#60 Updating the quick-docs topic map and adding new files from the Fedora Docs Day #2 + deleting replaced files
Merged 5 years ago by pbokoc. Opened 5 years ago by mjahoda.
Unknown source master  into  master

file modified
+96 -80
@@ -2,71 +2,17 @@

  Name: Fedora Quick Docs

  Dir: en-US

  Topics:

-   - Name: Quick Docs in Progress (How to Help!)

+   - Name: Quick Docs in progress (How to help!)

      File: index

  #INSERT:4:remix-docs:en-US/remix-docs

-   - Name: Bootloading with GRUB2

-     File: bootloading-with-grub2

-   - Name: Upgrading

-     File: upgrading

-   - Name: DNF system upgrade

-     File: dnf-system-upgrade

-   - Name: How to reset a root password

-     File: reset-root-password

-   - Name: DNF

-     File: dnf

-   - Name: Getting started with Apache HTTP Server

-     File: getting-started-with-apache-http-server

-   - Name: Installing Java

-     File: installing-java

-   - Name: Installing Chromium or Google Chrome browsers

-     File: installing-chromium-or-google-chrome-browsers

-   - Name: How to use qemu

-     File: qemu

-   - Name: Getting started with virtualization

-     File: getting-started-with-virtualization

-   - Name: Using nested virtualization in KVM

-     File: using-nested-virtualization-in-kvm

-   - Name: Fedora and Red Hat Enterprise Linux

-     File: fedora-and-red-hat-enterprise-linux

-   - Name: Performing administration tasks using sudo

-     File: performing-administration-tasks-using-sudo

-   - Name: Installing Spotify on Fedora

-     File: installing-spotify

-   - Name: Adding new fonts in Fedora

-     File: adding-new-fonts-fedora

-   - Name: Creating and using a live installation image

-     File: creating-and-using-a-live-installation-image

-   - Name: Creating Windows virtual machines using virtIO drivers

-     File: creating-windows-virtual-machines-using-virtio-drivers

-   - Name: Installing Software from Source

-     File: installing-software-from-source

-   - Name: Securing the system by keeping it up-to-date

-     File: securing-the-system-by-keeping-it-up-to-date

-   - Name: Adding or removing software repositories in Fedora

-     File: adding-or-removing-software-repositories-in-fedora

-   - Name: Using Shared System Certificates

-     File: using-shared-system-certificates

-   - Name: Switching desktop environments

-     File: switching-desktop-environments

-   - Name: Finding and installing Linux applications

-     File: finding-and-installing-linux-applications

-   - Name: Understanding and administering Systemd

-     File: understanding-and-administering-systemd

-   - Name: Creating RPM packages

-     File: creating-rpm-packages

-   - Name: Repositories

-     File: repositories

-   - Name: Configuring X Window System using the xorg.conf file

-     File: configuring-x-window-system-using-the-xorg-conf-file

-   - Name: NetworkManager Command Line Interface (nmcli)

-     File: networking-cli

-   - Name: Anaconda

+   - Name: Checking integrity with AIDE

+     File: using-aide

+   - Name: Anaconda installation program

      Dir: anaconda

      Topics:

        - Name: Anaconda

          File: anaconda

-       - Name: Anaconda based Distributions

+       - Name: Anaconda-based Distributions

          File: anaconda_distros

        - Name: Anaconda Updates

          File: anaconda_updates
@@ -74,14 +20,38 @@

          File: anaconda_logging

        - Name: Anaconda Product Image

          File: anaconda_product_image

-   - Name: Raspberry Pi

-     File: raspberry-pi

-   - Name: How to Create a GNU Hello World RPM Package

-     File: create-hello-world-rpm

+   - Name: Getting started with Apache HTTP Server

+     File: getting-started-with-apache-http-server

+   - Name: Finding and installing Linux applications

+     File: finding-and-installing-linux-applications

+   - Name: Installing Chromium or Google Chrome browsers

+     File: installing-chromium-or-google-chrome-browsers

+   - Name: Switching desktop environments

+     File: switching-desktop-environments

+   - Name: Difference between Fedora and Red Hat Enterprise Linux

+     File: fedora-and-red-hat-enterprise-linux

+   - Name: Using the DNF software package manager

+     File: dnf

+   - Name: Upgrading Fedora using the DNF system upgrade

+     File: dnf-system-upgrade

+   - Name: Securing the system by keeping it up-to-date

+     File: securing-the-system-by-keeping-it-up-to-date

    - Name: Fedora Release Life Cycle

      File: fedora-life-cycle

-   - Name: NVIDIA Optimus Bumblebee

-     File: bumblebee

+   - Name: Upgrading to a new release of Fedora

+     File: upgrading

+   - Name: Controlling network traffic with firewalld

+     File: firewalld

+   - Name: Adding new fonts in Fedora

+     File: adding-new-fonts-fedora

+   - Name: Creating GPG Keys

+     File: create-gpg-keys

+   - Name: Bootloading with GRUB2

+     File: bootloading-with-grub2

+   - Name: Creating and using a live installation image

+     File: creating-and-using-a-live-installation-image

+   - Name: Installing Java

+     File: installing-java

    - Name: Kernel

      Dir: kernel

      Topics:
@@ -91,30 +61,78 @@

          File: troubleshooting

        - Name: Building a Custom Kernel

          File: build-custom-kernel

-   - Name: Creating GPG Keys

-     File: create-gpg-keys

-   - Name: Wine

-     File: wine

-   - Name: Firewalld

-     File: firewalld

-   - Name: How to create a GNU Hello RPM package

+   - Name: Managing keyboard shortcuts for running an application in GNOME

+     File: managing-keyboard-shortcuts-for-running-app-in-gnome

+   - Name: Disabling the GNOME automatic screen locking

+     File: disabling-automatic-screenlock

+   - Name: Viewing logs in Fedora

+     File: viewing-logs

+   - Name: Installing plugins for playing movies and music

+     File: assembly_installing-plugins-for-playing-movies-and-music

+   - Name: Installing and running the VLC player

+     File: installing-and-running-vlc

+   - Name: Configuring networking with NetworkManager CLI (nmcli)

+     File: configuring-ip-networking-with-nmcli

+   - Name: NVIDIA Optimus Bumblebee

+     File: bumblebee

+   - Name: Raspberry Pi

+     File: raspberry-pi

+   - Name: Fedora Repositories

+     File: repositories

+   - Name: Adding or removing software repositories in Fedora

+     File: adding-or-removing-software-repositories-in-fedora

+   - Name: Resetting a root password

+     File: reset-root-password

+   - Name: Creating RPM packages

+     File: creating-rpm-packages

+   - Name: Creating a GNU Hello World RPM Package

      File: create-hello-world-rpm

+   - Name: Getting started using SELinux

+     File: getting-started-with-selinux

+   - Name: Changing SELinux states and modes

+     File: changing-selinux-states-and-modes

+   - Name: Troubleshooting SELinux

+     File: troubleshooting_selinux

+   - Name: Using shared system certificates

+     File: using-shared-system-certificates

+   - Name: Installing software from source code

+     File: installing-software-from-source

+   - Name: Installing Spotify on Fedora

+     File: installing-spotify

+   - Name: Performing administration tasks using sudo

+     File: performing-administration-tasks-using-sudo

+   - Name: Understanding and administering systemd

+     File: understanding-and-administering-systemd

+   - Name: Displaying a user prompt on the GNOME login screen

+     File: proc_displaying_user_prompt_on_gnome_login_screen

+   - Name: Installing virtual operating systems with GNOME Boxes

+     File: installing-virtual-systems-with-gnome-boxes.adoc

+   - Name: Using virtualization emulation in QEMU

+     File: qemu

+   - Name: Getting started with virtualization (libvirt)

+     File: getting-started-with-virtualization

+   - Name: Using nested virtualization in KVM

+     File: using-nested-virtualization-in-kvm

+   - Name: Creating Windows virtual machines using virtIO drivers

+     File: creating-windows-virtual-machines-using-virtio-drivers

+   - Name: Running Windows applications with Wine

+     File: wine

+   - Name: Configuring X Window System using the xorg.conf file

+     File: configuring-x-window-system-using-the-xorg-conf-file

+   - Name: Configuring X.org as the default GNOME session

+     File: configuring-xorg-as-default-gnome-session

+   - Name: Identifying Wayland problems

+     File: debug-wayland-problems     

  # - Name: (CHECK) GRUB 2

  #   File: grub2

- # - Name: (FIX ME!) AutoUpdates

- #   File: autoupdates

  # - Name: (FIX ME!) How to debug Dracut problems

  #   File: debug-dracut-problems

  # - Name: (FIX ME!) How to debug Systemd problems

  #   File: debug-systemd-problems

- # - Name: (FIX ME!) How to debug Wayland problems

- #   File: debug-wayland-problems

  # - Name: (FIX ME!) How to edit iptables rules

  #   File: edit-iptables-rules

  # - Name: (FIX ME!) How to enable touchpad click

  #   File: enable-touchpad-click

- # - Name: (FIX ME!) Fedora Release Life Cycle

- #   File: fedora-life-cycle

  # - Name: (CHECK) Flash

  #   File: flash

  # - Name: (FIX ME!) Mirroring
@@ -125,8 +143,6 @@

  #   File: packagekit-not-found

  # - Name: (FIX ME!) PostgreSQL

  #   File: postgresql

- # - Name: (FIX ME!) Raspberry Pi

- #   File: raspberry-pi

  # - Name: (FIX ME!) Using UEFI with QEMU

  #   File: uefi-with-qemu

  # - Name: (FIX ME!) Upgrading Fedora using package manager

@@ -0,0 +1,17 @@

+ :md: ./modules

+ 

+ [id='configuring-xorg-as-default-gnome-session']

+ = Configuring Xorg as the default GNOME session

+ :context: xorg

+ 

+ Wayland is the default GNOME display server. If GNOME freezes, or some applications do not function correctly in Wayland, you can choose to run GNOME in X11.

+ 

+ 

+ include::{md}/proc_configuring-xorg-as-default-gnome-session.adoc[leveloffset=+1]

+ 

+ 

+ [discrete]

+ == Additional Resources

+ https://docs.fedoraproject.org/f27/system-administrators-guide/Wayland.html[Wayland Display Server]

+ 

+ https://wayland.freedesktop.org/[Wayland]

@@ -33,7 +33,7 @@

  

  https://en.wikipedia.org/wiki/Wayland_%28display_server_protocol%29[Wayland]

  is intended as a simpler replacement for

- https://en.wikipedia.org/wiki/X_Window_System[X11]. It changes the

+ https://en.wikipedia.org/wiki/X_Window_System[X11]. Wayland changes the

  design of a Linux desktop architecture considerably. Unlike X11, there

  is no dedicated standalone server in Wayland. What was previously done

  between the app, its toolkit, the Xserver and the window manager is now
@@ -48,13 +48,11 @@

  page. You can read more about the current state of Wayland features on

  link:Wayland_features[Wayland features] page.

  

- [[identifying-wayland-problems]]

- Identifying Wayland problems

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ [id='identifying-wayland-problems']

+ == Identifying Wayland problems

  

- [[are-you-running-a-wayland-session]]

- Are you running a Wayland session?

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

+ [id='are-you-running-a-wayland-session']

+ === Are you running a Wayland session?

  

  In *GNOME*, there's a gear button at the login screen which can be used

  to either log into a Wayland session (simply called _GNOME_, it's the
@@ -77,8 +75,10 @@

  Other desktop environments are not currently capable of running a

  Wayland session.

