Docs/quick-docs
2
0
Fork 0
Code Issues 48 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Updating the quick-docs topic map and adding new files from the Fedora Docs Day #2

Browse source
This commit is contained in:
Mirek Jahoda 2018-07-12 17:08:29 +02:00
parent 20afa68a4c
commit 74a6ec01a5
20 changed files with 520 additions and 1716 deletions
Download patch file Download diff file Expand all files Collapse all files

176
_topic_map.yml
View file

@ -2,71 +2,17 @@
Name: Fedora Quick Docs
Dir: en-US
Topics:
- Name: Quick Docs in Progress (How to Help!)
- Name: Quick Docs in progress (How to help!)
File: index
#INSERT:4:remix-docs:en-US/remix-docs
- Name: Bootloading with GRUB2
File: bootloading-with-grub2
- Name: Upgrading
File: upgrading
- Name: DNF system upgrade
File: dnf-system-upgrade
- Name: How to reset a root password
File: reset-root-password
- Name: DNF
File: dnf
- Name: Getting started with Apache HTTP Server
File: getting-started-with-apache-http-server
- Name: Installing Java
File: installing-java
- Name: Installing Chromium or Google Chrome browsers
File: installing-chromium-or-google-chrome-browsers
- Name: How to use qemu
File: qemu
- Name: Getting started with virtualization
File: getting-started-with-virtualization
- Name: Using nested virtualization in KVM
File: using-nested-virtualization-in-kvm
- Name: Fedora and Red Hat Enterprise Linux
File: fedora-and-red-hat-enterprise-linux
- Name: Performing administration tasks using sudo
File: performing-administration-tasks-using-sudo
- Name: Installing Spotify on Fedora
File: installing-spotify
- Name: Adding new fonts in Fedora
File: adding-new-fonts-fedora
- Name: Creating and using a live installation image
File: creating-and-using-a-live-installation-image
- Name: Creating Windows virtual machines using virtIO drivers
File: creating-windows-virtual-machines-using-virtio-drivers
- Name: Installing Software from Source
File: installing-software-from-source
- Name: Securing the system by keeping it up-to-date
File: securing-the-system-by-keeping-it-up-to-date
- Name: Adding or removing software repositories in Fedora
File: adding-or-removing-software-repositories-in-fedora
- Name: Using Shared System Certificates
File: using-shared-system-certificates
- Name: Switching desktop environments
File: switching-desktop-environments
- Name: Finding and installing Linux applications
File: finding-and-installing-linux-applications
- Name: Understanding and administering Systemd
File: understanding-and-administering-systemd
- Name: Creating RPM packages
File: creating-rpm-packages
- Name: Repositories
File: repositories
- Name: Configuring X Window System using the xorg.conf file
File: configuring-x-window-system-using-the-xorg-conf-file
- Name: NetworkManager Command Line Interface (nmcli)
File: networking-cli
- Name: Anaconda
- Name: Checking integrity with AIDE
File: using-aide
- Name: Anaconda installation program
Dir: anaconda
Topics:
- Name: Anaconda
File: anaconda
- Name: Anaconda based Distributions
- Name: Anaconda-based Distributions
File: anaconda_distros
- Name: Anaconda Updates
File: anaconda_updates
@ -74,14 +20,38 @@ Topics:
File: anaconda_logging
- Name: Anaconda Product Image
File: anaconda_product_image
- Name: Raspberry Pi
File: raspberry-pi
- Name: How to Create a GNU Hello World RPM Package
File: create-hello-world-rpm
- Name: Getting started with Apache HTTP Server
File: getting-started-with-apache-http-server
- Name: Finding and installing Linux applications
File: finding-and-installing-linux-applications
- Name: Installing Chromium or Google Chrome browsers
File: installing-chromium-or-google-chrome-browsers
- Name: Switching desktop environments
File: switching-desktop-environments
- Name: Difference between Fedora and Red Hat Enterprise Linux
File: fedora-and-red-hat-enterprise-linux
- Name: Using the DNF software package manager
File: dnf
- Name: Upgrading Fedora using the DNF system upgrade
File: dnf-system-upgrade
- Name: Securing the system by keeping it up-to-date
File: securing-the-system-by-keeping-it-up-to-date
- Name: Fedora Release Life Cycle
File: fedora-life-cycle
- Name: NVIDIA Optimus Bumblebee
File: bumblebee
- Name: Upgrading to a new release of Fedora
File: upgrading
- Name: Controlling network traffic with firewalld
File: firewalld
- Name: Adding new fonts in Fedora
File: adding-new-fonts-fedora
- Name: Creating GPG Keys
File: create-gpg-keys
- Name: Bootloading with GRUB2
File: bootloading-with-grub2
- Name: Creating and using a live installation image
File: creating-and-using-a-live-installation-image
- Name: Installing Java
File: installing-java
- Name: Kernel
Dir: kernel
Topics:
@ -91,30 +61,78 @@ Topics:
File: troubleshooting
- Name: Building a Custom Kernel
File: build-custom-kernel
- Name: Creating GPG Keys
File: create-gpg-keys
- Name: Wine
File: wine
- Name: Firewalld
File: firewalld
- Name: How to create a GNU Hello RPM package
- Name: Managing keyboard shortcuts for running an application in GNOME
File: managing-keyboard-shortcuts-for-running-app-in-gnome
- Name: Disabling the GNOME automatic screen locking
File: disabling-automatic-screenlock
- Name: Viewing logs in Fedora
File: viewing-logs
- Name: Installing plugins for playing movies and music
File: assembly_installing-plugins-for-playing-movies-and-music
- Name: Installing and running the VLC player
File: installing-and-running-vlc
- Name: Configuring networking with NetworkManager CLI (nmcli)
File: configuring-ip-networking-with-nmcli
- Name: NVIDIA Optimus Bumblebee
File: bumblebee
- Name: Raspberry Pi
File: raspberry-pi
- Name: Fedora Repositories
File: repositories
- Name: Adding or removing software repositories in Fedora
File: adding-or-removing-software-repositories-in-fedora
- Name: Resetting a root password
File: reset-root-password
- Name: Creating RPM packages
File: creating-rpm-packages
- Name: Creating a GNU Hello World RPM Package
File: create-hello-world-rpm
- Name: Getting started using SELinux
File: getting-started-with-selinux
- Name: Changing SELinux states and modes
File: changing-selinux-states-and-modes
- Name: Troubleshooting SELinux
File: troubleshooting_selinux
- Name: Using shared system certificates
File: using-shared-system-certificates
- Name: Installing software from source code
File: installing-software-from-source
- Name: Installing Spotify on Fedora
File: installing-spotify
- Name: Performing administration tasks using sudo
File: performing-administration-tasks-using-sudo
- Name: Understanding and administering systemd
File: understanding-and-administering-systemd
- Name: Displaying a user prompt on the GNOME login screen
File: proc_displaying_user_prompt_on_gnome_login_screen
- Name: Installing virtual operating systems with GNOME Boxes
File: installing-virtual-systems-with-gnome-boxes.adoc
- Name: Using virtualization emulation in QEMU
File: qemu
- Name: Getting started with virtualization (libvirt)
File: getting-started-with-virtualization
- Name: Using nested virtualization in KVM
File: using-nested-virtualization-in-kvm
- Name: Creating Windows virtual machines using virtIO drivers
File: creating-windows-virtual-machines-using-virtio-drivers
- Name: Running Windows applications with Wine
File: wine
- Name: Configuring X Window System using the xorg.conf file
File: configuring-x-window-system-using-the-xorg-conf-file
- Name: Configuring X.org as the default GNOME session
File: configuring-xorg-as-default-gnome-session
- Name: Identifying Wayland problems
File: debug-wayland-problems
# - Name: (CHECK) GRUB 2
# File: grub2
# - Name: (FIX ME!) AutoUpdates
# File: autoupdates
# - Name: (FIX ME!) How to debug Dracut problems
# File: debug-dracut-problems
# - Name: (FIX ME!) How to debug Systemd problems
# File: debug-systemd-problems
# - Name: (FIX ME!) How to debug Wayland problems
# File: debug-wayland-problems
# - Name: (FIX ME!) How to edit iptables rules
# File: edit-iptables-rules
# - Name: (FIX ME!) How to enable touchpad click
# File: enable-touchpad-click
# - Name: (FIX ME!) Fedora Release Life Cycle
# File: fedora-life-cycle
# - Name: (CHECK) Flash
# File: flash
# - Name: (FIX ME!) Mirroring
@ -125,8 +143,6 @@ Topics:
# File: packagekit-not-found
# - Name: (FIX ME!) PostgreSQL
# File: postgresql
# - Name: (FIX ME!) Raspberry Pi
# File: raspberry-pi
# - Name: (FIX ME!) Using UEFI with QEMU
# File: uefi-with-qemu
# - Name: (FIX ME!) Upgrading Fedora using package manager

17
en-US/configuring-xorg-as-default-gnome-session.adoc Normal file
View file

@ -0,0 +1,17 @@
:md: ./modules
[id='configuring-xorg-as-default-gnome-session']
= Configuring Xorg as the default GNOME session
:context: xorg
Wayland is the default GNOME display server. If GNOME freezes, or some applications do not function correctly in Wayland, you can choose to run GNOME in X11.
include::{md}/proc_configuring-xorg-as-default-gnome-session.adoc[leveloffset=+1]
[discrete]
== Additional Resources
https://docs.fedoraproject.org/f27/system-administrators-guide/Wayland.html[Wayland Display Server]
https://wayland.freedesktop.org/[Wayland]

