From 0e62ae704e038afaf1a16fe605ecde6b66d471d7 Mon Sep 17 00:00:00 2001
From: TommyTran732 <57488583+tommytran732@users.noreply.github.com>
Date: Sun, 9 May 2021 18:07:48 -0400
Subject: [PATCH] Add AppArmor

---
 easy-arch.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/easy-arch.sh b/easy-arch.sh
index 2b8e6c4..ab72aa9 100644
--- a/easy-arch.sh
+++ b/easy-arch.sh
@@ -142,7 +142,7 @@ kernel_selector
 
 # Pacstrap (setting up a base sytem onto the new root).
 echo "Installing the base system (it may take a while)."
-pacstrap /mnt base $kernel $microcode linux-firmware btrfs-progs grub grub-btrfs efibootmgr snapper sudo
+pacstrap /mnt base $kernel $microcode linux-firmware btrfs-progs grub grub-btrfs efibootmgr snapper sudo apparmor
 
 network_selector
 
@@ -178,6 +178,7 @@ sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block en
 # Setting up LUKS Keyfile, BTRFS Booting and encryption in GRUB and initramfs.
 UUID=$(blkid $Cryptroot | cut -f2 -d'"')
 sed -i "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS,g" /mnt/etc/default/grub
+sed -i "s#root=/dev/mapper/cryptroot#root=/dev/mapper/cryptroot lsm=lockdown,yama,apparmor,bpf#g" /mnt/etc/default/grub
 
 # Security kernel settings.
 echo "kernel.kptr_restrict = 2" > /mnt/etc/sysctl.d/51-kptr-restrict.conf
@@ -222,6 +223,9 @@ arch-chroot /mnt /bin/bash -e <<EOF
     # Creating grub config file.
     echo "Creating GRUB config file."
     grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null
+    
+    # Enabling AppArmor
+    systemctl enable apparmor --root=/mnt &>/dev/null
 
 EOF