  

- [[identifying-the-session-type-in-runtime]]

- Identifying the session type in runtime

+ [id='identifying-the-session-type-in-runtime']

+ === Identifying the session type in runtime

+ 

+ 

  

  If you want to figure out which type of session you're running right

  now, without logging out and in again, you can use several ways to
@@ -88,7 +88,7 @@

  session should not have it:

  +

  ....

- $ echo $WAYLAND_DISPLAY 

+ $ echo $WAYLAND_DISPLAY

  wayland-0

  ....

  * `loginctl` can give you this information. First run `loginctl` and
@@ -106,10 +106,10 @@

  application, or X11 itself, see link:How_to_debug_Xorg_problems[How to

  debug Xorg problems].

  

- [[does-your-application-run-on-wayland-natively-or-uses-xwayland-x11-compatibility-layer]]

- Does your application run on Wayland natively, or uses XWayland (X11

+ [id='does-your-application-run-on-wayland-natively-or-uses-xwayland-x11-compatibility-layer']

+ === Does your application run on Wayland natively, or uses XWayland (X11

  compatibility layer)?

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

+ 

  

  It is important to know whether the problematic application is a native

  Wayland application, or runs through XWayland, which allows legacy
@@ -179,9 +179,8 @@

  package), because XWayland is included in it (as

  `xorg-x11-server-Xwayland` subpackage).

  

- [[identifying-problem-component]]

- Identifying problem component

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ [id='identifying-problem-component]

+ === Identifying problem component

  

  Wayland itself is a protocol and the problem is rarely in the protocol

  itself. Rather, the problem is likely to be in the app or its toolkit,
@@ -206,9 +205,8 @@

  * https://community.kde.org/KWin/Wayland[Kwin] - compositor in KDE. If

  you run KDE, it is using this compositor.

  

- [[testing-under-different-compositors]]

- Testing under different compositors

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

+ [id='testing-under-different-compositors']

+ == Testing under different compositors

  

  If you experience a problem with a Wayland app, it is very useful to

  know whether the problem is present under just a single compositor (in
@@ -256,13 +254,11 @@

  occurs only with XWayland apps but not native Wayland apps, report a bug

  against Xorg server.

  

- [[reporting-the-issue]]

+ [id='reporting-the-issue']