81
en-US/debug-wayland-problems.adoc
View file

@ -33,7 +33,7 @@ with the following macro:
https://en.wikipedia.org/wiki/Wayland_%28display_server_protocol%29[Wayland]
is intended as a simpler replacement for
https://en.wikipedia.org/wiki/X_Window_System[X11]. It changes the
https://en.wikipedia.org/wiki/X_Window_System[X11]. Wayland changes the
design of a Linux desktop architecture considerably. Unlike X11, there
is no dedicated standalone server in Wayland. What was previously done
between the app, its toolkit, the Xserver and the window manager is now
@ -48,13 +48,11 @@ https://wiki.gnome.org/Initiatives/Wayland[Wayland initiative] wiki
page. You can read more about the current state of Wayland features on
link:Wayland_features[Wayland features] page.
[[identifying-wayland-problems]]
Identifying Wayland problems
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[id='identifying-wayland-problems']
== Identifying Wayland problems
[[are-you-running-a-wayland-session]]
Are you running a Wayland session?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[id='are-you-running-a-wayland-session']
=== Are you running a Wayland session?
In *GNOME*, there's a gear button at the login screen which can be used
to either log into a Wayland session (simply called _GNOME_, it's the
@ -77,8 +75,10 @@ session at the moment.
Other desktop environments are not currently capable of running a
Wayland session.
[[identifying-the-session-type-in-runtime]]
Identifying the session type in runtime
[id='identifying-the-session-type-in-runtime']
=== Identifying the session type in runtime
If you want to figure out which type of session you're running right
now, without logging out and in again, you can use several ways to
@ -88,7 +88,7 @@ figure it out:
session should not have it:
+
....
$ echo $WAYLAND_DISPLAY
$ echo $WAYLAND_DISPLAY
wayland-0
....
* `loginctl` can give you this information. First run `loginctl` and
@ -106,10 +106,10 @@ are not related to Wayland. It's a bug either in that particular
application, or X11 itself, see link:How_to_debug_Xorg_problems[How to
debug Xorg problems].
[[does-your-application-run-on-wayland-natively-or-uses-xwayland-x11-compatibility-layer]]
Does your application run on Wayland natively, or uses XWayland (X11
[id='does-your-application-run-on-wayland-natively-or-uses-xwayland-x11-compatibility-layer']
=== Does your application run on Wayland natively, or uses XWayland (X11
compatibility layer)?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It is important to know whether the problematic application is a native
Wayland application, or runs through XWayland, which allows legacy
@ -179,9 +179,8 @@ in an X11 session, it should still be reported against Xorg server (
package), because XWayland is included in it (as
`xorg-x11-server-Xwayland` subpackage).
[[identifying-problem-component]]
Identifying problem component
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[id='identifying-problem-component]
=== Identifying problem component
Wayland itself is a protocol and the problem is rarely in the protocol
itself. Rather, the problem is likely to be in the app or its toolkit,
@ -206,9 +205,8 @@ compositor in GNOME. If you run GNOME, it is using this compositor.
* https://community.kde.org/KWin/Wayland[Kwin] - compositor in KDE. If
you run KDE, it is using this compositor.
[[testing-under-different-compositors]]
Testing under different compositors
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[id='testing-under-different-compositors']
== Testing under different compositors
If you experience a problem with a Wayland app, it is very useful to
know whether the problem is present under just a single compositor (in
@ -256,13 +254,11 @@ compositor your environment uses (mutter, kwin, etc). If the problem
occurs only with XWayland apps but not native Wayland apps, report a bug
against Xorg server.
[[reporting-the-issue]]
[id='reporting-the-issue']
Reporting the issue
~~~~~~~~~~~~~~~~~~~
[[using-up-to-date-software]]
[id='using-up-to-date-software]
Using up-to-date software
^^^^^^^^^^^^^^^^^^^^^^^^^
Before reporting the bug, please make sure you use the latest available
software. You need to run on *Fedora 23 or later*, older Fedora versions
@ -275,9 +271,8 @@ If there are (and the available updates look plausibly related to the
components you're seeing issues with), please update the system and
verify whether the issue is still present or has been fixed.
[[looking-for-similar-reports]]
[id='looking-for-similar-reports']
Looking for similar reports
^^^^^^^^^^^^^^^^^^^^^^^^^^^
In order to avoid duplicate reports and also wasting your time debugging
something someone has maybe already debugged, please search through the
@ -302,9 +297,8 @@ Wayland in Red Hat Bugzilla]
Wayland in Freedesktop Bugzilla]
* Google search
[[filing-a-bug]]
[id='filing-a-bug']
Filing a bug
^^^^^^^^^^^^
After you've identified against which component to (most probably)
report the issue and found no existing report of it, there are several
@ -330,9 +324,8 @@ Red Hat Bugzilla]
* https://bugzilla.gnome.org/show_bug.cgi?id=757579[Wayland Tracker in
GNOME Bugzilla]
[[information-to-include-in-your-bug-report]]
[id='information-to-include-in-your-bug-report']
Information to include in your bug report
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1. System journal. Since there is no unique server like the X11 server,
most of the important information will come from the the Wayland
@ -395,9 +388,8 @@ $ rpm -qa | sort > packages.out
link:Bugs_and_feature_requests#Things_Every_Bug_Should_Have[usual
information] that every bug report should have.
[[debugging-gnome-shell]]
[id='debugging-gnome-shell']
Debugging gnome-shell
^^^^^^^^^^^^^^^^^^^^^
If gnome-shell gets stuck and unresponsive, it's very helpful to obtain
a backtrace from its process and attach it to the report. If this
@ -421,9 +413,8 @@ $ gdb -p `pgrep -U $(id -un) -x gnome-shell`
You should have the backtrace saved in `gdb.txt` file.
[[debugging-mutter]]
[id='debugging-mutter']
Debugging mutter
^^^^^^^^^^^^^^^^
You can debug mutter (used in gnome-shell) by setting its
https://developer.gnome.org/meta/stable/running-mutter.html[environment
@ -434,9 +425,8 @@ called from a desktop file in `/usr/share/wayland-sessions`.
*FIXME: Putting the wrapper script and desktop file here would be
helpful.*
[[known-issues-frequent-complaints-fundamental-changes]]
[id='known-issues-frequent-complaints-fundamental-changes']
Known issues, frequent complaints, fundamental changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here we will list high-profile issues which are known to be broken, not
yet implemented, or intentionally behaving differently from regular X11
@ -446,9 +436,8 @@ lists all current missing or in-progress features and their details.
To see all known issues, look at Bugzilla reports as mentioned in
link:#Looking_for_similar_reports[Looking for similar reports].
[[graphical-applications-cant-be-run-as-root-from-terminal]]
[id='graphical-applications-cant-be-run-as-root-from-terminal']
Graphical applications can't be run as root from terminal
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It is not possible to start graphical apps under the root account from
terminal when using `su` or `sudo`. Apps which use polkit to request
@ -459,9 +448,8 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1274451[bug 1274451] and
https://lists.fedoraproject.org/archives/list/devel%40lists.fedoraproject.org/thread/A6VXI4WAGSIIWGOTAVNDBVS4VFYXITHA/#2YU2RBYCXQSCGHGP772W5LRXUMTSINHA["On
running gui applications as root" thread in fedora-devel mailing list].
[[many-well-known-x11-utilities-dont-work]]
[id='many-well-known-x11-utilities-dont-work']
Many well-known X11 utilities don't work
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Power users are familiar with a large range of X11-related utilities,
like `xkill`, `xrandr`, `xdotool`, `xsel`. These tools won't work under
@ -471,9 +459,8 @@ to perform similar tasks.
*FIXME: add some Wayland-ready replacements for popular X11 tools*
[[games-and-other-apps-cant-change-monitor-resolution]]
[id='games-and-other-apps-cant-change-monitor-resolution']
Games and other apps can't change monitor resolution
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It is no longer possible for an app to change monitor resolution.
Usually this was done by games to increase performance. Wayland-based
@ -489,9 +476,8 @@ For some games, a possible workaround is to manually set custom monitor
resolution before running the game, if you really need it. It will not
help always, though.
[[screen-capture-is-not-available-with-usual-apps]]
[id='screen-capture-is-not-available-with-usual-apps']
Screen capture is not available with usual apps
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
One of the features of Wayland is its security design, which helps to
guard the user against malicious apps. Apps can no longer see everything
@ -512,9 +498,8 @@ screencast, you can also use
https://extensions.gnome.org/extension/690/easyscreencast/[EasyScreenCast]
gnome-shell extension.
[[mouse-pointer-is-laggingstuttering-under-load]]
[id='mouse-pointer-is-laggingstuttering-under-load']
Mouse pointer is lagging/stuttering under load
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If your computer is under load, your mouse pointer movement might stop
being fluent, but start lagging (get stuck in a place for a short time,
@ -522,18 +507,16 @@ then jump to a different place instantly). This is probably more
noticeable on slow systems/systems with fewer CPU cores. See
https://bugzilla.gnome.org/show_bug.cgi?id=745032[bug 745032].
[[keyboard-events-are-sometimes-quickly-repeated]]
[id='keyboard-events-are-sometimes-quickly-repeated']
Keyboard events are sometimes quickly repeated
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
There is a rare issue when you press a key to type a letter and you'll
see multiple copies of the letter typed in. See
https://bugzilla.gnome.org/show_bug.cgi?id=757942[bug 757942] and
https://bugzilla.gnome.org/show_bug.cgi?id=777693[bug 777693].
[[not-all-keys-can-be-sent-to-a-remote-desktop-or-a-virtual-machine]]
[id='not-all-keys-can-be-sent-to-a-remote-desktop-or-a-virtual-machine']
Not all keys can be sent to a remote desktop or a virtual machine
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Some applications forward all input, including system-specific
keys/shortcuts like or , to a remote system. This is mostly remote

3
en-US/disabling-automatic-screenlock.adoc Normal file
View file

@ -0,0 +1,3 @@
include::modules/proc_disabling-gnome-screenlock.adoc[leveloffset=+1]

18
en-US/getting-started-with-selinux.adoc Normal file
View file

@ -0,0 +1,18 @@
:parent-context: {context}
[id='getting-started-with-selinux-{context}']
= Getting started with SELinux
:context: getting-started-with-selinux
:md: ./modules
:imagesdir: ./images
:leveloffset: +1
include::{md}/con_introduction-to-selinux.adoc[]
include::{md}/con_benefits-of-selinux.adoc[]
include::{md}/con_selinux-examples.adoc[]
include::{md}/con_selinux-architecture.adoc[]
include::{md}/con_selinux-states-and-modes.adoc[]
:leveloffset: -1
:context: {parent-context}

560
en-US/grub2.adoc
View file

@ -1,560 +0,0 @@
= The GRUB2 Bootloader
[[introduction]]
== Introduction
*GRUB2* is the latest version of *GNU GRUB*, the _GRand Unified Bootloader_.
A bootloader is the first software program that runs when a computer
starts. It is responsible for loading and transferring control to the
operating system kernel. In Fedora, the kernel is Linux. The kernel then initializes
the rest of the operating system.
*GRUB2* is the follower of the previous version *GRUB* (version 0.9x). The original version is available under the name *GRUB Legacy*.
Since Fedora 16, *GRUB2* has been the default bootloader on x86 BIOS
systems. For upgrades of BIOS systems, the default is also to install
*GRUB2*, but you can opt to skip bootloader configuration entirely.
[[installing-grub-2-on-a-bios-system]]
== Installing GRUB2 on a BIOS system
Usually, *GRUB2* will be installed by the installer, *Anaconda*, during the installation process. You will probably never have to deal with manual installation of *GRUB2*. However, in certain situations , you will want to install *GRUB2* manually, if you want to update from an older or different bootloader, for instance. To install *GRUB2*:
. Install *GRUB2* software using the *dnf* package manager
+
----
$ sudo dnf install grub2
----
[[Installing-grub-2-on-the-hard-disk-bios]]
== Installing GRUB2 on the hard disk on BIOS systems
Installing the *GRUB2* software on your system does not change your bootloader configuration. In order to use *GRUB2* for loading the operating system, you have to install it on the hard disk. There are two possible options to install it:
. in the master boot record (MBR) of the hard disk
. on an extra partition on the hard disk
*GRUB2* is able to load many operating systems, including Windows, so it is recommended to install it as the default bootloader in the MBR of the primary hard disk, usually the `sda` device.
.Before you start
* Make sure you have installed the *GRUB2* software onto your system. See xref:installing-grub-2-on-a-system[Installing GRUB2 on your system] for more information.
* To automatically collect information about your disks and operating systems installed on them, the `os-prober` package needs to be installed on your system.
.Procedure
. List devices available on the system.
+
----
$ lsblk
----
. Identify the primary hard disk. Usually, it is the `sda` device.
. Install *GRUB2* in the MBR of the primary hard disk.
+
----
$ sudo grub2-install /dev/sda
----
. Create a configuration file for *GRUB2*.
+
----
$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
