--- title: Configuration --- ## AppArmor As there are a lot of rules, it is recommended to enable caching AppArmor profiles. In `/etc/apparmor/parser.conf`, add `write-cache` and `Optimize=compress-fast`. ```sh echo 'write-cache' | sudo tee -a /etc/apparmor/parser.conf echo 'Optimize=compress-fast' | sudo tee -a /etc/apparmor/parser.conf ``` !!! info See [Speed up AppArmor Start] on the Arch Wiki for more information: [Speed up AppArmor Start]: https://wiki.archlinux.org/title/AppArmor#Speed-up_AppArmor_start_by_caching_profiles ## Personal directories !!! danger You need to ensure that all personal directories you are using are well-defined XDG directory. You may need to edit these variables to your own settings. This project is designed in such a way that it is easy to personalize the directories your programs have access by defining a few variables. The profiles heavily use the (largely extended) XDG directory variables defined in the **[Variables Reference](variables.md)** page. ??? note "XDG variables overview" See **[Variables Reference](variables.md)** page for more. | Description | Name | Value | |-------------|:----:|---------| | Desktop | `@{XDG_DESKTOP_DIR}` | `Desktop` | | Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | | Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | | Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | | Documents | `@{XDG_DOCUMENTS_DIR}` | `Documents` | | Music | `@{XDG_MUSIC_DIR}` | `Music` | | Pictures | `@{XDG_PICTURES_DIR}` | `Pictures` | | Videos | `@{XDG_VIDEOS_DIR}` | `Videos` | | Books | `@{XDG_BOOKS_DIR}` | `Books` | | Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | | Screenshots | `@{XDG_SCREENSHOTS_DIR}` | `@{XDG_PICTURES_DIR}/Screenshots` | | Sync | `@{XDG_SYNC_DIR}` | `Sync` | | Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` | | Vm | `@{XDG_VM_DIR}` | `.vm` | Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` | You can personalize these values. First create the directory `/etc/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d.d`: ``` sudo mkdir /etc/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d.d ``` Then create a `local` addition file in it where you define your own personal directories. Example: ```sh @{XDG_VIDEOS_DIR}+="Films" @{XDG_MUSIC_DIR}+="Musique" @{XDG_PICTURES_DIR}+="Images" @{XDG_BOOKS_DIR}+="BD" "Comics" @{XDG_PROJECTS_DIR}+="Git" "Papers" ``` Then restart the apparmor service to reload the profiles in the kernel: ```sh sudo systemctl restart apparmor.service ``` **Examples** - For git support, you may want to add your `GO_PATH` in the `XDG_PROJECTS_DIR`: ```sh @{XDG_PROJECTS_DIR}+="go" ``` - If you use Keepass, personalize `XDG_PASSWORD_STORE_DIR` with your password directory. Eg: ```sh @{XDG_PASSWORD_STORE_DIR}+="@{HOME}/.keepass/" ``` - Add pacman integration with your AUR helper. Eg for `yay`: ```sh @{user_pkg_dirs}+=@{user_cache_dirs}/yay/ ``` ## Local profile extensions You can extend any profile with your own rules by creating a file in the `/etc/apparmor.d/local/` directory with the name of your profile. For example, to extend the `foo` profile, create a file `/etc/apparmor.d/local/foo` and add your rules in it. **Example** - `child-open`, a profile that allows other program to open resources (URL, picture, books...) with some predefined GUI application. To allow it to open URLs with Firefox, create the file `/etc/apparmor.d/local/child-open` with: ```sh @{bin}/firefox rPx, ``` !!! note This is an example, no need to add Firefox into `child-open`, it is already there. !!! info `rPx` allows transition to the Firefox profile. Use `rPUx` to allow transition to an unconfined state if you do not have the profile for a given program. Then, reload the apparmor rules with `sudo systemctl restart apparmor`.