  Reporting the issue

- ~~~~~~~~~~~~~~~~~~~

  

- [[using-up-to-date-software]]

+ [id='using-up-to-date-software]

  Using up-to-date software

- ^^^^^^^^^^^^^^^^^^^^^^^^^

  

  Before reporting the bug, please make sure you use the latest available

  software. You need to run on *Fedora 23 or later*, older Fedora versions
@@ -275,9 +271,8 @@

  components you're seeing issues with), please update the system and

  verify whether the issue is still present or has been fixed.

  

- [[looking-for-similar-reports]]

+ [id='looking-for-similar-reports']

  Looking for similar reports

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  In order to avoid duplicate reports and also wasting your time debugging

  something someone has maybe already debugged, please search through the
@@ -302,9 +297,8 @@

  Wayland in Freedesktop Bugzilla]

  * Google search

  

- [[filing-a-bug]]

+ [id='filing-a-bug']

  Filing a bug

- ^^^^^^^^^^^^

  

  After you've identified against which component to (most probably)

  report the issue and found no existing report of it, there are several
@@ -330,9 +324,8 @@

  * https://bugzilla.gnome.org/show_bug.cgi?id=757579[Wayland Tracker in

  GNOME Bugzilla]

  

- [[information-to-include-in-your-bug-report]]

+ [id='information-to-include-in-your-bug-report']

  Information to include in your bug report

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  1.  System journal. Since there is no unique server like the X11 server,

  most of the important information will come from the the Wayland
@@ -395,9 +388,8 @@

  link:Bugs_and_feature_requests#Things_Every_Bug_Should_Have[usual

  information] that every bug report should have.

  

- [[debugging-gnome-shell]]

+ [id='debugging-gnome-shell']

  Debugging gnome-shell

- ^^^^^^^^^^^^^^^^^^^^^

  

  If gnome-shell gets stuck and unresponsive, it's very helpful to obtain

  a backtrace from its process and attach it to the report. If this
@@ -421,9 +413,8 @@

  

  You should have the backtrace saved in `gdb.txt` file.

  

- [[debugging-mutter]]

+ [id='debugging-mutter']

  Debugging mutter

- ^^^^^^^^^^^^^^^^

  

  You can debug mutter (used in gnome-shell) by setting its

  https://developer.gnome.org/meta/stable/running-mutter.html[environment
@@ -434,9 +425,8 @@

  *FIXME: Putting the wrapper script and desktop file here would be

  helpful.*

  

- [[known-issues-frequent-complaints-fundamental-changes]]

+ [id='known-issues-frequent-complaints-fundamental-changes']

  Known issues, frequent complaints, fundamental changes

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  

  Here we will list high-profile issues which are known to be broken, not

  yet implemented, or intentionally behaving differently from regular X11
@@ -446,9 +436,8 @@

  To see all known issues, look at Bugzilla reports as mentioned in

  link:#Looking_for_similar_reports[Looking for similar reports].

  

- [[graphical-applications-cant-be-run-as-root-from-terminal]]

+ [id='graphical-applications-cant-be-run-as-root-from-terminal']

  Graphical applications can't be run as root from terminal

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  It is not possible to start graphical apps under the root account from

  terminal when using `su` or `sudo`. Apps which use polkit to request
@@ -459,9 +448,8 @@

  https://lists.fedoraproject.org/archives/list/devel%40lists.fedoraproject.org/thread/A6VXI4WAGSIIWGOTAVNDBVS4VFYXITHA/#2YU2RBYCXQSCGHGP772W5LRXUMTSINHA["On

  running gui applications as root" thread in fedora-devel mailing list].

  

- [[many-well-known-x11-utilities-dont-work]]

+ [id='many-well-known-x11-utilities-dont-work']

  Many well-known X11 utilities don't work

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  Power users are familiar with a large range of X11-related utilities,

  like `xkill`, `xrandr`, `xdotool`, `xsel`. These tools won't work under
@@ -471,9 +459,8 @@

  

  *FIXME: add some Wayland-ready replacements for popular X11 tools*

  

- [[games-and-other-apps-cant-change-monitor-resolution]]

+ [id='games-and-other-apps-cant-change-monitor-resolution']

  Games and other apps can't change monitor resolution

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  It is no longer possible for an app to change monitor resolution.

  Usually this was done by games to increase performance. Wayland-based
@@ -489,9 +476,8 @@

  resolution before running the game, if you really need it. It will not

  help always, though.

  

- [[screen-capture-is-not-available-with-usual-apps]]

+ [id='screen-capture-is-not-available-with-usual-apps']

  Screen capture is not available with usual apps

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  One of the features of Wayland is its security design, which helps to

  guard the user against malicious apps. Apps can no longer see everything
@@ -512,9 +498,8 @@

  https://extensions.gnome.org/extension/690/easyscreencast/[EasyScreenCast]

  gnome-shell extension.

  

- [[mouse-pointer-is-laggingstuttering-under-load]]

+ [id='mouse-pointer-is-laggingstuttering-under-load']

  Mouse pointer is lagging/stuttering under load

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  If your computer is under load, your mouse pointer movement might stop

  being fluent, but start lagging (get stuck in a place for a short time,
@@ -522,18 +507,16 @@

  noticeable on slow systems/systems with fewer CPU cores. See

  https://bugzilla.gnome.org/show_bug.cgi?id=745032[bug 745032].

  

- [[keyboard-events-are-sometimes-quickly-repeated]]

+ [id='keyboard-events-are-sometimes-quickly-repeated']

  Keyboard events are sometimes quickly repeated

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  There is a rare issue when you press a key to type a letter and you'll

  see multiple copies of the letter typed in. See

  https://bugzilla.gnome.org/show_bug.cgi?id=757942[bug 757942] and

  https://bugzilla.gnome.org/show_bug.cgi?id=777693[bug 777693].

  

- [[not-all-keys-can-be-sent-to-a-remote-desktop-or-a-virtual-machine]]

+ [id='not-all-keys-can-be-sent-to-a-remote-desktop-or-a-virtual-machine']

  Not all keys can be sent to a remote desktop or a virtual machine

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  

  Some applications forward all input, including system-specific

  keys/shortcuts like or , to a remote system. This is mostly remote

@@ -0,0 +1,3 @@

+ 

+ 

+ include::modules/proc_disabling-gnome-screenlock.adoc[leveloffset=+1]

file modified

@@ -0,0 +1,18 @@

+ :parent-context: {context}

+ 

+ [id='getting-started-with-selinux-{context}']

+ = Getting started with SELinux

+ :context: getting-started-with-selinux

+ 

+ :md: ./modules

+ :imagesdir: ./images

+ 

+ :leveloffset: +1

+ include::{md}/con_introduction-to-selinux.adoc[]

+ include::{md}/con_benefits-of-selinux.adoc[]

+ include::{md}/con_selinux-examples.adoc[]

+ include::{md}/con_selinux-architecture.adoc[]

+ include::{md}/con_selinux-states-and-modes.adoc[]

+ :leveloffset: -1

+ 

+ :context: {parent-context}

file removed
-560
@@ -1,560 +0,0 @@

- = The GRUB2 Bootloader

- 

- [[introduction]]

- == Introduction

- *GRUB2* is the latest version of *GNU GRUB*, the _GRand Unified Bootloader_.

- A bootloader is the first software program that runs when a computer

- starts. It is responsible for loading and transferring control to the

- operating system kernel. In Fedora, the kernel is Linux. The kernel then initializes 

- the rest of the operating system.

- 

- *GRUB2* is the follower of the previous version *GRUB* (version 0.9x). The original version is available under the name *GRUB Legacy*.

- 

- Since Fedora 16, *GRUB2* has been the default bootloader on x86 BIOS

- systems. For upgrades of BIOS systems, the default is also to install

- *GRUB2*, but you can opt to skip bootloader configuration entirely.

- 

- [[installing-grub-2-on-a-bios-system]]

- == Installing GRUB2 on a BIOS system

- 

- Usually, *GRUB2* will be installed by the installer, *Anaconda*, during the installation process. You will probably never have to deal with manual installation of *GRUB2*. However, in certain situations , you will want to install *GRUB2* manually, if you want to update from an older or different bootloader, for instance. To install *GRUB2*: 

- 

- . Install *GRUB2* software using the *dnf* package manager

- +

- ----

- $ sudo dnf install grub2

- ----

- 

- [[Installing-grub-2-on-the-hard-disk-bios]]

- == Installing GRUB2 on the hard disk on BIOS systems

- 

- Installing the *GRUB2* software on your system does not change your bootloader configuration. In order to use *GRUB2* for loading the operating system, you have to install it on the hard disk. There are two possible options to install it:

- 

- . in the master boot record (MBR) of the hard disk

- . on an extra partition on the hard disk

- 

- *GRUB2* is able to load many operating systems, including Windows, so it is recommended to install it as the default bootloader in the MBR of the primary hard disk, usually the `sda` device.

- 

- .Before you start

- 

- * Make sure you have installed the *GRUB2* software onto your system. See xref:installing-grub-2-on-a-system[Installing GRUB2 on your system] for more information.

- * To automatically collect information about your disks and operating systems installed on them, the `os-prober` package needs to be installed on your system.

- 

- .Procedure

- 

- . List devices available on the system.

- +

- ----

- $ lsblk

- ----  

- 

- . Identify the primary hard disk. Usually, it is the `sda` device.

- 

- . Install *GRUB2* in the MBR of the primary hard disk.

- +

- ----

- $ sudo grub2-install /dev/sda

- ----

- 

- . Create a configuration file for *GRUB2*.

- +

- ----

- $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg

- ----

- 

- .More information

- 

- * The `grub2-mkconfig` command will create a new configuration based on the currently

- running system. It collects information from the `/boot` partition (or directory), from the `/etc/default/grub` file, and the customizable scripts in `/etc/grub.d/`. 

- * The configuration format has evolved over time, and a new configuration

- file might be slightly incompatible with the old bootloader. It is

- therefore a good idea to first run `grub2-install` whenever you would need

- to run `grub2-mkconfig`.

- * It is generally safe to directly edit `/boot/grub2/grub.cfg` in Fedora.

- *Grubby* in Fedora patches the configuration when a kernel update is

- performed and will try to not make any other changes than what is

- necessary. Manual changes might however be

- overwritten with `grub2-mkconfig` next time the system is upgraded with

- *Anaconda*. Customizations can be placed in `/etc/grub.d/40_custom` or

- `/boot/grub2/custom.cfg` files and will survive running the `grub2-mkconfig` command.

- 

- [[installing-grub-2-configuration-on-uefi-system]]

- == Installing GRUB2 on a UEFI system

- 

- To install or fix *GRUB2* on a UEFI system on Fedora 18 or newer, you

- need to do three things:

- 

- * create an EFI System Partition (ESP)

- * install the bootloader files

- * configure the *GRUB2* configuration

- 

- [[create-an-esp]]

- === Create an ESP

- 

- UEFI firmware, in general, likes to boot from an _EFI System Partition_ on

- a disk with a GPT label. 

- 

- .Before you start

- 

- . Learn how to create partitions using `gdisk`.

- 

- .Procedure

- 

- . List available block devices to find a place to create your ESP.

- +

- ----

- $ lsblk

- ----

- 

- . Create at least a 128 MiB disk partition using a GPT label on the primary hard disk.

- +

- ----

- $ sudo gdisk /dev/sda

- ----

- 

- . Format the partition with the _FAT32_ file system.

- +

- ----

- $ sudo mkfs.vfat /dev/sda1

- ----

- 

- . Mount the partition to `/boot/efi` mount point. 

- +

- ----

- $ sudo mount /dev/sda1 /boot/efi

- ----

- 

- 

- [[install-the-bootloader-files]]

- === Install the bootloader files

- 

- In order to use *GRUB2* with on the UEFI systems, you need to install appropriate packages:

- 

- .Before you start

- 

- . Mount the `/boot/efi` mount point. See xref:create-an-esp[Create an ESP] to create it.

- 

- .Procedure

- 

- . Install the necessary packages.

- +

- ----

- dnf install grub2-efi grub2-efi-modules shim

- ----

- 

- . If they are already installed, reinstall them.

- +

- ----

- dnf reinstall grub2-efi grub2-efi-modules shim

- ----

- 

- .More information

- 

- * This installs the signed shim and the *GRUB2* binary.

- 

- [[create-a-grub-2-configuration]]

- === Create a GRUB2 configuration

- 

- Under EFI, *GRUB2* looks for its configuration in

- `/boot/efi/EFI/fedora/grub.cfg`. For newly installed kernels to work,

- `grubby` expects `/etc/grub2-efi.cfg` to be a symlink to the real

- grub.cfg (for example `/boot/efi/EFI/fedora/grub.cfg`).

- 

- If you already have a *GRUB2* EFI config file, you do not need to do anything else. Otherwise, you can try to create the configuration file using the `grub2-mkconfig` command. 

- 

- ----

- $ sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

- ----

- 

- [[solve-problems-with-uefi-bootloader]]

- === Solve problems with UEFI bootloader.

- 

- 

- [[adding-the-boot-menu-entries]]

- ==== Adding the boot menu entries

- When you power on your system, your firmware will look for EFI variables

- that tell it how to boot. If you are already booted in EFI mode and EFI

- runtime services are working correctly, you can configure your boot menu

- with `efibootmgr`. If not, you will have to bootstrap the process.

- 

- Fortunately, `shim` can help you bootstrap. The EFI program

- `/boot/efi/EFI/BOOT/fallback.efi` will look for files called `BOOT.CSV`

- in your ESP and will add boot entries corresponding to them. The `shim` command 

- provides a `BOOT.CSV` file that will add an entry for `grub2-efi` for you. 

- 

- Using the *EFI Shell* to invoke `fallback.efi` should work for you. You can do this

- with commands like:

- 

- ----

- > fs0:

- > cd EFI\BOOT

- > fallback.efi

- ----

- 

- If you have no boot entries at all, then just booting off your disk in

- UEFI mode should automatically invoke `/boot/efi/EFI/BOOT/BOOTX64.EFI`,

- which will, in turn, invoke `fallback.efi`.

- 

- If you already have incorrect boot entries, you'll either need to delete

- them or to modify `BOOT.CSV` to create new entries with different names.

- 

- [[adding-other-operating-systems-to-the-grub-2-menu]]

- ==== Adding Other operating systems to the *GRUB2* menu

- 

