality
Anya is LIVE right now
FREE
Free to watch • No registration required • HD streaming