----
.More information
* The `grub2-mkconfig` command will create a new configuration based on the currently
running system. It collects information from the `/boot` partition (or directory), from the `/etc/default/grub` file, and the customizable scripts in `/etc/grub.d/`.
* The configuration format has evolved over time, and a new configuration
file might be slightly incompatible with the old bootloader. It is
therefore a good idea to first run `grub2-install` whenever you would need
to run `grub2-mkconfig`.
* It is generally safe to directly edit `/boot/grub2/grub.cfg` in Fedora.
*Grubby* in Fedora patches the configuration when a kernel update is
performed and will try to not make any other changes than what is
necessary. Manual changes might however be
overwritten with `grub2-mkconfig` next time the system is upgraded with
*Anaconda*. Customizations can be placed in `/etc/grub.d/40_custom` or
`/boot/grub2/custom.cfg` files and will survive running the `grub2-mkconfig` command.
[[installing-grub-2-configuration-on-uefi-system]]
== Installing GRUB2 on a UEFI system
To install or fix *GRUB2* on a UEFI system on Fedora 18 or newer, you
need to do three things:
* create an EFI System Partition (ESP)
* install the bootloader files
* configure the *GRUB2* configuration
[[create-an-esp]]
=== Create an ESP
UEFI firmware, in general, likes to boot from an _EFI System Partition_ on
a disk with a GPT label.
.Before you start
. Learn how to create partitions using `gdisk`.
.Procedure
. List available block devices to find a place to create your ESP.
+
----
$ lsblk
----
. Create at least a 128 MiB disk partition using a GPT label on the primary hard disk.
+
----
$ sudo gdisk /dev/sda
----
. Format the partition with the _FAT32_ file system.
+
----
$ sudo mkfs.vfat /dev/sda1
----
. Mount the partition to `/boot/efi` mount point.
+
----
$ sudo mount /dev/sda1 /boot/efi
----
[[install-the-bootloader-files]]
=== Install the bootloader files
In order to use *GRUB2* with on the UEFI systems, you need to install appropriate packages:
.Before you start
. Mount the `/boot/efi` mount point. See xref:create-an-esp[Create an ESP] to create it.
.Procedure
. Install the necessary packages.
+
----
dnf install grub2-efi grub2-efi-modules shim
----
. If they are already installed, reinstall them.
+
----
dnf reinstall grub2-efi grub2-efi-modules shim
----
.More information
* This installs the signed shim and the *GRUB2* binary.
[[create-a-grub-2-configuration]]
=== Create a GRUB2 configuration
Under EFI, *GRUB2* looks for its configuration in
`/boot/efi/EFI/fedora/grub.cfg`. For newly installed kernels to work,
`grubby` expects `/etc/grub2-efi.cfg` to be a symlink to the real
grub.cfg (for example `/boot/efi/EFI/fedora/grub.cfg`).
If you already have a *GRUB2* EFI config file, you do not need to do anything else. Otherwise, you can try to create the configuration file using the `grub2-mkconfig` command.
----
$ sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
----
[[solve-problems-with-uefi-bootloader]]
=== Solve problems with UEFI bootloader.
[[adding-the-boot-menu-entries]]
==== Adding the boot menu entries
When you power on your system, your firmware will look for EFI variables
that tell it how to boot. If you are already booted in EFI mode and EFI
runtime services are working correctly, you can configure your boot menu
with `efibootmgr`. If not, you will have to bootstrap the process.
Fortunately, `shim` can help you bootstrap. The EFI program
`/boot/efi/EFI/BOOT/fallback.efi` will look for files called `BOOT.CSV`
in your ESP and will add boot entries corresponding to them. The `shim` command
provides a `BOOT.CSV` file that will add an entry for `grub2-efi` for you.
Using the *EFI Shell* to invoke `fallback.efi` should work for you. You can do this
with commands like:
----
> fs0:
> cd EFI\BOOT
> fallback.efi
----
If you have no boot entries at all, then just booting off your disk in
UEFI mode should automatically invoke `/boot/efi/EFI/BOOT/BOOTX64.EFI`,
which will, in turn, invoke `fallback.efi`.
If you already have incorrect boot entries, you'll either need to delete
them or to modify `BOOT.CSV` to create new entries with different names.
[[adding-other-operating-systems-to-the-grub-2-menu]]
==== Adding Other operating systems to the *GRUB2* menu
The `grub2-mkconfig` command will add entries for all operating systems it can find.
For the command to work, you have to have installed the *os-prober* tool that is provided by the `os-prober` package.
Unfortunately, problem sometimes can appear. See the link:http://www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config[GRUB manual] to solve issues with booting secondary operating systems.
[[setting-default-entry]]
==== Setting default entry
Due to `grub2-mkconfig` (and *os-prober*) we cannot predict the order of
the entries in `/boot/grub2/grub.cfg`, so we set the default by
name/title instead.
.Before you start
. Open `/etc/default/grub` and make sure these lines exist in the file.
+
----
GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=false
----
. Apply the changes to `grub.cfg` by running.
+
----
$sudo grub2-mkconfig -o /boot/grub2/grub.cfg
----
.Procedure
. List all possible menu entries.
+
----
$sudo grep -P "submenu|^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2
----
. Set the desired default menu entry
+
----
$sudo grub2-set-default "<submenu title><menu entry title>"
----
. Verify the default menu entry
+
----
$sudo grub2-editenv list
----
.More information
If you understand the risks involved, you can manually modify the
`/boot/grub2/grub.cfg` file. In that case, set the number of the default operating system using the `set default` variable.
For example:
----
set default="5"
----
[[additional-scenario]]
== Additional Scenarios
[[restoring-bootloader-using-live-disk]]
=== Restoring the bootloader using the Live disk.
Sometimes, especially after a secondary operating systems has been installed, the master boot record gets damaged which then prevents the original Linux system from booting.
If this happens, it is necessary to reinstall *GRUB2* to recreate the original settings. The process not only discovers all installed operating systems, but usually adds them to the *GRUB2* configuration files, so they will all become bootable by *GRUB2*.
.Before you start
. Get the Fedora Live ISO from link:https://download.fedoraproject.org/pub/fedora/linux/releases/27/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-27-1.6.iso[getfedora.org].
. Prepare a bootable device using the downloaded ISO, either a CD or a USB.
.Procedure
. Boot the Fedora live system from the bootable device you have created.
. Open the terminal.
. Examine the partition layout and identify the `boot` and the `root` partition.
+
----
$ sudo fdisk -l
----
+
If you are using the default Fedora layout, there will be one `/dev/sda1` partition that holds the `/boot` directory and one `/dev/mapper/fedora-root` that holds the root file system.
. Create the mount point for the root partition.
+
----
$ sudo mkdir -p /mnt/root
----
. Mount the root partition on the mount point.
+
----
$ sudo mount /dev/mapper/fedora-root /mnt/root
----
. Mount the boot partition in the `boot` directory of the filesystem that you have mounted in the previous step.
+
----
$ sudo mount /dev/sda1 /mnt/root/boot/
----
. Mount system processes and devices into the root filesystem in `/mnt/root`.
+
----
$ sudo mount -o bind /dev /mnt/root/dev
$ sudo mount -o bind /proc /mnt/root/proc
$ sudo mount -o bind /sys /mnt/root/sys
$ sudo mount -o bind /run /mnt/root/run
----
. Change your filesystem into the one mounted under `/mnt/root`.
+
----
$ sudo chroot /mnt/root
----
. Reinstall *GRUB2* into the MBR of the primary hard disk.
+
----
$ sudo grub2-install --no-floppy --recheck /dev/sda
----
. Recreate the *GRUB2* configuration files.
+
----
$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
----
. Exit this temporary root filesystem.
+
----
$ exit
----
. Your bootloader should be now restored. Reboot your computer to boot into your normal system.
+
----
$ sudo systemctl reboot
----
[[using-the-grub-2-boot-prompt]]
==== Using the GRUB2 boot prompt
If improperly configured, *GRUB2* may fail to load and subsequently drop
to a boot prompt. To address this issue, proceed as follows:
. Load the XFS and LVM modules
+
----
insmod xfs
insmod lvm
----
. List the drives which *GRUB2* sees:
+
----
grub2> ls
----
. Study the output for the partition table of the `/dev/sda` device. It may look similar to the following example on a dos partition table with three partitons.
will look something like this:
+
----
(hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1)
----
+
or similar to this output on a gpt partition table of the `/dev/sda` device with four
partitions.
+
----
(hd0) (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1)
----
. Probe each partition of the drive and locate your `vmlinuz` and `initramfs` files.
+
----
ls (hd0,1)/
----
+
The outcome of the previous command will list the files on `/dev/sda1`. If this partition contains the `/boot` directory, it will show the full name of `vmlinuz` and `initramfs`.
. Set the root partition.
+
----
grub> set root=(hd0,3)
----
. Set the desired kernel.
+
----
grub> linux (hd0,1)/vmlinuz-3.0.0-1.fc16.i686 root=/dev/sda3 rhgb quiet selinux=0
# NOTE : add other kernel args if you have need of them
# NOTE : change the numbers to match your system
----
. Set the desired `initrd`.
+
----
grub> initrd (hd0,1)/initramfs-3.0.0-1.fc16.i686.img
# NOTE : change the numbers to match your system
----
. Boot with the selected settings.
+
----
grub> boot
----
. When the system starts, open a terminal.
. Enter the `grub2-mkconfig` command to re-create the `grub.cfg` file to enable *GRUB2* to boot your system.
+
----
grub2-mkconfig -o /boot/grub2/grub.cfg
----
. Enter the `grub2-install` command to install *GRUB2* to your hard disk to use of your config file.
+
----
grub2-install --boot-directory=/boot /dev/sda
# Note: your drive may have another device name. Check for it with mount command output.
----
[[booting-with-configfile-on-different-partition]]
=== Booting the system using a configuration file on a different partition.
It's also possible to boot into a _configfile_ that's located on another
partition. If the user is faced with such a scenario, as is often the
case with multi-boot systems containing Ubuntu and Fedora, the following
steps in the *GRUB2* rescue shell might become useful to know:
.Procedure
. Load necessary modules to read the partitions.
+
----
insmod part_msdos
insmod xfs
insmod lvm
----
. Set the root partition.
+
----
set root='hd0,msdos1'
----
. Set the path to the configuration file.
+
----
configfile /grub2/grub.cfg
----
.More information
The *hd0,msdos1* line shows the pertinent _boot_ partition, which holds the
`grub.cfg` file.
[[absent-floppy-disk]]
=== Dealing with the "Absent Floppy Disk" Error
It has been reported by some users that *GRUB2* may fail to install on a partition's boot sector if the computer's floppy controller is activated in BIOS without an actual floppy disk
drive being present. Such situations resulted in an _Absent Floppy Disk_ error.
To workaround this issue, go into the rescue mode and install *GRUB2* with the `--no-floppy` option:
----
grub2-install <target device> --no-floppy
----
[[setting-a-password-for-interactive-edit-mode]]
=== Setting a password for interactive edit mode
If you wish to password-protect the *GRUB2* interactive edit mode
without forcing users to enter a password to boot the computer, use this procedure.
.Procedure
. Create the `/etc/grub.d/01_users` file.
+
----
cat << EOF
set superusers="root"
export superusers
password root secret
EOF
----
. Apply your changes.
+
----
grub2-mkconfig -o /boot/grub2/grub.cfg
----
.More information
You can encrypt the password by using *pbkdf2*. Use `grub2-mkpasswd-pbkdf2`
to encrypt the password, then replace the password line with:
----
password_pbkdf2 root grub.pbkdf2.sha512.10000.1B4BD9B60DE889A4C50AA9458C4044CBE129C9607B6231783F7E4E7191D8254C0732F4255178E2677BBE27D03186E44815EEFBAD82737D81C87F5D24313DDDE7.E9AEB53A46A16F30735E2558100D8340049A719474AEEE7E3F44C9C5201E2CA82221DCF2A12C39112A701292BF4AA071EB13E5EC8C8C84CC4B1A83304EA10F74
----
More details can be found at
https://help.ubuntu.com/community/Grub2/Passwords[Ubuntu Help: GRUB2
Passwords].
[NOTE]
====
Starting from Fedora 21, the `--md5pass` kickstart option must
be set using output from the `grub2-mkpasswd-pbkdf2` command.
====
[[using-old-graphics-modes-in-bootloader]]
=== Using old graphics modes in bootloader
Terminal device is chosen with GRUB_TERMINAL; additional quote from
http://www.gnu.org/software/grub/manual/grub.html#Simple-configuration
Valid terminal output names depend on the platform, but may include
`console` (PC BIOS and EFI consoles), `serial` (serial terminal),
`gfxterm` (graphics-mode output), `ofconsole` (Open Firmware console),
or `vga_text` (VGA text output, mainly useful with Coreboot).
The default is to use the platform's native terminal output.
The default in Fedora is `gfxterm` and to get the legacy graphics modes
you need to set GRUB_TERMINAL to the right variable from the description
above in `/etc/default/grub`.
[[enabling-serial-console-in-grub]]
=== Enabling Serial Console in GRUB2
To enable Serial console in grub:
. Add the following entry to `/etc/default/grub`. Adjust `baudrate`, `parity`, `bits`, and `flow` controls to fit your environment and cables.
+
----
GRUB_CMDLINE_LINUX='console=tty0 console=ttyS0,115200n8'
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
----
. Re-generate the GRUB2 config file.
+
`grub2-mkconfig -o /boot/grub2/grub.cfg`
[[further-reading]]
== Further Reading
* http://www.gnu.org/software/grub/manual/grub.html