- The `grub2-mkconfig` command will add entries for all operating systems it can find.

- For the command to work, you have to have installed the *os-prober* tool that is provided by the `os-prober` package. 

- 

- Unfortunately, problem sometimes can appear. See the link:http://www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config[GRUB manual] to solve issues with booting secondary operating systems.

- 

- [[setting-default-entry]]

- ==== Setting default entry

- 

- Due to `grub2-mkconfig` (and *os-prober*) we cannot predict the order of

- the entries in `/boot/grub2/grub.cfg`, so we set the default by

- name/title instead.

- 

- .Before you start

- 

- . Open `/etc/default/grub` and make sure these lines exist in the file.

- +

- ----

- GRUB_DEFAULT=saved

- GRUB_SAVEDEFAULT=false

- ----

- 

- . Apply the changes to `grub.cfg` by running.

- +

- ----

- $sudo grub2-mkconfig -o /boot/grub2/grub.cfg

- ----

- 

- .Procedure

- 

- . List all possible menu entries.

- +

- ----

- $sudo grep -P "submenu|^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2

- ----

- 

- . Set the desired default menu entry

- +

- ----

- $sudo grub2-set-default "<submenu title><menu entry title>"

- ----

- 

- . Verify the default menu entry

- +

- ----

- $sudo grub2-editenv list

- ----

- 

- .More information

- If you understand the risks involved, you can manually modify the

- `/boot/grub2/grub.cfg` file. In that case, set the number of the default operating system using the `set default` variable. 

- 

- For example:

- ----

- set default="5"

- ----

- 

- 

- [[additional-scenario]]

- == Additional Scenarios

- 

- [[restoring-bootloader-using-live-disk]]

- === Restoring the bootloader using the Live disk.

- 

- Sometimes, especially after a secondary operating systems has been installed, the master boot record gets damaged which then prevents the original Linux system from booting.

- If this happens, it is necessary to reinstall *GRUB2* to recreate the original settings. The process not only discovers all installed operating systems, but usually adds them to the *GRUB2* configuration files, so they will all become bootable by *GRUB2*.

- 

- .Before you start

- 

- . Get the Fedora Live ISO from link:https://download.fedoraproject.org/pub/fedora/linux/releases/27/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-27-1.6.iso[getfedora.org].

- . Prepare a bootable device using the downloaded ISO, either a CD or a USB.

- 

- .Procedure

- 

- . Boot the Fedora live system from the bootable device you have created.

- 

- . Open the terminal.

- 

- . Examine the partition layout and identify the `boot` and the `root` partition.

- +

- ----

- $ sudo fdisk -l

- ----

- +

- If you are using the default Fedora layout, there will be one `/dev/sda1` partition that holds the `/boot` directory and one `/dev/mapper/fedora-root` that holds the root file system.

- 

- . Create the mount point for the root partition.

- +

- ----

- $ sudo mkdir -p /mnt/root

- ---- 

- 

- . Mount the root partition on the mount point.

- +

- ----

- $ sudo mount /dev/mapper/fedora-root /mnt/root

- ----

- 

- . Mount the boot partition in the `boot` directory of the filesystem that you have mounted in the previous step.

- +

- ----

- $ sudo mount /dev/sda1 /mnt/root/boot/

- ----

- 

- . Mount system processes and devices into the root filesystem in `/mnt/root`.

- +

- ----

- $ sudo mount -o bind /dev /mnt/root/dev

- $ sudo mount -o bind /proc /mnt/root/proc

- $ sudo mount -o bind /sys /mnt/root/sys

- $ sudo mount -o bind /run /mnt/root/run

- ----

- 

- . Change your filesystem into the one mounted under `/mnt/root`.

- +

- ----

- $ sudo chroot /mnt/root

- ----

- 

- . Reinstall *GRUB2* into the MBR of the primary hard disk.

- +

- ----

- $ sudo grub2-install --no-floppy --recheck /dev/sda

- ----

- 

- . Recreate the *GRUB2* configuration files.

- +

- ----

- $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg

- ----

- 

- . Exit this temporary root filesystem.

- +

- ----

- $ exit

- ----

- 

- . Your bootloader should be now restored. Reboot your computer to boot into your normal system.

- +

- ----

- $ sudo systemctl reboot

- ----

- 

- [[using-the-grub-2-boot-prompt]]

- ==== Using the GRUB2 boot prompt

- 

- If improperly configured, *GRUB2* may fail to load and subsequently drop

- to a boot prompt. To address this issue, proceed as follows:

- 

- . Load the XFS and LVM modules

- +

- ----

- insmod xfs

- insmod lvm

- ----

- 

- . List the drives which *GRUB2* sees:

- +

- ----

- grub2> ls

- ----

- 

- . Study the output for the partition table of the `/dev/sda` device. It may look similar to the following example on a dos partition table with three partitons.

- will look something like this:

- +

- ----

- (hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1)

- ----

- +

- or similar to this output on a gpt partition table of the `/dev/sda` device with four

- partitions.

- +

- ----

- (hd0) (hd0,gpt4) (hd0,gpt3)  (hd0,gpt2) (hd0,gpt1)

- ----

- 

- . Probe each partition of the drive and locate your `vmlinuz` and `initramfs` files.

- +

- ----

- ls (hd0,1)/ 

- ----

- +

- The outcome of the previous command will list the files on `/dev/sda1`. If this partition contains the `/boot` directory, it will show the full name of `vmlinuz` and `initramfs`.

- 

- . Set the root partition.

- +

- ----

- grub> set root=(hd0,3)

- ----

- 

- . Set the desired kernel.

- +

- ----

- grub> linux (hd0,1)/vmlinuz-3.0.0-1.fc16.i686 root=/dev/sda3 rhgb quiet selinux=0 

- # NOTE : add other kernel args if you have need of them

- # NOTE : change the numbers to match your system

- ----

- 

- . Set the desired `initrd`.

- +

- ----

- grub> initrd (hd0,1)/initramfs-3.0.0-1.fc16.i686.img

- # NOTE : change the numbers to match your system

- ----

- 

- . Boot with the selected settings.

- +

- ----

- grub> boot

- ----

- 

- . When the system starts, open a terminal.

- 

- . Enter the `grub2-mkconfig` command to re-create the `grub.cfg` file to enable *GRUB2* to boot your system.

- +

- ----

- grub2-mkconfig -o /boot/grub2/grub.cfg

- ----

- 

- . Enter the `grub2-install` command to install *GRUB2* to your hard disk to use of your config file.

- +

- ----

- grub2-install --boot-directory=/boot /dev/sda

- # Note: your drive may have another device name. Check for it with mount command output.

- ----

- 

- [[booting-with-configfile-on-different-partition]]

- === Booting the system using a configuration file on a different partition.

- It's also possible to boot into a _configfile_ that's located on another

- partition. If the user is faced with such a scenario, as is often the

- case with multi-boot systems containing Ubuntu and Fedora, the following

- steps in the *GRUB2* rescue shell might become useful to know:

- 

- .Procedure

- 

- . Load necessary modules to read the partitions.

- +

- ----

- insmod part_msdos

- insmod xfs

- insmod lvm

- ----

- 

- . Set the root partition.

- +

- ----

- set root='hd0,msdos1'

- ----

- 

- . Set the path to the configuration file.

- +

- ----

- configfile /grub2/grub.cfg

- ----

- 

- .More information

- The *hd0,msdos1* line shows the pertinent _boot_ partition, which holds the

- `grub.cfg` file.

- 

- [[absent-floppy-disk]]

- === Dealing with the "Absent Floppy Disk" Error

- 

- It has been reported by some users that *GRUB2* may fail to install on a partition's boot sector if the computer's floppy controller is activated in BIOS without an actual floppy disk

- drive being present. Such situations resulted in an _Absent Floppy Disk_ error. 

- 

- To workaround this issue, go into the rescue mode and install *GRUB2* with the `--no-floppy` option:

- 

- ----

- grub2-install <target device> --no-floppy

- ----

- 

- [[setting-a-password-for-interactive-edit-mode]]

- === Setting a password for interactive edit mode

- 

- If you wish to password-protect the *GRUB2* interactive edit mode 

- without forcing users to enter a password to boot the computer, use this procedure.

- 

- .Procedure

- 

- . Create the `/etc/grub.d/01_users` file.

- +

- ----

- cat << EOF

- set superusers="root"

- export superusers

- password root secret

- EOF

- ----

- 

- . Apply your changes.

- +

- ----

- grub2-mkconfig -o /boot/grub2/grub.cfg

- ----

- 

- .More information

- 

- You can encrypt the password by using *pbkdf2*. Use `grub2-mkpasswd-pbkdf2`

- to encrypt the password, then replace the password line with:

- 

- ----

- password_pbkdf2 root grub.pbkdf2.sha512.10000.1B4BD9B60DE889A4C50AA9458C4044CBE129C9607B6231783F7E4E7191D8254C0732F4255178E2677BBE27D03186E44815EEFBAD82737D81C87F5D24313DDDE7.E9AEB53A46A16F30735E2558100D8340049A719474AEEE7E3F44C9C5201E2CA82221DCF2A12C39112A701292BF4AA071EB13E5EC8C8C84CC4B1A83304EA10F74

- ----

- 

- More details can be found at

- https://help.ubuntu.com/community/Grub2/Passwords[Ubuntu Help: GRUB2

- Passwords].

- 

- [NOTE]

- ====

- Starting from Fedora 21, the `--md5pass` kickstart option must

- be set using output from the `grub2-mkpasswd-pbkdf2` command.

- ====

- 

- [[using-old-graphics-modes-in-bootloader]]

- === Using old graphics modes in bootloader

- 

- Terminal device is chosen with GRUB_TERMINAL; additional quote from

- http://www.gnu.org/software/grub/manual/grub.html#Simple-configuration

- 

- Valid terminal output names depend on the platform, but may include

- `console` (PC BIOS and EFI consoles), `serial` (serial terminal),

- `gfxterm` (graphics-mode output), `ofconsole` (Open Firmware console),

- or `vga_text` (VGA text output, mainly useful with Coreboot).

- 

- The default is to use the platform's native terminal output.

- 

- The default in Fedora is `gfxterm` and to get the legacy graphics modes

- you need to set GRUB_TERMINAL to the right variable from the description

- above in `/etc/default/grub`.

- 

- [[enabling-serial-console-in-grub]]

- === Enabling Serial Console in GRUB2

- 

- To enable Serial console in grub: 

- 

- . Add the following entry to `/etc/default/grub`. Adjust `baudrate`, `parity`, `bits`, and `flow` controls to fit your environment and cables.

- +

- ----

- GRUB_CMDLINE_LINUX='console=tty0 console=ttyS0,115200n8'

- GRUB_TERMINAL=serial

- GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

- ----

- 

- . Re-generate the GRUB2 config file.

- +

- `grub2-mkconfig -o /boot/grub2/grub.cfg`

- 

- [[further-reading]]

- == Further Reading

- 

- * http://www.gnu.org/software/grub/manual/grub.html

- * Features/Grub2

- * Anaconda/Features/Grub2Migration

- '''

- 

- See a typo, something missing or out of date, or anything else which can be

- improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.

file removed
-561
@@ -1,561 +0,0 @@

- = How to create and use Live USB

- 

- '''

- 

- [IMPORTANT]

- ======

- 

- This page was automatically converted from https://fedoraproject.org/wiki/How_to_create_and_use_Live_USB

- 

- It is probably

- 

- * Badly formatted

- * Missing graphics and tables that do not convert well from mediawiki

- * Out-of-date

- * In need of other love

- 

- 

- Pull requests accepted at https://pagure.io/fedora-docs/quick-docs

- 

- Once you've fixed this page, remove this notice, and update

- `_topic_map.yml`.

- 

- Once the document is live, go to the original wiki page and replace its text

- with the following macro:

- 

- ....

- {{#fedoradocs: https://docs.fedoraproject.org/whatever-the-of-this-new-page}}

- ....

- 

- ======

- 

- '''

- 

- 

- image:mediawriter-icon.png[mediawriter-icon.png‎,title="mediawriter-icon.png‎"]

- 

- This page explains *how to create and use Fedora USB media*. You can

- write all https://getfedora.org/[Fedora ISO images] to a USB stick,

- making this a convenient way on any USB-bootable computer to either

- install Fedora or try a 'live' Fedora environment without writing to the

- computer's hard disk. You will need a USB stick at least as large as the

- image you wish to write.

- 

- [[quickstart-using-fedora-media-writer]]

- Quickstart: Using Fedora Media Writer

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- image:Fedora_Live_USB_creator.png[Fedora Media Writer

- screenshot,title="Fedora Media Writer screenshot"]

- 

- For most cases, the best tool to create a Fedora USB stick is the

- https://github.com/MartinBriza/MediaWriter[Fedora Media Writer] utility,

- which was formerly known as LiveUSB Creator. It is available on Fedora,

- other Linux distributions using http://flatpak.org/[Flatpak], Windows

- and macOS.

- 

- Fedora Media Writer is graphical and easy to use. It can download recent

- Fedora images for you as well as writing them to the USB stick.

- 

- On Fedora, you can use a Fedora graphical software installation tool to

- install the package, or use the command line:

- 

- On Windows and macOS, you can download the installer from

- https://github.com/MartinBriza/MediaWriter/releases[the releases page].

- On other Linux distributions, if they support the

- http://flatpak.org/[Flatpak] application distribution system, you can

- download a flatpak from

- https://github.com/MartinBriza/MediaWriter/releases[the releases page].

- 

- To run the tool, look for *Fedora Media Writer* in the system menus.

- When you start Fedora Media Writer, the three dots in the bottom will be

- flashing while the tool checks for a new Fedora release.

- 

- To write the stick:

- 

- 1.  Choose which Fedora flavor you want to install or try.

- +

- ::

-   On the title screen, you can choose Workstation, Server or your own

-   .iso file. Other choices (including KDE, Cinnamon, Xfce and so on) are

-   under the "..." button at the bottom of the list.

- 2.  Ensure your USB stick is plugged into the system.

- 3.  Click _Create Live USB_.

- 4.  Ensure the right stick is selected.

- 5.  Click _Write to disk_ and wait for the write to complete.

- 6.  Once the stick has been written, shut the system down and boot it

- from the USB stick (see link:#booting[the Booting section]).

- 

- After writing, your USB stick will have a changed partition layout and

- some systems may report it to be about 10MB large. To return your USB

- stick to its factory configuration, insert the drive again while Fedora

- Media Writer is running. The app provides you with an option to restore

- to the factory layout. This layout includes a single VFAT partition.

- 

- __TOC__

- 

- [[booting-from-usb-sticks]]

- Booting from USB sticks