* Features/Grub2
* Anaconda/Features/Grub2Migration
'''
See a typo, something missing or out of date, or anything else which can be
improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.

561
en-US/live-usb.adoc
View file

@ -1,561 +0,0 @@
= How to create and use Live USB
'''
[IMPORTANT]
======
This page was automatically converted from https://fedoraproject.org/wiki/How_to_create_and_use_Live_USB
It is probably
* Badly formatted
* Missing graphics and tables that do not convert well from mediawiki
* Out-of-date
* In need of other love
Pull requests accepted at https://pagure.io/fedora-docs/quick-docs
Once you've fixed this page, remove this notice, and update
`_topic_map.yml`.
Once the document is live, go to the original wiki page and replace its text
with the following macro:
....
{{#fedoradocs: https://docs.fedoraproject.org/whatever-the-of-this-new-page}}
....
======
'''
image:mediawriter-icon.png[mediawriter-icon.png,title="mediawriter-icon.png"]
This page explains *how to create and use Fedora USB media*. You can
write all https://getfedora.org/[Fedora ISO images] to a USB stick,
making this a convenient way on any USB-bootable computer to either
install Fedora or try a 'live' Fedora environment without writing to the
computer's hard disk. You will need a USB stick at least as large as the
image you wish to write.
[[quickstart-using-fedora-media-writer]]
Quickstart: Using Fedora Media Writer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
image:Fedora_Live_USB_creator.png[Fedora Media Writer
screenshot,title="Fedora Media Writer screenshot"]
For most cases, the best tool to create a Fedora USB stick is the
https://github.com/MartinBriza/MediaWriter[Fedora Media Writer] utility,
which was formerly known as LiveUSB Creator. It is available on Fedora,
other Linux distributions using http://flatpak.org/[Flatpak], Windows
and macOS.
Fedora Media Writer is graphical and easy to use. It can download recent
Fedora images for you as well as writing them to the USB stick.
On Fedora, you can use a Fedora graphical software installation tool to
install the package, or use the command line:
On Windows and macOS, you can download the installer from
https://github.com/MartinBriza/MediaWriter/releases[the releases page].
On other Linux distributions, if they support the
http://flatpak.org/[Flatpak] application distribution system, you can
download a flatpak from
https://github.com/MartinBriza/MediaWriter/releases[the releases page].
To run the tool, look for *Fedora Media Writer* in the system menus.
When you start Fedora Media Writer, the three dots in the bottom will be
flashing while the tool checks for a new Fedora release.
To write the stick:
1. Choose which Fedora flavor you want to install or try.
+
::
On the title screen, you can choose Workstation, Server or your own
.iso file. Other choices (including KDE, Cinnamon, Xfce and so on) are
under the "..." button at the bottom of the list.
2. Ensure your USB stick is plugged into the system.
3. Click _Create Live USB_.
4. Ensure the right stick is selected.
5. Click _Write to disk_ and wait for the write to complete.
6. Once the stick has been written, shut the system down and boot it
from the USB stick (see link:#booting[the Booting section]).
After writing, your USB stick will have a changed partition layout and
some systems may report it to be about 10MB large. To return your USB
stick to its factory configuration, insert the drive again while Fedora
Media Writer is running. The app provides you with an option to restore
to the factory layout. This layout includes a single VFAT partition.
__TOC__
[[booting-from-usb-sticks]]
Booting from USB sticks
~~~~~~~~~~~~~~~~~~~~~~~
image:Bios_USB_boot.jpg[Set USB as first boot device. Your BIOS may be
different.,title="Set USB as first boot device. Your BIOS may be different."]
Almost all modern PCs can boot from USB sticks (some very old ones may
not be able to). However, precisely how you tell the system to boot from
a USB stick varies substantially from system to system. First, just try
this:
1. Power off the computer.
2. Plug the USB drive into a USB port.
3. Remove all other portable media, such as CDs, DVDs, floppy disks or
other USB sticks.
4. Power on the computer.
5. If the computer is configured to automatically boot from the USB
drive, you will see a screen that says "Automatic boot in 10 seconds..."
with a countdown (unless you do a native UEFI boot, where you will see a
rather more minimal boot menu).
If the computer starts to boot off the hard drive as normal, you'll need
to manually configure it to boot off the USB drive. Usually, that should
work something like this:
1. Wait for a safe point to reboot.
2. As the machine starts to reboot, watch carefully for instructions on
which key to press (usually a function key, Escape, Tab or Delete) to
enter the boot device selection menu, "BIOS setup", "firmware", or
"UEFI". Press and hold that key. If you miss the window of opportunity
(often only a few seconds) then reboot and try again.
3. Use the firmware ("BIOS") interface or the boot device menu to put
your USB drive first in the boot sequence. It might be listed as a hard
drive rather than a removable drive. Each hardware manufacturer has a
slightly different method for doing so.
+
::
*Be careful!* Your computer could become unbootable or lose
functionality if you change any other settings. Though these settings
can be reverted, you'll need to remember what you changed in order to
do so.
4. Save the changes, exit, and the computer should boot from the USB
drive.
If your system has a link:Unified_Extensible_Firmware_Interface[UEFI]
firmware, it will usually allow you to boot the stick in UEFI native
mode or BIOS compatibility mode. If you boot in UEFI native mode and
perform a Fedora installation, you will get a UEFI native Fedora
installation. If you boot in BIOS compatibility mode and perform a
Fedora installation, you will get a BIOS compatibility mode Fedora
installation. For more information on all this, see the
link:Unified_Extensible_Firmware_Interface[UEFI page]. USB sticks
written from x86_64 images with link:#fmw[Fedora Media Writer],
link:#gnome[GNOME Disk Utility], link:#dd[dd], other dd-style utilities,
and link:#litd[livecd-iso-to-disk] with should be UEFI native bootable.
Sticks written with other utilities may not be UEFI native bootable, and
sticks written from i686 images will never be UEFI bootable.
[[checking-usb-disk-size-free-space]]
Checking USB disk size / free space
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As noted before, the disk must have a certain amount of storage space
depending on the image you select. If you use a destructive method, the
stick must be at least the size of the image; if you use a
non-destructive method, it must have at least that much free space.
Whichever operating system you are using, you can usually check this
with a file manager, usually by right clicking and selecting
_Properties_. Here is a screenshot of how this looks on GNOME:
image:Properties_USB_size.png[thumb|350px|none]
[[identifying-a-stick-by-name-on-linux]]
Identifying a stick by name on Linux
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Most of the link:#writing[alternative writing methods] will require you
to know the name for your USB stick - e.g. - when using them on Linux.
You do not need to know this in order to use link:#fmw[Fedora Media
Writer]. To find this out:
1. Insert the USB stick into a USB port.
2. Open a terminal and run .
3. Near the end of the output, you will see something like:
....
[32656.573467] sd 8:0:0:0: [sdX] Attached SCSI removable disk
....
where sdX will be sdb, sdc, sdd, etc. *Take note of this label* as it is
the name of the disk you will use. We'll call it _sdX_ from now on. If
you have connected more than one USB stick to the system, be careful
that you identify the correct one - often you will see a manufacturer
name or capacity in the output which you can use to make sure you
identified the correct stick.
[[alternative-usb-stick-writing-methods]]
Alternative USB stick writing methods
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As explained above, the recommended method for writing the stick in most
cases is link:#fmw[Fedora Media Writer]. In this section, other tools
which may be useful in specific circumstances are documented.
[[using-gnome-disk-utility-linux-graphical-destructive]]
Using GNOME Disk Utility (Linux, graphical, destructive)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This method is for people running Linux (or another *nix) with GNOME,
Nautilus and the GNOME Disk Utility installed. Particularly, if you are
using a distribution other than Fedora which does not support Flatpak,
this may be the easiest available method. A standard installation of
Fedora, or a standard GNOME installation of many other distributions,
should be able to use this method. On Fedora, ensure the packages and
are installed. Similar graphical direct-write tools may be available for
other desktops, or you may use the link:#dd[command line "direct write"
method].
1. Download a Fedora image, choose a USB stick that does not contain
any data you need, and connect it
2. Run Nautilus (Files) - for instance, open the Overview by pressing
the Start/Super key, and type _Files_, then hit enter
3. Find the downloaded image, right-click on it, go to *Open With*, and
click *Disk Image Writer*
4. Double-check you're really, really sure you don't need any of the
data on the USB stick!
5. Select your USB stick as the *Destination*, and click *Start
Restoring...*
[[command-line-method-using-the-livecd-iso-to-disk-tool-fedora-only-non-graphical-both-non-destructive-and-destructive-methods-available]]
Command line method: Using the _livecd-iso-to-disk_ tool (Fedora only,
non-graphical, both non-destructive and destructive methods available)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The method is slightly less reliable than Fedora Media Writer and can be
used reliably only from within Fedora: it does not work in Windows or OS
X, and is not supported (and will usually fail) in non-Fedora
distributions. However, it supports three advanced features which FMW
does not include:
1. You may use a _non-destructive_ method to create the stick, meaning
existing files on the stick will not be destroyed. This is less reliable
than the _destructive_ write methods, and should be used only if you
have no stick you can afford to wipe.
2. On live images, you can include a feature called a _persistent
overlay_, which allows changes made to persist across reboots. You can
perform updates just like a regular installation to your hard disk,
except that kernel updates require link:#Kernel_updates[manual
intervention] and link:#limited_overlay[overlay space may be
insufficient]. Without a _persistent overlay_, the stick will return to
a fresh state each time it is booted.
3. On live images, you can also have a separate area to store user
account information and data such as documents and downloaded files,
with optional encryption for security and peace of mind.
By combining these features, you can carry your computer with you in
your pocket, booting it on nearly any system you find yourself using.
It is not a good idea to try and write a new Fedora release using the
version of in a much older Fedora release: it is best to only use a
release a maximum of two versions older than the release you are trying
to write.
Ensure the package is installed:
Basic examples follow. Remember to link:#device[identify your USB
stick's device name] first. In all cases, you can add the parameter to
(try to) render the stick bootable in native UEFI mode. Detailed usage
information is available by running: or .
To make an existing USB stick bootable as a Fedora image - without
deleting any of the data on it - make sure that the USB drive is not
mounted before executing the following, and give the root password when
prompted:
::
In case it is not possible to boot from a disk created with the method
shown above, before re-partitioning and re-formatting, often resetting
the master boot record will enable booting:
::
If necessary, you can have _livecd-iso-to-disk_ re-partition and
re-format the target stick:
::
To include a persistent filesystem for , use the parameter. For example:
::
This will create a 2 GiB filesystem that will be mounted as each time
the stick is booted, allowing you to preserve data in across boots.
To enable 'data persistence' support - so changes you make to the entire
live environment will persist across boots - add the parameter to add a
persistent data storage area to the target stick. For example:
::
where 2048 is the desired size (in megabytes) of the overlay. The
_livecd-iso-to-disk_ tool will not accept an overlay size value greater
than 4095 for VFAT, but for ext[234] filesystems it is only limited by
the available space.
You can combine and , in which case data written to will not exhaust the
persistent overlay.
[[command-line-direct-write-method-most-operating-systems-non-graphical-destructive]]
Command line "direct write" method (most operating systems,
non-graphical, destructive)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This method direct writes the image to the USB stick much like
link:#fmw[Fedora Media Writer] or link:#gnome[GNOME Disk Utility], but
uses a command line utility named . Like the other "direct write"
methods, it will destroy all data on the stick and does not support any
of the advanced features like data persistence, but it is a very
reliable method. The tool is available on most Unix-like operating
systems, including Linux distributions and OS X, and
http://www.chrysocome.net/dd[a Windows port is available]. This may be
your best method if you cannot use Fedora Media Writer or GNOME Disk
Utility, or just if you prefer command line utilities and want a simple,
quick way to write a stick.
1. link:#device[Identify the name of the USB drive partition]. If using
this method on Windows, with the port linked above, the command should
provide you with the correct name.
2. *Unmount all mounted partition from that device.* This is very
important, otherwise the written image might get corrupted. You can
umount all mounted partitions from the device with , where X is the
appropriate letter, e.g.
3. Write the ISO file to the device:
+
::
4. Wait until the command completes.
+
::
If you see , your dd version doesn't support the option and you'll
need to remove it (and you won't see writing progress).
[[using-unetbootin-windows-os-x-and-linux-graphical-non-destructive]]
Using http://unetbootin.sourceforge.net/[UNetbootin] (Windows, OS X and
Linux, graphical, non-destructive)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
image:Unetbootin_gtk3.png[Unetbootin
screenshot,title="Unetbootin screenshot"]
While your results may vary, it is usually the case that the
link:#fmw[Fedora Media Writer], link:#litd[livecd-iso-to-disk],
link:#gnome[GNOME] and link:#dd[dd] methods give better results than
UNetbootin. If you encounter problems with UNetbootin, please contact
the UNetbootin developers, not the Fedora developers.
UNetbootin is a graphical, bootable USB image creator. Using it will
allow you to preserve any data you have in the USB drive. If you have
trouble booting, however, you may wish to try with a blank, cleanly
FAT32-formatted drive.
If you are running a 64-bit Linux distribution, UNetbootin may fail to
run until you install the 32-bit versions of quite a lot of system
libraries. Fedora cannot help you with this: please direct feedback on
this issue to the UNetbootin developers.
1. Download the latest UNetbootin version from
http://unetbootin.sourceforge.net/[the official site] and install it. On
Linux, the download is an executable file: save it somewhere, change it
to be executable (using or a file manager), and then run it.
2. Launch UNetbootin. On Linux, you might have to type the root
password.
3. Click on *Diskimage* and search for the ISO file you downloaded.
4. Select Type: USB drive and link:#device[choose the correct device
for your stick]
5. Click OK
[[creating-a-usb-stick-from-a-running-live-environment]]
Creating a USB stick from a running live environment
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you are already running a live CD, DVD, or USB and want to convert
that into a bootable USB stick, run the following command:
::
See link:#Mounting_a_Live_USB_filesystem[this section] for mounting the
root filesystem outside of a boot.
[[troubleshooting]]
Troubleshooting
~~~~~~~~~~~~~~~
[[fedora-media-writer-problems]]
Fedora Media Writer problems
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Bugs can be reported to
https://github.com/MartinBriza/MediaWriter/issues[GitHub] or
https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=mediawriter[Bugzilla].
You can http://bugz.fedoraproject.org/mediawriter[browse existing
Bugzilla reports]. Please report any problems you encounter that have
not already been reported.
[[livecd-iso-to-disk-problems]]
livecd-iso-to-disk problems
^^^^^^^^^^^^^^^^^^^^^^^^^^^
[[partition-isnt-marked-bootable]]
Partition isn't marked bootable!
++++++++++++++++++++++++++++++++
If you get the message , you need to mark the partition bootable. To do
this, run , and use the command, where X is the appropriate letter and N
is the partition number. For example:
....
$ parted /dev/sdb
GNU Parted 1.8.6
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: Imation Flash Drive (scsi)
Disk /dev/sdX: 1062MB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 32.3kB 1062MB 1062MB primary fat16
(parted) toggle 1 boot
(parted) print
Model: Imation Flash Drive (scsi)
Disk /dev/sdX: 1062MB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 32.3kB 1062MB 1062MB primary fat16 boot
(parted) quit
Information: Don't forget to update /etc/fstab, if necessary.
....
[[partitions-need-a-filesystem-label]]
Partitions need a filesystem label!
+++++++++++++++++++++++++++++++++++
If you get the message , you need to label the partition:
[[partition-has-different-physicallogical-endings]]
Partition has different physical/logical endings!
+++++++++++++++++++++++++++++++++++++++++++++++++
If you get this message from fdisk, you may need to reformat the flash
drive when writing the image, by passing when writing the stick.
[[mbr-appears-to-be-blank]]
MBR appears to be blank!
++++++++++++++++++++++++
If your test boot reports a corrupted boot sector, or you get the
message , you need to install or reset the master boot record (MBR), by
passing when writing the stick.
[[livecd-iso-to-disk-on-other-linux-distributions]]
livecd-iso-to-disk on other Linux distributions
+++++++++++++++++++++++++++++++++++++++++++++++
is not meant to be run from a non-Fedora system. Even if it happens to
run and write a stick apparently successfully from some other
distribution, the stick may well fail to boot. Use of on any
distribution other than Fedora is unsupported and not expected to work:
please use an alternative method, such as link:#fmw[Fedora Media
Writer].
[[ubuntus-usb-creator]]
Ubuntu's _usb-creator_
^^^^^^^^^^^^^^^^^^^^^^
Ubuntu and derivative Linux distributions have a program similar to
Fedora Media Writer. This *does not work* with Fedora ISO images, it
silently rejects them. usb-creator requires the ISO to have a Debian
layout, with a file and a casper directory. Do not attempt to use this
utility to write a Fedora ISO image.
[[testing-a-usb-stick-using-qemu]]
Testing a USB stick using qemu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can test your stick using QEMU as shown in the screenshot below.
image:Screenshot_qemu_gtk3.png[`Screenshot_qemu_gtk3.png`,title="Screenshot_qemu_gtk3.png"]
For example, you could type the following commands:
....
su -c 'umount /dev/sdX1'
qemu -hda /dev/sdX -m 1024 -vga std
....
[[mounting-a-live-usb-filesystem]]
Mounting a Live USB filesystem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can use the
https://github.com/livecd-tools/livecd-tools/blob/master/tools/liveimage-mount[_liveimage-mount_]
script in the package to mount an attached Live USB device or other
LiveOS image, such as an ISO or Live CD. This is convenient when you
want to copy in or out some file from the LiveOS filesystem on a Live
USB, or just examine the files in a Live ISO or Live CD.
[[kernel-updates-for-livecd-iso-to-disk-written-images-with-a-persistent-overlay]]
Kernel updates for _livecd-iso-to-disk_-written images with a persistent
overlay
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you have link:#limited_overlay[sufficient overlay space] to
accommodate a kernel update on a Live USB installation, the kernel and
initramfs will be installed to the /boot directory. To put these into
service they must be moved to the /syslinux directory of the
installation partition. This is accessible from the running Live USB
filesystem at the /run/initramfs/live mount point. The new initramfs
(such as initramfs-4.9.13-200.fc25.x86_64.img) and kernel (such as
vmlinuz-4.9.13-200.fc25.x86_64) should be moved to replace the
/run/initramfs/live/syslinux/initrd.img and
/run/initramfs/live/syslinux/vmlinuz files, respectively.
* *Note*: _dracut_ no longer includes the _dmsquash-live_ module by
default. Starting with Fedora 19, _dracut_ defaults to the option, which
precludes the _dmsquash-live_ module. So, one can add a dracut config
file, as root, before updating the kernel:
....
echo 'hostonly="no"
add_dracutmodules+=" dmsquash-live "' > /etc/dracut.conf.d/01-liveos.conf
....
The following commands will move the new kernel and initramfs files to
the device's /syslinux directory:
....
bootpath=run/initramfs/live/syslinux
new=4.9.13-200.fc25.x86_64
cd /
mv -f boot/vmlinuz-$new ${bootpath}/vmlinuz
mv -f boot/initramfs-${new}.img ${bootpath}/initrd.img
....
[[multi-live-image-boot-installations]]
Multi Live Image boot installations
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The _livecd-iso-to-disk_ --multi option allows one to install more than
one LiveOS image on a single device. Version 24.2 or greater of will
automatically configure the device boot loader to give a Multi Live
Image Boot Menu for the device.
Category:LiveMedia
'''
See a typo, something missing or out of date, or anything else which can be
improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.

157
en-US/livecd.adoc
View file

@ -1,157 +0,0 @@
= FedoraLiveCD
'''
[IMPORTANT]
======
This page was automatically converted from https://fedoraproject.org/wiki/FedoraLiveCD
It is probably
* Badly formatted
* Missing graphics and tables that do not convert well from mediawiki
* Out-of-date
* In need of other love
Pull requests accepted at https://pagure.io/fedora-docs/quick-docs
Once you've fixed this page, remove this notice, and update
`_topic_map.yml`.
Once the document is live, go to the original wiki page and replace its text
with the following macro:
....
{{#fedoradocs: https://docs.fedoraproject.org/whatever-the-of-this-new-page}}
....
======
'''
[[download-and-create-live-image-or-live-usb]]
Download and Create Live image or Live USB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To download a pre-built Fedora Live image, visit
https://getfedora.org/[the download page]. Then you can either:
* Burn the ISO to a CD or DVD. See
http://docs.fedoraproject.org/readme-burning-isos/[here] for burning
instructions.
* Learn link:how_to_create_and_use_Live_USB[how to create and use Live
USB].
If you want to build and then burn your own custom ISO, see
link:How_to_create_and_use_a_Live_CD[How to create and use a Live CD].
[[advantages-and-limitations]]
Advantages and Limitations
~~~~~~~~~~~~~~~~~~~~~~~~~~
Benefits:
* You can demonstrate features or try out a release, including testing
hardware functionality, before hard disk/SSD installation.
* Live USB/CD/DVD installation is faster than regular installation. Live
USB/SD installation typically takes only a few minutes and can be
configured with persistent storage.
* You can use Live CD technology for backup and recovery of your
installed hard drive.
Limitations:
* It is not possible to choose packages during installation. Live images
typically have fewer packages than a regular installation image.
* It is not possible to do an upgrade via the Anaconda installer. If you
have a separate /home partition, you can just not format it during the
installation and thus preserve your settings and /home content.
* It is not possible to choose a non-default filesystem.
* Once you shutdown a computer running from a Live CD, you will lose any
settings or packages installed, but Live USB/SD installations may be
configured with persistent storage.
[[fedora-live-image-features]]
Fedora Live image features
~~~~~~~~~~~~~~~~~~~~~~~~~~
Current features:
1. A booted Live CD uses a temporary, in-memory, read-write rootfs, so
it's possible to install software for use while the Live CD is running.
2. Data persistence options available on Live USB/SD installations.
3. Install to hard disks or USB/SD drives.
4. Uses SELinux in enforcing mode and other security features by
default.
5. Includes best of breed software on the media.
6. Stay as close to a normal desktop install with regard to features,
or try specialized http://spins.fedoraproject.org/[Spins].
7. Ability to create normal CD-ROM and CD-R media (less than 700 MB) or
DVD images.
8. Make it easy to do a derived Live CD with your own repositories,
packages, and artwork.
9. API used by LTSP, appliance creator and others.
[[contributors]]
Contributors
~~~~~~~~~~~~
* DavidZeuthen - Primary developer and maintainer of
http://hal.freedesktop.org[HAL] and OLPC contributor.
* JeremyKatz - Fedora Ninja. Adds backend for installing from a live
image into link:Anaconda[ Anaconda].
* DouglasMcClendon - LiveOS device mapper trickster.
[[communicate]]
Communicate
~~~~~~~~~~~
Fedora Live image users and developers can participate and contribute in
the discussions happening in the Fedora list.
(http://www.redhat.com/mailman/listinfo/fedora-livecd-list[predecessor
list archives])
[[finding-the-code]]
Finding the Code
~~~~~~~~~~~~~~~~
The source code for the Live CD tools is maintained in git. The
repository is at https://github.com/rhinstaller/livecd-tools/ . You can
install it easily by installing the 'livecd-tools' package.
Kickstart files are in the spin-kickstarts.noarch package.
[[hard-drive-installation]]
Hard Drive Installation
~~~~~~~~~~~~~~~~~~~~~~~
The ability to install to a hard drive is available releases since
Fedora 7. After the live media boots, click on the install icon on your
desktop to start the installation. Installation from live image requires
that GRUB and the /boot directory be installed onto a drive with an
MSDOS partition label, or that the current machine supports EFI booting.
If a pc-clone machine has only GPT hard drives, then you may need to use
something such as a USB2.0 flash memory device (with an MSDOS partition
label) as an intermediate destination.
In Fedora 15, instead of clicking the desktop icon, choose
Applications->System Tools->Install to Hard Drive from the menu along
the top of the screen.
[[references]]
References
~~~~~~~~~~
* https://web.archive.org/web/20080611062804/http://www-128.ibm.com/developerworks/linux/library/l-fedora-livecd/index.html[Mayank
Sharma "IBM Developer Works: Build a Fedora Live CD" (archive.org
version from June 2008)]
* link:LiveOS_image[LiveOS image]
Category:LiveMedia
'''
See a typo, something missing or out of date, or anything else which can be
improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.