- ~~~~~~~~~~~~~~~~~~~~~~~

- 

- image:Bios_USB_boot.jpg[Set USB as first boot device. Your BIOS may be

- different.,title="Set USB as first boot device. Your BIOS may be different."]

- 

- Almost all modern PCs can boot from USB sticks (some very old ones may

- not be able to). However, precisely how you tell the system to boot from

- a USB stick varies substantially from system to system. First, just try

- this:

- 

- 1.  Power off the computer.

- 2.  Plug the USB drive into a USB port.

- 3.  Remove all other portable media, such as CDs, DVDs, floppy disks or

- other USB sticks.

- 4.  Power on the computer.

- 5.  If the computer is configured to automatically boot from the USB

- drive, you will see a screen that says "Automatic boot in 10 seconds..."

- with a countdown (unless you do a native UEFI boot, where you will see a

- rather more minimal boot menu).

- 

- If the computer starts to boot off the hard drive as normal, you'll need

- to manually configure it to boot off the USB drive. Usually, that should

- work something like this:

- 

- 1.  Wait for a safe point to reboot.

- 2.  As the machine starts to reboot, watch carefully for instructions on

- which key to press (usually a function key, Escape, Tab or Delete) to

- enter the boot device selection menu, "BIOS setup", "firmware", or

- "UEFI". Press and hold that key. If you miss the window of opportunity

- (often only a few seconds) then reboot and try again.

- 3.  Use the firmware ("BIOS") interface or the boot device menu to put

- your USB drive first in the boot sequence. It might be listed as a hard

- drive rather than a removable drive. Each hardware manufacturer has a

- slightly different method for doing so.

- +

- ::

-   *Be careful!* Your computer could become unbootable or lose

-   functionality if you change any other settings. Though these settings

-   can be reverted, you'll need to remember what you changed in order to

-   do so.

- 4.  Save the changes, exit, and the computer should boot from the USB

- drive.

- 

- If your system has a link:Unified_Extensible_Firmware_Interface[UEFI]

- firmware, it will usually allow you to boot the stick in UEFI native

- mode or BIOS compatibility mode. If you boot in UEFI native mode and

- perform a Fedora installation, you will get a UEFI native Fedora

- installation. If you boot in BIOS compatibility mode and perform a

- Fedora installation, you will get a BIOS compatibility mode Fedora

- installation. For more information on all this, see the

- link:Unified_Extensible_Firmware_Interface[UEFI page]. USB sticks

- written from x86_64 images with link:#fmw[Fedora Media Writer],

- link:#gnome[GNOME Disk Utility], link:#dd[dd], other dd-style utilities,

- and link:#litd[livecd-iso-to-disk] with should be UEFI native bootable.

- Sticks written with other utilities may not be UEFI native bootable, and

- sticks written from i686 images will never be UEFI bootable.

- 

- [[checking-usb-disk-size-free-space]]

- Checking USB disk size / free space

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- As noted before, the disk must have a certain amount of storage space

- depending on the image you select. If you use a destructive method, the

- stick must be at least the size of the image; if you use a

- non-destructive method, it must have at least that much free space.

- Whichever operating system you are using, you can usually check this

- with a file manager, usually by right clicking and selecting

- _Properties_. Here is a screenshot of how this looks on GNOME:

- 

- image:Properties_USB_size.png[thumb|350px|none]

- 

- [[identifying-a-stick-by-name-on-linux]]

- Identifying a stick by name on Linux

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- Most of the link:#writing[alternative writing methods] will require you

- to know the name for your USB stick - e.g. - when using them on Linux.

- You do not need to know this in order to use link:#fmw[Fedora Media

- Writer]. To find this out:

- 

- 1.  Insert the USB stick into a USB port.

- 2.  Open a terminal and run .

- 3.  Near the end of the output, you will see something like:

- 

- ....

- [32656.573467] sd 8:0:0:0: [sdX] Attached SCSI removable disk

- ....

- 

- where sdX will be sdb, sdc, sdd, etc. *Take note of this label* as it is

- the name of the disk you will use. We'll call it _sdX_ from now on. If

- you have connected more than one USB stick to the system, be careful

- that you identify the correct one - often you will see a manufacturer

- name or capacity in the output which you can use to make sure you

- identified the correct stick.

- 

- [[alternative-usb-stick-writing-methods]]

- Alternative USB stick writing methods

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- As explained above, the recommended method for writing the stick in most

- cases is link:#fmw[Fedora Media Writer]. In this section, other tools

- which may be useful in specific circumstances are documented.

- 

- [[using-gnome-disk-utility-linux-graphical-destructive]]

- Using GNOME Disk Utility (Linux, graphical, destructive)

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- 

- This method is for people running Linux (or another *nix) with GNOME,

- Nautilus and the GNOME Disk Utility installed. Particularly, if you are

- using a distribution other than Fedora which does not support Flatpak,

- this may be the easiest available method. A standard installation of

- Fedora, or a standard GNOME installation of many other distributions,

- should be able to use this method. On Fedora, ensure the packages and

- are installed. Similar graphical direct-write tools may be available for

- other desktops, or you may use the link:#dd[command line "direct write"

- method].

- 

- 1.  Download a Fedora image, choose a USB stick that does not contain

- any data you need, and connect it

- 2.  Run Nautilus (Files) - for instance, open the Overview by pressing

- the Start/Super key, and type _Files_, then hit enter

- 3.  Find the downloaded image, right-click on it, go to *Open With*, and

- click *Disk Image Writer*

- 4.  Double-check you're really, really sure you don't need any of the

- data on the USB stick!

- 5.  Select your USB stick as the *Destination*, and click *Start

- Restoring...*

- 

- [[command-line-method-using-the-livecd-iso-to-disk-tool-fedora-only-non-graphical-both-non-destructive-and-destructive-methods-available]]

- Command line method: Using the _livecd-iso-to-disk_ tool (Fedora only,

- non-graphical, both non-destructive and destructive methods available)

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- 

- The method is slightly less reliable than Fedora Media Writer and can be

- used reliably only from within Fedora: it does not work in Windows or OS

- X, and is not supported (and will usually fail) in non-Fedora

- distributions. However, it supports three advanced features which FMW

- does not include:

- 

- 1.  You may use a _non-destructive_ method to create the stick, meaning

- existing files on the stick will not be destroyed. This is less reliable

- than the _destructive_ write methods, and should be used only if you

- have no stick you can afford to wipe.

- 2.  On live images, you can include a feature called a _persistent

- overlay_, which allows changes made to persist across reboots. You can

- perform updates just like a regular installation to your hard disk,

- except that kernel updates require link:#Kernel_updates[manual

- intervention] and link:#limited_overlay[overlay space may be

- insufficient]. Without a _persistent overlay_, the stick will return to

- a fresh state each time it is booted.

- 3.  On live images, you can also have a separate area to store user

- account information and data such as documents and downloaded files,

- with optional encryption for security and peace of mind.

- 

- By combining these features, you can carry your computer with you in

- your pocket, booting it on nearly any system you find yourself using.

- 

- It is not a good idea to try and write a new Fedora release using the

- version of in a much older Fedora release: it is best to only use a

- release a maximum of two versions older than the release you are trying

- to write.

- 

- Ensure the package is installed:

- 

- Basic examples follow. Remember to link:#device[identify your USB

- stick's device name] first. In all cases, you can add the parameter to

- (try to) render the stick bootable in native UEFI mode. Detailed usage

- information is available by running: or .

- 

- To make an existing USB stick bootable as a Fedora image - without

- deleting any of the data on it - make sure that the USB drive is not

- mounted before executing the following, and give the root password when

- prompted:

- 

- ::

- 

- In case it is not possible to boot from a disk created with the method

- shown above, before re-partitioning and re-formatting, often resetting

- the master boot record will enable booting:

- 

- ::

- 

- If necessary, you can have _livecd-iso-to-disk_ re-partition and

- re-format the target stick:

- 

- ::

- 

- To include a persistent filesystem for , use the parameter. For example:

- 

- ::

- 

- This will create a 2 GiB filesystem that will be mounted as each time

- the stick is booted, allowing you to preserve data in across boots.

- 

- To enable 'data persistence' support - so changes you make to the entire

- live environment will persist across boots - add the parameter to add a

- persistent data storage area to the target stick. For example:

- 

- ::

- 

- where 2048 is the desired size (in megabytes) of the overlay. The

- _livecd-iso-to-disk_ tool will not accept an overlay size value greater

- than 4095 for VFAT, but for ext[234] filesystems it is only limited by

- the available space.

- 

- You can combine and , in which case data written to will not exhaust the

- persistent overlay.

- 

- [[command-line-direct-write-method-most-operating-systems-non-graphical-destructive]]

- Command line "direct write" method (most operating systems,

- non-graphical, destructive)

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- 

- This method direct writes the image to the USB stick much like

- link:#fmw[Fedora Media Writer] or link:#gnome[GNOME Disk Utility], but

- uses a command line utility named . Like the other "direct write"

- methods, it will destroy all data on the stick and does not support any

- of the advanced features like data persistence, but it is a very

- reliable method. The tool is available on most Unix-like operating

- systems, including Linux distributions and OS X, and

- http://www.chrysocome.net/dd[a Windows port is available]. This may be

- your best method if you cannot use Fedora Media Writer or GNOME Disk

- Utility, or just if you prefer command line utilities and want a simple,

- quick way to write a stick.

- 

- 1.  link:#device[Identify the name of the USB drive partition]. If using

- this method on Windows, with the port linked above, the command should

- provide you with the correct name.

- 2.  *Unmount all mounted partition from that device.* This is very

- important, otherwise the written image might get corrupted. You can

- umount all mounted partitions from the device with , where X is the

- appropriate letter, e.g.

- 3.  Write the ISO file to the device:

- +

- ::

- 4.  Wait until the command completes.

- +

- ::

-   If you see , your dd version doesn't support the option and you'll

-   need to remove it (and you won't see writing progress).

- 

- [[using-unetbootin-windows-os-x-and-linux-graphical-non-destructive]]

- Using http://unetbootin.sourceforge.net/[UNetbootin] (Windows, OS X and

- Linux, graphical, non-destructive)

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- 

- image:Unetbootin_gtk3.png[Unetbootin

- screenshot,title="Unetbootin screenshot"]

- 

- While your results may vary, it is usually the case that the

- link:#fmw[Fedora Media Writer], link:#litd[livecd-iso-to-disk],

- link:#gnome[GNOME] and link:#dd[dd] methods give better results than

- UNetbootin. If you encounter problems with UNetbootin, please contact

- the UNetbootin developers, not the Fedora developers.

- 

- UNetbootin is a graphical, bootable USB image creator. Using it will

- allow you to preserve any data you have in the USB drive. If you have

- trouble booting, however, you may wish to try with a blank, cleanly

- FAT32-formatted drive.

- 

- If you are running a 64-bit Linux distribution, UNetbootin may fail to

- run until you install the 32-bit versions of quite a lot of system

- libraries. Fedora cannot help you with this: please direct feedback on

- this issue to the UNetbootin developers.

- 

- 1.  Download the latest UNetbootin version from

- http://unetbootin.sourceforge.net/[the official site] and install it. On

- Linux, the download is an executable file: save it somewhere, change it

- to be executable (using or a file manager), and then run it.

- 2.  Launch UNetbootin. On Linux, you might have to type the root

- password.

- 3.  Click on *Diskimage* and search for the ISO file you downloaded.

- 4.  Select Type: USB drive and link:#device[choose the correct device

- for your stick]

- 5.  Click OK

- 

- [[creating-a-usb-stick-from-a-running-live-environment]]

- Creating a USB stick from a running live environment

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- 

- If you are already running a live CD, DVD, or USB and want to convert

- that into a bootable USB stick, run the following command:

- 

- ::

- 

- See link:#Mounting_a_Live_USB_filesystem[this section] for mounting the

- root filesystem outside of a boot.

- 

- [[troubleshooting]]