28
en-US/managing-keyboard-shortcuts-for-running-app-in-gnome.adoc Normal file
View file

@ -0,0 +1,28 @@
:experimental:
[id='managing-keyboard-shortcuts-for-running-app-in-gnome']
= Managing keyboard shortcuts for running an application in GNOME
:md: ./modules
:imagesdir: ./images
:leveloffset: +1
include::{md}/proc_adding-shortcut-custom-app-gnome.adoc[]
include::{md}/proc_disabling-shortcut-custom-app-gnome.adoc[]
include::{md}/proc_enabling-shortcut-custom-app-gnome.adoc[]
include::{md}/proc_removing-shortcut-custom-app-gnome.adoc[]
:leveloffset: 0
////
info sources:
http://ask.fedoraproject.org/en/question/9623/how-can-i-set-a-key-shortcut-to-launch-terminal-under-gnome/
https://help.gnome.org/users/gnome-help/stable/keyboard-shortcuts-set.html.en
https://unix.stackexchange.com/questions/119432/save-custom-keyboard-shortcuts-in-gnome
https://askubuntu.com/questions/26056/where-are-gnome-keyboard-shortcuts-stored
tested on F28 live CD in VM
////

29
en-US/modules/con_benefits-of-selinux.adoc Normal file
View file

@ -0,0 +1,29 @@
// Module included in the following assemblies:
//
// getting-started-with-selinux.adoc
:experimental:
[#{context}-benefits-of-selinux]
= Benefits of running SELinux
SELinux provides the following benefits:
* All processes and files are labeled. SELinux policy rules define how processes interact with files, as well as how processes interact with each other. Access is only allowed if an SELinux policy rule exists that specifically allows it.
* Fine-grained access control. Stepping beyond traditional UNIX permissions that are controlled at user discretion and based on Linux user and group IDs, SELinux access decisions are based on all available information, such as an SELinux user, role, type, and, optionally, a security level.
* SELinux policy is administratively-defined and enforced system-wide.
* Improved mitigation for privilege escalation attacks. Processes run in domains, and are therefore separated from each other. SELinux policy rules define how processes access files and other processes. If a process is compromised, the attacker only has access to the normal functions of that process, and to files the process has been configured to have access to. For example, if the Apache HTTP Server is compromised, an attacker cannot use that process to read files in user home directories, unless a specific SELinux policy rule was added or configured to allow such access.
* SELinux can be used to enforce data confidentiality and integrity, as well as protecting processes from untrusted inputs.
However, SELinux is not:
* antivirus software,
* replacement for passwords, firewalls, and other security systems,
* all-in-one security solution.
SELinux is designed to enhance existing security solutions, not replace them. Even when running SELinux, it is important to continue to follow good security practices, such as keeping software up-to-date, using hard-to-guess passwords, or firewalls.

39
en-US/modules/con_introduction-to-selinux.adoc Normal file
View file

@ -0,0 +1,39 @@
// Module included in the following assemblies:
//
// getting-started-with-selinux.adoc
[#{context}-introduction-to-selinux]
= Introduction to SELinux
Security Enhanced Linux (SELinux) provides an additional layer of system security. SELinux fundamentally answers the question: _May <subject> do <action> to <object>?_, for example: _May a web server access files in users' home directories?_
The standard access policy based on the user, group, and other permissions, known as Discretionary Access Control (DAC), does not enable system administrators to create comprehensive and fine-grained security policies, such as restricting specific applications to only viewing log files, while allowing other applications to append new data to the log files.
SELinux implements Mandatory Access Control (MAC). Every process and system resource has a special security label called a _SELinux context_. A SELinux context, sometimes referred to as a _SELinux label_, is an identifier which abstracts away the system-level details and focuses on the security properties of the entity. Not only does this provide a consistent way of referencing objects in the SELinux policy, but it also removes any ambiguity that can be found in other identification methods; for example, a file can have multiple valid path names on a system that makes use of bind mounts.
The SELinux policy uses these contexts in a series of rules which define how processes can interact with each other and the various system resources. By default, the policy does not allow any interaction unless a rule explicitly grants access.
[NOTE]
====
It is important to remember that SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first, which means that no SELinux denial is logged if the traditional DAC rules prevent the access.
====
SELinux contexts have several fields: user, role, type, and security level. The SELinux type information is perhaps the most important when it comes to the SELinux policy, as the most common policy rule which defines the allowed interactions between processes and system resources uses SELinux types and not the full SELinux context. SELinux types usually end with `_t`. For example, the type name for the web server is `httpd_t`. The type context for files and directories normally found in `/var/www/html/` is `httpd_sys_content_t`. The type contexts for files and directories normally found in `/tmp` and `/var/tmp/` is `tmp_t`. The type context for web server ports is `http_port_t`.
For example, there is a policy rule that permits Apache (the web server process running as `httpd_t`) to access files and directories with a context normally found in `/var/www/html/` and other web server directories (`httpd_sys_content_t`). There is no allow rule in the policy for files normally found in `/tmp` and `/var/tmp/`, so access is not permitted. With SELinux, even if Apache is compromised, and a malicious script gains access, it is still not able to access the `/tmp` directory.
[#fig-intro-httpd-mysqld]
.SELinux allows the Apache process running as httpd_t to access the /var/www/html/ directory and it denies the same process to access the /data/mysql/ directory because there is no allow rule for the httpd_t and mysqld_db_t type contexts). On the other hand, the MariaDB process running as mysqld_t is able to access the /data/mysql/ directory and SELinux also correctly denies the process with the mysqld_t type to access the /var/www/html/ directory labeled as httpd_sys_content_t.
image::../images/selinux-intro-apache-mariadb.png[SELinux_Apache_MariaDB_example]
[discrete]
== Additional resources
To better understand SELinux basic concepts, see the following documentation:
* link:++https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf++[The SELinux Coloring Book]
* link:++https://people.redhat.com/tcameron/Summit2012/SELinux/cameron_w_120_selinux_for_mere_mortals.pdf++[SELinux for Mere Mortals]
* link:++http://selinuxproject.org/page/FAQ++[SELinux Wiki FAQ]
* link:++http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf++[The SELinux Notebook]

11
en-US/modules/con_selinux-architecture.adoc Normal file
View file

@ -0,0 +1,11 @@
// Module included in the following assemblies:
//
// getting-started-with-selinux.adoc
:experimental:
[#{context}-selinux-architecture]
= SELinux architecture
SELinux is a Linux Security Module (LSM) that is built into the Linux kernel. The SELinux subsystem in the kernel is driven by a security policy which is controlled by the administrator and loaded at boot. All security-relevant, kernel-level access operations on the system are intercepted by SELinux and examined in the context of the loaded security policy. If the loaded policy allows the operation, it continues. Otherwise, the operation is blocked and the process receives an error.
SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). When using these cached decisions, SELinux policy rules need to be checked less, which increases performance. Remember that SELinux policy rules have no effect if DAC rules deny access first.

19
en-US/modules/con_selinux-examples.adoc Normal file
View file

@ -0,0 +1,19 @@
// Module included in the following assemblies:
//
// getting-started-with-selinux.adoc
:experimental:
[#{context}-selinux-examples]
= SELinux examples
The following examples demonstrate how SELinux increases security:
* The default action is deny. If an SELinux policy rule does not exist to allow access, such as for a process opening a file, access is denied.
* SELinux can confine Linux users. A number of confined SELinux users exist in SELinux policy. Linux users can be mapped to confined SELinux users to take advantage of the security rules and mechanisms applied to them. For example, mapping a Linux user to the SELinux `user_u` user, results in a Linux user that is not able to run (unless configured otherwise) set user ID (setuid) applications, such as [command]`sudo` and [command]`su`, as well as preventing them from executing files and applications in their home directory. If configured, this prevents users from executing malicious files from their home directories.
* Increased process and data separation. Processes run in their own domains, preventing processes from accessing files used by other processes, as well as preventing processes from accessing other processes. For example, when running SELinux, unless otherwise configured, an attacker cannot compromise a Samba server, and then use that Samba server as an attack vector to read and write to files used by other processes, such as MariaDB databases.
* SELinux helps mitigate the damage made by configuration mistakes. Domain Name System (DNS) servers often replicate information between each other in what is known as a zone transfer. Attackers can use zone transfers to update DNS servers with false information. When running the Berkeley Internet Name Domain (BIND) as a DNS server in Fedora, even if an administrator forgets to limit which servers can perform a zone transfer, the default SELinux policy prevents zone files footnote:[Text files that include information, such as host name to IP address mappings, that are used by DNS servers.] from being updated using zone transfers, by the BIND `named` daemon itself, and by other processes.
* See the link:++http://www.networkworld.com++[NetworkWorld.com] article, link:++http://www.networkworld.com/article/2283723/lan-wan/a-seatbelt-for-server-software--selinux-blocks-real-world-exploits.html++[A seatbelt for server software: SELinux blocks real-world exploits]footnote:[Marti, Don. "A seatbelt for server software: SELinux blocks real-world exploits". Published 24 February 2008. Accessed 27 August 2009: link:++http://www.networkworld.com/article/2283723/lan-wan/a-seatbelt-for-server-software--selinux-blocks-real-world-exploits.html++[].], for background information about SELinux, and information about various exploits that SELinux has prevented.

47
en-US/modules/con_selinux-states-and-modes.adoc Normal file
View file

@ -0,0 +1,47 @@
// Module included in the following assemblies:
//
// getting-started-with-selinux.adoc
:experimental:
[#{context}-selinux-states-and-modes]
= SELinux states and modes
SELinux can run in one of three modes: disabled, permissive, or enforcing.
Disabled mode is strongly discouraged; not only does the system avoid enforcing the SELinux policy, it also avoids labeling any persistent objects such as files, making it difficult to enable SELinux in the future.
In permissive mode, the system acts as if SELinux is enforcing the loaded security policy, including labeling objects and emitting access denial entries in the logs, but it does not actually deny any operations. While not recommended for production systems, permissive mode can be helpful for SELinux policy development.
Enforcing mode is the default, and recommended, mode of operation; in enforcing mode SELinux operates normally, enforcing the loaded security policy on the entire system.
Use the [command]`setenforce` utility to change between enforcing and permissive mode. Changes made with [command]`setenforce` do not persist across reboots. To change to enforcing mode, enter the [command]`setenforce 1` command as the Linux root user. To change to permissive mode, enter the [command]`setenforce 0` command. Use the [command]`getenforce` utility to view the current SELinux mode:
----
~]# getenforce
Enforcing
----
----
~]# setenforce 0
~]# getenforce
Permissive
----
----
~]# setenforce 1
~]# getenforce
Enforcing
----
In Fedora, you can set individual domains to permissive mode while the system runs in enforcing mode. For example, to make the `httpd_t` domain permissive:
----
~]# semanage permissive -a httpd_t
----
// See <<sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains>> for more information.
// [NOTE]
// ====
// Persistent states and modes changes are covered in <<sect-Security-Enhanced_Linux-Working_with_SELinux-Changing_SELinux_Modes>>.
// ====

56
en-US/modules/proc_adding-shortcut-custom-app-gnome.adoc Normal file
View file

@ -0,0 +1,56 @@
[id='adding-shortcut-custom-app-gnome']
= Adding keyboard shortcuts for custom applications in GNOME
This section describes how to add a keyboard shortcut for starting a custom application in GNOME.
[discrete]
== Procedure
. Open *Settings* and choose the *Devices* entry from the list:
+
image::shortcuts-settings-devices.png[]
+
NOTE: Earlier Fedora versions might not need this step.
. Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts:
+
image::shortcuts-keyboard-scroll.png[]
. Click the *+* button at the bottom of the list.
+
A window for entering the details appears:
+
image::shortcuts-add-empty.png[]
. Fill in details for the application.
+
image::shortcuts-add-filled.png[]
+
Replace _My Application_ with the name of the application and _myapp --special options_ with the command to run this application, including any options.
. Click the *Set shortcut...* button.
+
A window for entering the keyboard shortcut appears:
+
image::shortcuts-add-enter.png[]
. Press the key combination that should become the shortcut for starting the application.
+
As soon as you release the key combination, the window for entering the shortcut closes. The window for application name and command now displays the entered shortctut:
+
image::shortcuts-add-shortcut.png[]
. Click the *Add* button.
+
Your application shortcut now appears in the list under _Custom Shortcuts_:
+
image::shortcuts-added.png[]
// optional - close settings?
////
info sources:
http://ask.fedoraproject.org/en/question/9623/how-can-i-set-a-key-shortcut-to-launch-terminal-under-gnome/
https://help.gnome.org/users/gnome-help/stable/keyboard-shortcuts-set.html.en
////

16
en-US/modules/proc_disabling-gnome-screenlock.adoc Normal file
View file

@ -0,0 +1,16 @@
= Disabling the GNOME Automatic Screen Lock
In the interest of safety and privacy, the GNOME automatic screen lock is enabled by default.
When the screen locks after a period of inactivity, you must enter your password to unlock the screen.
You can disable this feature at any time.
To disable the GNOME automatic screen lock, complete the following steps.
. On the desktop, navigate to the upper-right corner of the screen and click the arrow icon to expand the desktop options. Click the *Settings* icon.
. From the the *Settings* menu, select *Privacy*.
. On the *Privacy* page, select *Screen Lock*, and toggle the switch from *On* to *Off*.
. Close the window and verify that in the *Privacy* page, the *Screen Lock* is *Off*.
To enable the automatic screen lock, repeat this process and toggle the switch from *Off* to *On*.