- Troubleshooting

- ~~~~~~~~~~~~~~~

- 

- [[fedora-media-writer-problems]]

- Fedora Media Writer problems

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- 

- * Bugs can be reported to

- https://github.com/MartinBriza/MediaWriter/issues[GitHub] or

- https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=mediawriter[Bugzilla].

- You can http://bugz.fedoraproject.org/mediawriter[browse existing

- Bugzilla reports]. Please report any problems you encounter that have

- not already been reported.

- 

- [[livecd-iso-to-disk-problems]]

- livecd-iso-to-disk problems

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^

- 

- [[partition-isnt-marked-bootable]]

- Partition isn't marked bootable!

- ++++++++++++++++++++++++++++++++

- 

- If you get the message , you need to mark the partition bootable. To do

- this, run , and use the command, where X is the appropriate letter and N

- is the partition number. For example:

- 

- ....

- $ parted /dev/sdb

- GNU Parted 1.8.6

- Using /dev/sdb

- Welcome to GNU Parted! Type 'help' to view a list of commands.

- (parted) print                                                            

- Model: Imation Flash Drive (scsi)

- Disk /dev/sdX: 1062MB

- Sector size (logical/physical): 512B/512B

- Partition Table: msdos

- 

- Number  Start   End     Size    Type     File system  Flags

-  1      32.3kB  1062MB  1062MB  primary  fat16             

- 

- (parted) toggle 1 boot

- (parted) print                                                    

- Model: Imation Flash Drive (scsi)

- Disk /dev/sdX: 1062MB

- Sector size (logical/physical): 512B/512B

- Partition Table: msdos

- 

- Number  Start   End     Size    Type     File system  Flags

-  1      32.3kB  1062MB  1062MB  primary  fat16        boot 

- 

- (parted) quit                                                             

- Information: Don't forget to update /etc/fstab, if necessary.             

- ....

- 

- [[partitions-need-a-filesystem-label]]

- Partitions need a filesystem label!

- +++++++++++++++++++++++++++++++++++

- 

- If you get the message , you need to label the partition:

- 

- [[partition-has-different-physicallogical-endings]]

- Partition has different physical/logical endings!

- +++++++++++++++++++++++++++++++++++++++++++++++++

- 

- If you get this message from fdisk, you may need to reformat the flash

- drive when writing the image, by passing when writing the stick.

- 

- [[mbr-appears-to-be-blank]]

- MBR appears to be blank!

- ++++++++++++++++++++++++

- 

- If your test boot reports a corrupted boot sector, or you get the

- message , you need to install or reset the master boot record (MBR), by

- passing when writing the stick.

- 

- [[livecd-iso-to-disk-on-other-linux-distributions]]

- livecd-iso-to-disk on other Linux distributions

- +++++++++++++++++++++++++++++++++++++++++++++++

- 

- is not meant to be run from a non-Fedora system. Even if it happens to

- run and write a stick apparently successfully from some other

- distribution, the stick may well fail to boot. Use of on any

- distribution other than Fedora is unsupported and not expected to work:

- please use an alternative method, such as link:#fmw[Fedora Media

- Writer].

- 

- [[ubuntus-usb-creator]]

- Ubuntu's _usb-creator_

- ^^^^^^^^^^^^^^^^^^^^^^

- 

- Ubuntu and derivative Linux distributions have a program similar to

- Fedora Media Writer. This *does not work* with Fedora ISO images, it

- silently rejects them. usb-creator requires the ISO to have a Debian

- layout, with a file and a casper directory. Do not attempt to use this

- utility to write a Fedora ISO image.

- 

- [[testing-a-usb-stick-using-qemu]]

- Testing a USB stick using qemu

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- You can test your stick using QEMU as shown in the screenshot below.

- 

- image:Screenshot_qemu_gtk3.png[`Screenshot_qemu_gtk3.png‎`,title="Screenshot_qemu_gtk3.png‎"]

- 

- For example, you could type the following commands:

- 

- ....

- su -c 'umount /dev/sdX1'

- qemu -hda /dev/sdX -m 1024 -vga std

- ....

- 

- [[mounting-a-live-usb-filesystem]]

- Mounting a Live USB filesystem

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- You can use the

- https://github.com/livecd-tools/livecd-tools/blob/master/tools/liveimage-mount[_liveimage-mount_]

- script in the package to mount an attached Live USB device or other

- LiveOS image, such as an ISO or Live CD. This is convenient when you

- want to copy in or out some file from the LiveOS filesystem on a Live

- USB, or just examine the files in a Live ISO or Live CD.

- 

- [[kernel-updates-for-livecd-iso-to-disk-written-images-with-a-persistent-overlay]]

- Kernel updates for _livecd-iso-to-disk_-written images with a persistent

- overlay

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- If you have link:#limited_overlay[sufficient overlay space] to

- accommodate a kernel update on a Live USB installation, the kernel and

- initramfs will be installed to the /boot directory. To put these into

- service they must be moved to the /syslinux directory of the

- installation partition. This is accessible from the running Live USB

- filesystem at the /run/initramfs/live mount point. The new initramfs

- (such as initramfs-4.9.13-200.fc25.x86_64.img) and kernel (such as

- vmlinuz-4.9.13-200.fc25.x86_64) should be moved to replace the

- /run/initramfs/live/syslinux/initrd.img and

- /run/initramfs/live/syslinux/vmlinuz files, respectively.

- 

- * *Note*: _dracut_ no longer includes the _dmsquash-live_ module by

- default. Starting with Fedora 19, _dracut_ defaults to the option, which

- precludes the _dmsquash-live_ module. So, one can add a dracut config

- file, as root, before updating the kernel:

- 

- ....

- echo 'hostonly="no"

- add_dracutmodules+=" dmsquash-live "' > /etc/dracut.conf.d/01-liveos.conf

- ....

- 

- The following commands will move the new kernel and initramfs files to

- the device's /syslinux directory:

- 

- ....

- bootpath=run/initramfs/live/syslinux

- new=4.9.13-200.fc25.x86_64

- 

- cd /

- mv -f boot/vmlinuz-$new ${bootpath}/vmlinuz

- mv -f boot/initramfs-${new}.img ${bootpath}/initrd.img

- ....

- 

- [[multi-live-image-boot-installations]]

- Multi Live Image boot installations

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- The _livecd-iso-to-disk_ --multi option allows one to install more than

- one LiveOS image on a single device. Version 24.2 or greater of will

- automatically configure the device boot loader to give a Multi Live

- Image Boot Menu for the device.

- 

- Category:LiveMedia

- '''

- 

- See a typo, something missing or out of date, or anything else which can be

- improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.

file removed
-157
@@ -1,157 +0,0 @@

- = FedoraLiveCD

- 

- '''

- 

- [IMPORTANT]

- ======

- 

- This page was automatically converted from https://fedoraproject.org/wiki/FedoraLiveCD

- 

- It is probably

- 

- * Badly formatted

- * Missing graphics and tables that do not convert well from mediawiki

- * Out-of-date

- * In need of other love

- 

- 

- Pull requests accepted at https://pagure.io/fedora-docs/quick-docs

- 

- Once you've fixed this page, remove this notice, and update

- `_topic_map.yml`.

- 

- Once the document is live, go to the original wiki page and replace its text

- with the following macro:

- 

- ....

- {{#fedoradocs: https://docs.fedoraproject.org/whatever-the-of-this-new-page}}

- ....

- 

- ======

- 

- '''

- 

- 

- [[download-and-create-live-image-or-live-usb]]

- Download and Create Live image or Live USB

- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- To download a pre-built Fedora Live image, visit

- https://getfedora.org/[the download page]. Then you can either:

- 

- * Burn the ISO to a CD or DVD. See

- http://docs.fedoraproject.org/readme-burning-isos/[here] for burning

- instructions.

- * Learn link:how_to_create_and_use_Live_USB[how to create and use Live

- USB].

- 

- If you want to build and then burn your own custom ISO, see

- link:How_to_create_and_use_a_Live_CD[How to create and use a Live CD].

- 

- [[advantages-and-limitations]]

- Advantages and Limitations

- ~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- Benefits:

- 

- * You can demonstrate features or try out a release, including testing

- hardware functionality, before hard disk/SSD installation.

- * Live USB/CD/DVD installation is faster than regular installation. Live

- USB/SD installation typically takes only a few minutes and can be

- configured with persistent storage.

- * You can use Live CD technology for backup and recovery of your

- installed hard drive.

- 

- Limitations:

- 

- * It is not possible to choose packages during installation. Live images

- typically have fewer packages than a regular installation image.

- * It is not possible to do an upgrade via the Anaconda installer. If you

- have a separate /home partition, you can just not format it during the

- installation and thus preserve your settings and /home content.

- * It is not possible to choose a non-default filesystem.

- * Once you shutdown a computer running from a Live CD, you will lose any

- settings or packages installed, but Live USB/SD installations may be

- configured with persistent storage.

- 

- [[fedora-live-image-features]]

- Fedora Live image features

- ~~~~~~~~~~~~~~~~~~~~~~~~~~

- 

- Current features:

- 

- 1.  A booted Live CD uses a temporary, in-memory, read-write rootfs, so

- it's possible to install software for use while the Live CD is running.

- 2.  Data persistence options available on Live USB/SD installations.

- 3.  Install to hard disks or USB/SD drives.

- 4.  Uses SELinux in enforcing mode and other security features by

- default.

- 5.  Includes best of breed software on the media.

- 6.  Stay as close to a normal desktop install with regard to features,

- or try specialized http://spins.fedoraproject.org/[Spins].

- 7.  Ability to create normal CD-ROM and CD-R media (less than 700 MB) or

- DVD images.

- 8.  Make it easy to do a derived Live CD with your own repositories,

- packages, and artwork.

- 9.  API used by LTSP, appliance creator and others.

- 

- [[contributors]]

- Contributors

- ~~~~~~~~~~~~

- 

- * DavidZeuthen - Primary developer and maintainer of

- http://hal.freedesktop.org[HAL] and OLPC contributor.

- * JeremyKatz - Fedora Ninja. Adds backend for installing from a live

- image into link:Anaconda[ Anaconda].

- * DouglasMcClendon - LiveOS device mapper trickster.

- 

- [[communicate]]

- Communicate

- ~~~~~~~~~~~

- 

- Fedora Live image users and developers can participate and contribute in

- the discussions happening in the Fedora list.

- (http://www.redhat.com/mailman/listinfo/fedora-livecd-list[predecessor

- list archives])

- 

- [[finding-the-code]]

- Finding the Code

- ~~~~~~~~~~~~~~~~

- 

- The source code for the Live CD tools is maintained in git. The

- repository is at https://github.com/rhinstaller/livecd-tools/ . You can

- install it easily by installing the 'livecd-tools' package.

- 

- Kickstart files are in the spin-kickstarts.noarch package.

- 

- [[hard-drive-installation]]

- Hard Drive Installation

- ~~~~~~~~~~~~~~~~~~~~~~~

- 

- The ability to install to a hard drive is available releases since

- Fedora 7. After the live media boots, click on the install icon on your

- desktop to start the installation. Installation from live image requires

- that GRUB and the /boot directory be installed onto a drive with an

- MSDOS partition label, or that the current machine supports EFI booting.

- If a pc-clone machine has only GPT hard drives, then you may need to use

- something such as a USB2.0 flash memory device (with an MSDOS partition

- label) as an intermediate destination.

- 

- In Fedora 15, instead of clicking the desktop icon, choose

- Applications->System Tools->Install to Hard Drive from the menu along

- the top of the screen.

- 

- [[references]]

- References

- ~~~~~~~~~~

- 

- * https://web.archive.org/web/20080611062804/http://www-128.ibm.com/developerworks/linux/library/l-fedora-livecd/index.html[Mayank

- Sharma "IBM Developer Works: Build a Fedora Live CD" (archive.org

- version from June 2008)]

- * link:LiveOS_image[LiveOS image]

- 

- Category:LiveMedia

- '''

- 

- See a typo, something missing or out of date, or anything else which can be

- improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.

@@ -0,0 +1,28 @@

+ :experimental:

+ 

+ [id='managing-keyboard-shortcuts-for-running-app-in-gnome']

+ = Managing keyboard shortcuts for running an application in GNOME

+ 

+ :md: ./modules

+ :imagesdir: ./images

+ 

+ :leveloffset: +1

+ 

+ include::{md}/proc_adding-shortcut-custom-app-gnome.adoc[]

+ include::{md}/proc_disabling-shortcut-custom-app-gnome.adoc[]

+ include::{md}/proc_enabling-shortcut-custom-app-gnome.adoc[]

+ include::{md}/proc_removing-shortcut-custom-app-gnome.adoc[]

+ 

+ :leveloffset: 0

+ 

+ ////

+ info sources:

+ 

+ http://ask.fedoraproject.org/en/question/9623/how-can-i-set-a-key-shortcut-to-launch-terminal-under-gnome/

+ https://help.gnome.org/users/gnome-help/stable/keyboard-shortcuts-set.html.en

+ 

+ https://unix.stackexchange.com/questions/119432/save-custom-keyboard-shortcuts-in-gnome

+ https://askubuntu.com/questions/26056/where-are-gnome-keyboard-shortcuts-stored

+ 

+ tested on F28 live CD in VM

+ ////

@@ -0,0 +1,29 @@

+ // Module included in the following assemblies:

+ //

+ // getting-started-with-selinux.adoc

+ :experimental:

+ 

+ [#{context}-benefits-of-selinux]

+ = Benefits of running SELinux

+ 

+ SELinux provides the following benefits:

+ 

+ * All processes and files are labeled. SELinux policy rules define how processes interact with files, as well as how processes interact with each other. Access is only allowed if an SELinux policy rule exists that specifically allows it.

+ 

+ * Fine-grained access control. Stepping beyond traditional UNIX permissions that are controlled at user discretion and based on Linux user and group IDs, SELinux access decisions are based on all available information, such as an SELinux user, role, type, and, optionally, a security level.

+ 

+ * SELinux policy is administratively-defined and enforced system-wide.

+ 

+ * Improved mitigation for privilege escalation attacks. Processes run in domains, and are therefore separated from each other. SELinux policy rules define how processes access files and other processes. If a process is compromised, the attacker only has access to the normal functions of that process, and to files the process has been configured to have access to. For example, if the Apache HTTP Server is compromised, an attacker cannot use that process to read files in user home directories, unless a specific SELinux policy rule was added or configured to allow such access.

+ 

+ * SELinux can be used to enforce data confidentiality and integrity, as well as protecting processes from untrusted inputs.

+ 

+ However, SELinux is not:

+ 

+ * antivirus software,

+ 

+ * replacement for passwords, firewalls, and other security systems,

+ 

+ * all-in-one security solution.

+ 

+ SELinux is designed to enhance existing security solutions, not replace them. Even when running SELinux, it is important to continue to follow good security practices, such as keeping software up-to-date, using hard-to-guess passwords, or firewalls.

@@ -0,0 +1,39 @@

+ // Module included in the following assemblies:

+ //

+ // getting-started-with-selinux.adoc

+ 

+ [#{context}-introduction-to-selinux]

+ = Introduction to SELinux

+ 

+ Security Enhanced Linux (SELinux) provides an additional layer of system security. SELinux fundamentally answers the question: _May <subject> do <action> to <object>?_, for example: _May a web server access files in users' home directories?_

+ 

+ The standard access policy based on the user, group, and other permissions, known as Discretionary Access Control (DAC), does not enable system administrators to create comprehensive and fine-grained security policies, such as restricting specific applications to only viewing log files, while allowing other applications to append new data to the log files.

+ 

+ SELinux implements Mandatory Access Control (MAC). Every process and system resource has a special security label called a _SELinux context_. A SELinux context, sometimes referred to as a _SELinux label_, is an identifier which abstracts away the system-level details and focuses on the security properties of the entity. Not only does this provide a consistent way of referencing objects in the SELinux policy, but it also removes any ambiguity that can be found in other identification methods; for example, a file can have multiple valid path names on a system that makes use of bind mounts.

+ 

+ The SELinux policy uses these contexts in a series of rules which define how processes can interact with each other and the various system resources. By default, the policy does not allow any interaction unless a rule explicitly grants access.

+ 

+ [NOTE]

+ ====

+ It is important to remember that SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first, which means that no SELinux denial is logged if the traditional DAC rules prevent the access.

+ ====

+ 

+ SELinux contexts have several fields: user, role, type, and security level. The SELinux type information is perhaps the most important when it comes to the SELinux policy, as the most common policy rule which defines the allowed interactions between processes and system resources uses SELinux types and not the full SELinux context. SELinux types usually end with `_t`. For example, the type name for the web server is `httpd_t`. The type context for files and directories normally found in `/var/www/html/` is `httpd_sys_content_t`. The type contexts for files and directories normally found in `/tmp` and `/var/tmp/` is `tmp_t`. The type context for web server ports is `http_port_t`.

+ 

+ For example, there is a policy rule that permits Apache (the web server process running as `httpd_t`) to access files and directories with a context normally found in `/var/www/html/` and other web server directories (`httpd_sys_content_t`). There is no allow rule in the policy for files normally found in `/tmp` and `/var/tmp/`, so access is not permitted. With SELinux, even if Apache is compromised, and a malicious script gains access, it is still not able to access the `/tmp` directory.

+ 

+ [#fig-intro-httpd-mysqld]

+ .SELinux allows the Apache process running as httpd_t to access the /var/www/html/ directory and it denies the same process to access the /data/mysql/ directory because there is no allow rule for the httpd_t and mysqld_db_t type contexts). On the other hand, the MariaDB process running as mysqld_t is able to access the /data/mysql/ directory and SELinux also correctly denies the process with the mysqld_t type to access the /var/www/html/ directory labeled as httpd_sys_content_t.

+ image::../images/selinux-intro-apache-mariadb.png[SELinux_Apache_MariaDB_example]

+ 

+ [discrete]

+ == Additional resources

+ To better understand SELinux basic concepts, see the following documentation:

+ 

+ * link:++https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf++[The SELinux Coloring Book]

+ 

+ * link:++https://people.redhat.com/tcameron/Summit2012/SELinux/cameron_w_120_selinux_for_mere_mortals.pdf++[SELinux for Mere Mortals]

+ 

+ * link:++http://selinuxproject.org/page/FAQ++[SELinux Wiki FAQ]

+ 

+ * link:++http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf++[The SELinux Notebook]

@@ -0,0 +1,11 @@

+ // Module included in the following assemblies:

+ //

+ // getting-started-with-selinux.adoc

+ :experimental:

+ 

+ [#{context}-selinux-architecture]

+ = SELinux architecture

+ 

+ SELinux is a Linux Security Module (LSM) that is built into the Linux kernel. The SELinux subsystem in the kernel is driven by a security policy which is controlled by the administrator and loaded at boot. All security-relevant, kernel-level access operations on the system are intercepted by SELinux and examined in the context of the loaded security policy. If the loaded policy allows the operation, it continues. Otherwise, the operation is blocked and the process receives an error.

+ 

+ SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). When using these cached decisions, SELinux policy rules need to be checked less, which increases performance. Remember that SELinux policy rules have no effect if DAC rules deny access first.

@@ -0,0 +1,19 @@

+ // Module included in the following assemblies:

+ //

+ // getting-started-with-selinux.adoc

+ :experimental:

+ 

+ [#{context}-selinux-examples]

+ = SELinux examples

+ 

+ The following examples demonstrate how SELinux increases security:

+ 

+ * The default action is deny. If an SELinux policy rule does not exist to allow access, such as for a process opening a file, access is denied.

+ 

+ * SELinux can confine Linux users. A number of confined SELinux users exist in SELinux policy. Linux users can be mapped to confined SELinux users to take advantage of the security rules and mechanisms applied to them. For example, mapping a Linux user to the SELinux `user_u` user, results in a Linux user that is not able to run (unless configured otherwise) set user ID (setuid) applications, such as [command]`sudo` and [command]`su`, as well as preventing them from executing files and applications in their home directory. If configured, this prevents users from executing malicious files from their home directories.

+ 

+ * Increased process and data separation. Processes run in their own domains, preventing processes from accessing files used by other processes, as well as preventing processes from accessing other processes. For example, when running SELinux, unless otherwise configured, an attacker cannot compromise a Samba server, and then use that Samba server as an attack vector to read and write to files used by other processes, such as MariaDB databases.

+ 

+ * SELinux helps mitigate the damage made by configuration mistakes. Domain Name System (DNS) servers often replicate information between each other in what is known as a zone transfer. Attackers can use zone transfers to update DNS servers with false information. When running the Berkeley Internet Name Domain (BIND) as a DNS server in Fedora, even if an administrator forgets to limit which servers can perform a zone transfer, the default SELinux policy prevents zone files footnote:[Text files that include information, such as host name to IP address mappings, that are used by DNS servers.] from being updated using zone transfers, by the BIND `named` daemon itself, and by other processes.

+ 

+ * See the link:++http://www.networkworld.com++[NetworkWorld.com] article, link:++http://www.networkworld.com/article/2283723/lan-wan/a-seatbelt-for-server-software--selinux-blocks-real-world-exploits.html++[A seatbelt for server software: SELinux blocks real-world exploits]footnote:[Marti, Don. "A seatbelt for server software: SELinux blocks real-world exploits". Published 24 February 2008. Accessed 27 August 2009: link:++http://www.networkworld.com/article/2283723/lan-wan/a-seatbelt-for-server-software--selinux-blocks-real-world-exploits.html++[].], for background information about SELinux, and information about various exploits that SELinux has prevented.

@@ -0,0 +1,47 @@

+ // Module included in the following assemblies:

+ //

+ // getting-started-with-selinux.adoc

+ :experimental:

+ 

+ [#{context}-selinux-states-and-modes]

+ = SELinux states and modes

+ 

+ SELinux can run in one of three modes: disabled, permissive, or enforcing.

+ 

+ Disabled mode is strongly discouraged; not only does the system avoid enforcing the SELinux policy, it also avoids labeling any persistent objects such as files, making it difficult to enable SELinux in the future.

+ 

+ In permissive mode, the system acts as if SELinux is enforcing the loaded security policy, including labeling objects and emitting access denial entries in the logs, but it does not actually deny any operations. While not recommended for production systems, permissive mode can be helpful for SELinux policy development.

+ 

+ Enforcing mode is the default, and recommended, mode of operation; in enforcing mode SELinux operates normally, enforcing the loaded security policy on the entire system.

+ 

+ Use the [command]`setenforce` utility to change between enforcing and permissive mode. Changes made with [command]`setenforce` do not persist across reboots. To change to enforcing mode, enter the [command]`setenforce 1` command as the Linux root user. To change to permissive mode, enter the [command]`setenforce 0` command. Use the [command]`getenforce` utility to view the current SELinux mode:

+ 

+ ----

+ ~]# getenforce

+ Enforcing

+ ----

+ 

+ ----

+ ~]# setenforce 0

+ ~]# getenforce

+ Permissive

+ ----

+ 

+ ----

+ ~]# setenforce 1

+ ~]# getenforce

+ Enforcing

+ ----

+ 

+ In Fedora, you can set individual domains to permissive mode while the system runs in enforcing mode. For example, to make the `httpd_t` domain permissive:

+ 

+ ----

+ ~]# semanage permissive -a httpd_t

+ ----

+ 

+ // See <<sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains>> for more information.

+ 

+ // [NOTE]

+ // ====

+ // Persistent states and modes changes are covered in <<sect-Security-Enhanced_Linux-Working_with_SELinux-Changing_SELinux_Modes>>.

+ // ====

@@ -0,0 +1,56 @@

+ [id='adding-shortcut-custom-app-gnome']

+ = Adding keyboard shortcuts for custom applications in GNOME

+ 

+ This section describes how to add a keyboard shortcut for starting a custom application in GNOME.

+ 

+ [discrete]

+ == Procedure

+ 

+ . Open *Settings* and choose the *Devices* entry from the list:

+ +

+ image::shortcuts-settings-devices.png[]

+ +

+ NOTE: Earlier Fedora versions might not need this step.

+ 

+ . Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts:

+ +

+ image::shortcuts-keyboard-scroll.png[]

+ 

+ . Click the *+* button at the bottom of the list.

+ +

+ A window for entering the details appears:

+ +

+ image::shortcuts-add-empty.png[]

+ 

+ . Fill in details for the application.

+ +

+ image::shortcuts-add-filled.png[]

+ +

+ Replace _My Application_ with the name of the application and _myapp --special options_ with the command to run this application, including any options.

+ 

+ . Click the *Set shortcut...* button.

+ +

+ A window for entering the keyboard shortcut appears:

+ +

+ image::shortcuts-add-enter.png[]

+ 

+ . Press the key combination that should become the shortcut for starting the application.

+ +

+ As soon as you release the key combination, the window for entering the shortcut closes. The window for application name and command now displays the entered shortctut:

+ +

+ image::shortcuts-add-shortcut.png[]

+ 

+ . Click the *Add* button.

+ +

+ Your application shortcut now appears in the list under _Custom Shortcuts_:

+ +

+ image::shortcuts-added.png[]

+ 

+ // optional - close settings?

+ 

+ ////

+ info sources:

+ 

+ http://ask.fedoraproject.org/en/question/9623/how-can-i-set-a-key-shortcut-to-launch-terminal-under-gnome/

+ https://help.gnome.org/users/gnome-help/stable/keyboard-shortcuts-set.html.en

+ ////

@@ -0,0 +1,16 @@

+ = Disabling the GNOME Automatic Screen Lock

+ 

+ In the interest of safety and privacy, the GNOME automatic screen lock is enabled by default.

+ 

+ When the screen locks after a period of inactivity, you must enter your password to unlock the screen.

+ 

+ You can disable this feature at any time.

+ 

+ To disable the GNOME automatic screen lock, complete the following steps.

+ 

+ . On the desktop, navigate to the upper-right corner of the screen and click the arrow icon to expand the desktop options. Click the *Settings* icon.

+ . From the the *Settings* menu, select *Privacy*.

+ . On the *Privacy* page, select *Screen Lock*, and toggle the switch from *On* to *Off*.

+ . Close the window and verify that in the *Privacy* page, the *Screen Lock* is *Off*.

+ 

+ To enable the automatic screen lock, repeat this process and toggle the switch from *Off* to *On*.

@@ -0,0 +1,36 @@

+ [id='disabling-shortcut-custom-app-gnome']

+ = Disabling keyboard shortcuts for custom applications in GNOME

+ 

+ This section describes how to disable a keyboard shortcut for starting a custom application in GNOME.

+ 

+ [discrete]

+ == Procedure

+ 

+ . Open *Settings* and choose the *Devices* entry from the list:

+ +

+ image::shortcuts-settings-devices.png[]

+ +

+ NOTE: Earlier Fedora versions might not need this step.

+ 

+ . Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts:

+ +

+ image::shortcuts-keyboard-scroll.png[]

+ 

+ . Scroll down in the list of shortcuts and applications until you locate the application that you want to disable:

+ +

+ image::shortcuts-added.png[]

+ 

+ . Click on the entry.

+ +

+ A window for editing the shortcut appears:

+ +

+ image::shortcuts-edit.png[]

+ 

+ . Click the small *x* button to the right of the disaplyed shortcut.

+ +

+ The keyboard shortcut is removed from this shortcut and the shortcut list now displays _Disabled_ instead of the key combination:

+ +

+ image::shortcuts-disabled.png[]

+ 

+ . Close the shortcut editing window.

+ 

@@ -0,0 +1,42 @@

+ [id='enabling-shortcut-custom-app-gnome']

+ = Enabling keyboard shortcuts for custom applications in GNOME

+ 

+ This section describes how to enable a keyboard shortcut for starting a custom application in GNOME.

+ 

+ [discrete]

+ == Procedure

+ 

+ . Open *Settings* and choose the *Devices* entry from the list:

+ +

+ image::shortcuts-settings-devices.png[]

+ +

+ NOTE: Earlier Fedora versions might not need this step.

+ 

+ . Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts:

+ +

+ image::shortcuts-keyboard-scroll.png[]

+ 

+ . Scroll down in the list of shortcuts and applications until you locate the application that you want to enable:

+ +

+ image::shortcuts-list-disabled.png[]

+ 

+ . Click on the entry.

+ +

+ A window for editing the shortcut appears:

+ +

+ image::shortcuts-disabled.png[]

+ 

+ . Click the *Set shortcut...* button.

+ +

+ A window for entering the keyboard shortcut appears:

+ +

+ image::shortcuts-enabling-entering.png[]

+ 

+ . Press the key combination that should become the shortcut for starting the application.

+ +

+ As soon as you release the key combination, the window for entering the shortcut closes. The window for application name and command now displays the entered shortctut:

+ +

+ image::shortcuts-enabling-entered.png[]

+ 

+ . Close the shortcut editing window.

+ 

@@ -0,0 +1,31 @@

+ [id='removing-shortcut-custom-app-gnome']

+ = Removing keyboard shortcuts for custom applications in GNOME

+ 

+ This section describes how to remove a keyboard shortcut for starting a custom application in GNOME.

+ 

+ [discrete]

+ == Procedure

+ 

+ . Open *Settings* and choose the *Devices* entry from the list:

+ +

+ image::shortcuts-settings-devices.png[]

+ +

+ NOTE: Earlier Fedora versions might not need this step.

+ 

+ . Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts:

+ +

+ image::shortcuts-keyboard-scroll.png[]

+ 

+ . Scroll down in the list of shortcuts and applications until you locate the application that you want to remove:

+ +

+ image::shortcuts-added.png[]

+ 

+ . Click on the entry.

+ +

+ A window for editing the shortcut appears:

+ +

+ image::shortcuts-edit.png[]

+ 

+ . Click the red *Remove* button.

+ +

+ The shortcut is removed.

file removed
-309
@@ -1,309 +0,0 @@

- = NetworkManager Command Line Interface (nmcli)

- 

- [[description]]

- == Description

- 

- `nmcli` is a tool that allows NetworkManager management from command line.

- 

- [[networkmanager-status]]

- == NetworkManager status

- 

- Display overall status of NetworkManager

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli general status

- ----

- 

- Display active connections

- 

- [source,bash]

- ----

- $ nmcli connection show --active

- ----

- 

- Display all configured connections

- 

- [source,bash]

- ----

- $ nmcli connection show configured

- ----

- 

- [[connectdisconnect-to-an-already-configured-connection]]

- == Connect/disconnect to an already configured connection

- 

- Connect to a configured connection by name

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli connection up id _connection name_

- ----

- 

- Disconnection by name

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli connection down id _connection name_

- ----

- 

- [[wifi]]

- == Wifi

- 

- Get Wifi status

- 

- [source,bash]

- ----

- $ nmcli radio wifi

- ----

- 

- Turn wifi on or off

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli radio wifi _on|off_

- ----

- 

- List available access points(AP) to connect to

- 

- [source,bash]

- ----

- $ nmcli device wifi list

- ----

- 

- Refresh previous list

- 

- [source,bash]

- ----

- $ nmcli device wifi rescan

- ----

- 

- Create a new connection to an open AP

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli device wifi connect _SSID|BSSID_

- ----

- 

- Create a new connection to a password protected AP

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli device wifi connect _SSID|BSSID_ password _password_

- ----

- 

- [[network-interfaces]]

- == Network interfaces

- 

- List available devices and their status

- 

- [source,bash]

- ----

- $ nmcli device status

- ----

- 

- Disconnect an interface

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli device disconnect iface _interface_

- ----

- 

- [[create-or-modify-a-connection]]

- == Create or modify a connection

- 

- To create a new connection using an interactive editor

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli connection edit con-name _name of new connection_

- ----

- 

- To edit an already existing connection using an interactive editor

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli connection edit _connection name_

- ----

- 

- [[exampletutorial]]

- === Example/Tutorial

- 

- Let's create a new connection

- 

- [source,bash,subs="+quotes"]

- ----

- $ nmcli connection edit con-name _name of new connection_

- ----

- 

- It will ask us to define a connection type

- 

- [source,bash]

- ----

- Valid connection types: 802-3-ethernet (ethernet), 802-11-wireless (wifi), wimax, gsm, cdma, infiniband, adsl, bluetooth, vpn, 802-11-olpc-mesh (olpc-mesh), vlan, bond, team, bridge, bond-slave, team-slave, bridge-slave

- Enter connection type: 

- ----

- 

- In this example we will use ethernet

- 

- [source,bash]

- ----

- Enter connection type: ethernet

- ----

- 

- Next this will appear, note that `nmcli>` is a prompt and that it lists the main settings available

- 

- [source,bash]

- ----

- ===| nmcli interactive connection editor |===

- 

- Adding a new '802-3-ethernet' connection

- 

- Type 'help' or '?' for available commands.

- Type 'describe [<setting>.<prop>]' for detailed property description.

- 

- You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6

- nmcli> 

- ----

- 

- We will edit the setting `ipv4`

- 

- [source,bash]

- ----

- nmcli> goto ipv4

- ----

- 

- Note that after this our promt has changed to this to indicate that we are currently editing the "ipv4" setting

- 

- [source,bash]

- ----

- nmcli ipv4>

- ----

- 

- List available properties under the setting `ipv4` and describe the property `method`

- 

- [source,bash]

- ----

- nmcli ipv4> describe

- 

- Available properties: method, dns, dns-search, addresses, routes, ignore-auto-routes, ignore-auto-dns, dhcp-client-id, dhcp-send-hostname, dhcp-hostname, never-default, may-fail

- Property name?

- 

- Property name? method

- ----

- 

- Let's set property `method` to `auto`

- 

- [source,bash]

- ----

- nmcli ipv4> set method auto

- ----

- 

- Now that we have finished editing the `ipv4` setting let's go back to the main level.

- Execute the following command until the prompt looks like this `nmcli>`

- 

- [source,bash]

- ----

- nmcli ipv4> back

- ----

- 

- If you need to list again the main settings use the `goto` command without any arguments.

- After that just press enter and ignore the error.

- 

- [source,bash]

- ----

- nmcli> goto

- 

- Available settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6

- Setting name?

- ----

- 

- It is possible to set a value for a property directly from the main level

- 

- [source,bash]

- ----

- nmcli> set __setting__.__property__ _value_

- ----

- 

- For example:

- [source,bash,subs="+quotes"]

- ----

- nmcli> set connection.autoconnect TRUE

- 

- nmcli> set connection.interface-name _interface name this connection is bound to_

- 

- nmcli> set ethernet.cloned-mac-address _Spoofed MAC address_

- ----

- 

- Finally check the connection details, save and exit

- 

- [source,bash]

- ----

- nmcli> print

- 

- nmcli> save

- 

- nmcli> quit

- ----

- 

- [[manually-editing]]

- === Manually editing

- 

- To manually edit a ifcfg connection configuration open or create with a text editor the configuration file of the connection located in `/etc/sysconfig/network-scripts/ifcfg-`

- 

- A description of most common configuration options is available at: http://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html

- 

- To modify a connection password open with a text editor and edit the file `keys-` located in `/etc/sysconfig/network-scripts/`.

- The password is stored in plain text.

- For example

- 

- [source,bash,subs="+quotes"]

- ----

- $ cat /etc/sysconfig/network-scripts/keys-__connection name__

- WPA_PSK='password'

- ----

- 

- Or if using keyfile, simply edit the connection file located inside `/etc/NetworkManager/system-connections/`

- 

- Finally save the files and to apply changes to an already active connection execute

- 

- [source,bash,subs="+quotes"]

- ----

- nmcli connection up id _connection name_

- ----

- 

- [[delete-a-connection-configuration]]

- == Delete a connection configuration

- 

- Delete the connection

- 

- [source,bash,subs="+quotes"]

- ----

- nmcli connection delete id _connection name_

- ----

- 

- Please note this also deactivates the connection.

- 

- [[documentation-for-networkmanager-command-line-interface-nmcli]]

- == Documentation for NetworkManager Command Line Interface nmcli

- 

- The primary reference for nmcli are the manual pages nmcli and nmcli-examples.

- For a quick reference, the user can type `nmcli help` to print the supported options and commands.

- The help parameter can also be used to obtain a more detailed description for the individual commands.

- For example `nmcli connection help` and `nmcli connection add help` show a description for the possible connection operations and for how to add connections, respectively.

- 

- The newest version of the manual page can be found on https://developer.gnome.org/NetworkManager/unstable/nmcli.html[nmcli] and https://developer.gnome.org/NetworkManager/unstable/nmcli-examples.html[nmcli-examples].

- 

- [[notes]]

- === Notes

- 

- nmcli maybe contain some bugs and lack some features graphical tools for NetworkManager have.

- 

- To see all available options for your version of nmcli

- 

- [source,bash]

- ----

- $ info nmcli

- ----

- 

- See a typo, something missing or out of date, or anything else which can be improved?

- Edit this document at https://pagure.io/fedora-docs/quick-docs.

Please check the proper building in asciibinder.

The intention was to sort the topics alphabetically by identified keywords (Anaconda, Apache, DNF, systemd, and so on).

1 new commit added

  • Removing executable rights for .adoc files
5 years ago

Pull-Request has been merged by pbokoc

5 years ago