36
en-US/modules/proc_disabling-shortcut-custom-app-gnome.adoc Normal file
View file

@ -0,0 +1,36 @@
[id='disabling-shortcut-custom-app-gnome']
= Disabling keyboard shortcuts for custom applications in GNOME
This section describes how to disable a keyboard shortcut for starting a custom application in GNOME.
[discrete]
== Procedure
. Open *Settings* and choose the *Devices* entry from the list:
+
image::shortcuts-settings-devices.png[]
+
NOTE: Earlier Fedora versions might not need this step.
. Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts:
+
image::shortcuts-keyboard-scroll.png[]
. Scroll down in the list of shortcuts and applications until you locate the application that you want to disable:
+
image::shortcuts-added.png[]
. Click on the entry.
+
A window for editing the shortcut appears:
+
image::shortcuts-edit.png[]
. Click the small *x* button to the right of the disaplyed shortcut.
+
The keyboard shortcut is removed from this shortcut and the shortcut list now displays _Disabled_ instead of the key combination:
+
image::shortcuts-disabled.png[]
. Close the shortcut editing window.

42
en-US/modules/proc_enabling-shortcut-custom-app-gnome.adoc Normal file
View file

@ -0,0 +1,42 @@
[id='enabling-shortcut-custom-app-gnome']
= Enabling keyboard shortcuts for custom applications in GNOME
This section describes how to enable a keyboard shortcut for starting a custom application in GNOME.
[discrete]
== Procedure
. Open *Settings* and choose the *Devices* entry from the list:
+
image::shortcuts-settings-devices.png[]
+
NOTE: Earlier Fedora versions might not need this step.
. Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts:
+
image::shortcuts-keyboard-scroll.png[]
. Scroll down in the list of shortcuts and applications until you locate the application that you want to enable:
+
image::shortcuts-list-disabled.png[]
. Click on the entry.
+
A window for editing the shortcut appears:
+
image::shortcuts-disabled.png[]
. Click the *Set shortcut...* button.
+
A window for entering the keyboard shortcut appears:
+
image::shortcuts-enabling-entering.png[]
. Press the key combination that should become the shortcut for starting the application.
+
As soon as you release the key combination, the window for entering the shortcut closes. The window for application name and command now displays the entered shortctut:
+
image::shortcuts-enabling-entered.png[]
. Close the shortcut editing window.

31
en-US/modules/proc_removing-shortcut-custom-app-gnome.adoc Normal file
View file

@ -0,0 +1,31 @@
[id='removing-shortcut-custom-app-gnome']
= Removing keyboard shortcuts for custom applications in GNOME
This section describes how to remove a keyboard shortcut for starting a custom application in GNOME.
[discrete]
== Procedure
. Open *Settings* and choose the *Devices* entry from the list:
+
image::shortcuts-settings-devices.png[]
+
NOTE: Earlier Fedora versions might not need this step.
. Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts:
+
image::shortcuts-keyboard-scroll.png[]
. Scroll down in the list of shortcuts and applications until you locate the application that you want to remove:
+
image::shortcuts-added.png[]
. Click on the entry.
+
A window for editing the shortcut appears:
+
image::shortcuts-edit.png[]
. Click the red *Remove* button.
+
The shortcut is removed.

309
en-US/networking-cli.adoc
View file

@ -1,309 +0,0 @@
= NetworkManager Command Line Interface (nmcli)
[[description]]
== Description
`nmcli` is a tool that allows NetworkManager management from command line.
[[networkmanager-status]]
== NetworkManager status
Display overall status of NetworkManager
[source,bash,subs="+quotes"]
----
$ nmcli general status
----
Display active connections
[source,bash]
----
$ nmcli connection show --active
----
Display all configured connections
[source,bash]
----
$ nmcli connection show configured
----
[[connectdisconnect-to-an-already-configured-connection]]
== Connect/disconnect to an already configured connection
Connect to a configured connection by name
[source,bash,subs="+quotes"]
----
$ nmcli connection up id _connection name_
----
Disconnection by name
[source,bash,subs="+quotes"]
----
$ nmcli connection down id _connection name_
----
[[wifi]]
== Wifi
Get Wifi status
[source,bash]
----
$ nmcli radio wifi
----
Turn wifi on or off
[source,bash,subs="+quotes"]
----
$ nmcli radio wifi _on|off_
----
List available access points(AP) to connect to
[source,bash]
----
$ nmcli device wifi list
----
Refresh previous list
[source,bash]
----
$ nmcli device wifi rescan
----
Create a new connection to an open AP
[source,bash,subs="+quotes"]
----
$ nmcli device wifi connect _SSID|BSSID_
----
Create a new connection to a password protected AP
[source,bash,subs="+quotes"]
----
$ nmcli device wifi connect _SSID|BSSID_ password _password_
----
[[network-interfaces]]
== Network interfaces
List available devices and their status
[source,bash]
----
$ nmcli device status
----
Disconnect an interface
[source,bash,subs="+quotes"]
----
$ nmcli device disconnect iface _interface_
----
[[create-or-modify-a-connection]]
== Create or modify a connection
To create a new connection using an interactive editor
[source,bash,subs="+quotes"]
----
$ nmcli connection edit con-name _name of new connection_
----
To edit an already existing connection using an interactive editor
[source,bash,subs="+quotes"]
----
$ nmcli connection edit _connection name_
----
[[exampletutorial]]
=== Example/Tutorial
Let's create a new connection
[source,bash,subs="+quotes"]
----
$ nmcli connection edit con-name _name of new connection_
----
It will ask us to define a connection type
[source,bash]
----
Valid connection types: 802-3-ethernet (ethernet), 802-11-wireless (wifi), wimax, gsm, cdma, infiniband, adsl, bluetooth, vpn, 802-11-olpc-mesh (olpc-mesh), vlan, bond, team, bridge, bond-slave, team-slave, bridge-slave
Enter connection type:
----
In this example we will use ethernet
[source,bash]
----
Enter connection type: ethernet
----
Next this will appear, note that `nmcli>` is a prompt and that it lists the main settings available
[source,bash]
----
===| nmcli interactive connection editor |===
Adding a new '802-3-ethernet' connection
Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6
nmcli>
----
We will edit the setting `ipv4`
[source,bash]
----
nmcli> goto ipv4
----
Note that after this our promt has changed to this to indicate that we are currently editing the "ipv4" setting
[source,bash]
----
nmcli ipv4>
----
List available properties under the setting `ipv4` and describe the property `method`
[source,bash]
----
nmcli ipv4> describe
Available properties: method, dns, dns-search, addresses, routes, ignore-auto-routes, ignore-auto-dns, dhcp-client-id, dhcp-send-hostname, dhcp-hostname, never-default, may-fail
Property name?
Property name? method
----
Let's set property `method` to `auto`
[source,bash]
----
nmcli ipv4> set method auto
----
Now that we have finished editing the `ipv4` setting let's go back to the main level.
Execute the following command until the prompt looks like this `nmcli>`
[source,bash]
----
nmcli ipv4> back
----
If you need to list again the main settings use the `goto` command without any arguments.
After that just press enter and ignore the error.
[source,bash]
----
nmcli> goto
Available settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6
Setting name?
----
It is possible to set a value for a property directly from the main level
[source,bash]
----
nmcli> set __setting__.__property__ _value_
----
For example:
[source,bash,subs="+quotes"]
----
nmcli> set connection.autoconnect TRUE
nmcli> set connection.interface-name _interface name this connection is bound to_
nmcli> set ethernet.cloned-mac-address _Spoofed MAC address_
----
Finally check the connection details, save and exit
[source,bash]
----
nmcli> print
nmcli> save
nmcli> quit
----
[[manually-editing]]
=== Manually editing
To manually edit a ifcfg connection configuration open or create with a text editor the configuration file of the connection located in `/etc/sysconfig/network-scripts/ifcfg-`
A description of most common configuration options is available at: http://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html
To modify a connection password open with a text editor and edit the file `keys-` located in `/etc/sysconfig/network-scripts/`.
The password is stored in plain text.
For example
[source,bash,subs="+quotes"]
----
$ cat /etc/sysconfig/network-scripts/keys-__connection name__
WPA_PSK='password'
----
Or if using keyfile, simply edit the connection file located inside `/etc/NetworkManager/system-connections/`
Finally save the files and to apply changes to an already active connection execute
[source,bash,subs="+quotes"]
----
nmcli connection up id _connection name_
----
[[delete-a-connection-configuration]]
== Delete a connection configuration
Delete the connection
[source,bash,subs="+quotes"]
----
nmcli connection delete id _connection name_
----
Please note this also deactivates the connection.
[[documentation-for-networkmanager-command-line-interface-nmcli]]
== Documentation for NetworkManager Command Line Interface nmcli
The primary reference for nmcli are the manual pages nmcli and nmcli-examples.
For a quick reference, the user can type `nmcli help` to print the supported options and commands.
The help parameter can also be used to obtain a more detailed description for the individual commands.
For example `nmcli connection help` and `nmcli connection add help` show a description for the possible connection operations and for how to add connections, respectively.
The newest version of the manual page can be found on https://developer.gnome.org/NetworkManager/unstable/nmcli.html[nmcli] and https://developer.gnome.org/NetworkManager/unstable/nmcli-examples.html[nmcli-examples].
[[notes]]
=== Notes
nmcli maybe contain some bugs and lack some features graphical tools for NetworkManager have.
To see all available options for your version of nmcli
[source,bash]
----
$ info nmcli
----
See a typo, something missing or out of date, or anything else which can be improved?
Edit this document at https://pagure.io/fedora-docs/quick-docs.