https://wiki.archlinux.org/api.php?action=feedcontributions&user=Aws&feedformat=atomArchWiki - User contributions [en]2024-03-28T09:59:09ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=AppArmor&diff=267526AppArmor2013-07-22T11:21:36Z<p>Aws: /* Bootloader Configuration */ changed heading of disable to be at the same level as enable</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:Kernel]]<br />
{{Out of date}}<br />
<br />
[[Wikipedia:AppArmor|AppArmor]] is a MAC (Mandatory Access Control) system, implemented upon LSM (Linux Security Modules).<br />
<br />
== Preventing circumvention of path-based MAC via links ==<br />
<br />
AppArmor can be circumvented via hardlinks in the standard POSIX security model. However, the kernel now includes the ability to prevent this vulnerability, without needing the patches distributions like Ubuntu have applied to their kernels as workarounds.<br />
<br />
See [[Sysctl#Preventing_link_TOCTOU_vulnerabilities]] for details.<br />
<br />
== Implementation Status ==<br />
AppArmor is currently available in the [https://bugs.archlinux.org/task/21406 Arch Linux kernel], but it has to be activated on kernel boot. <br />
<br />
The userspace support requires [[AUR]] packages.<br />
<br />
* https://aur.archlinux.org/packages.php?ID=42279<br />
<br />
Not all the packages work out-of-the-box, but it is a work in progress. If you know how to build profiles yourself you shouldn't have too many problems. <br />
Also there is an [https://aur.archlinux.org/packages.php?ID=60269 AUR kernel] <br />
which includes apparmor specific patches from Ubuntu's [https://launchpad.net/apparmor launchpad]. <br />
<br />
=== AUR/apparmor package ===<br />
Added lot of features:<br />
* apparmor-parser<br />
* libapparmor<br />
* apparmor-utils<br />
* apparmor-profiles<br />
* apparmor-notify<br />
* apparmor-lib<br />
* apparmor-perl<br />
* apparmor-python<br />
* apparmor-ruby<br />
* apparmor-dbus<br />
* apparmor-profile-editor<br />
<br />
But we still miss following features (TODO):<br />
* init (rc.d) scripts! http://aur.pastebin.com/beQ4BjGX<br />
* chase missing dependencies<br />
* test everything<br />
* make list of files that should go to backup=() arrays in packages...<br />
* changehat modules for PAM(!), Apache and Tomcat (btw those are dependent on libapparmor)<br />
* out-of-box-experience know-how<br />
** make some package with profiles for all [core] packages enabled by default without need for any further user configuration<br />
** etc...<br />
* apparmor gnome applet (can't build, deprecated...)<br />
<br />
== Links ==<br />
* Official pages<br />
** Kernel: https://apparmor.wiki.kernel.org/ http://wiki.apparmor.net/index.php/Main_Page<br />
** Userspace: https://launchpad.net/apparmor<br />
<br />
* http://www.kernel.org/pub/linux/security/apparmor/AppArmor-2.6/<br />
* http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference<br />
<br />
* http://ubuntuforums.org/showthread.php?t=1008906 (Tutorial)<br />
* https://help.ubuntu.com/community/AppArmor<br />
*{{Bug|21406}}<br />
* http://stuff.mit.edu/afs/sipb/contrib/linux/Documentation/apparmor.txt <br />
* http://wiki.apparmor.net/index.php/Kernel_interfaces<br />
* http://wiki.apparmor.net/index.php/AppArmor_versions<br />
* http://manpages.ubuntu.com/manpages/oneiric/man5/apparmor.d.5.html<br />
* http://manpages.ubuntu.com/manpages/oneiric/man8/apparmor_parser.8.html<br />
* http://wiki.apparmor.net/index.php/Distro_CentOS<br />
* http://bodhizazen.net/aa-profiles/<br />
* https://wiki.ubuntu.com/ApparmorProfileMigration<br />
* [[wikipedia:Linux_Security_Modules]]<br />
* http://wiki.apparmor.net/index.php/Gittutorial<br />
<br />
== AppArmor Packages ==<br />
* Arch's {{Pkg|linux}} package has AppArmor support<br />
* aur/[https://aur.archlinux.org/packages.php?ID=42279 apparmor]<br />
<br />
== Kernel Configuration ==<br />
Here is configuration of ArchLinux kernel which enables AppArmor (just FYI, you do not need to touch it):<br />
CONFIG_SECURITY_APPARMOR=y<br />
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0<br />
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set<br />
<br />
However, integration of AppArmor into the kernel is not quite complete. It is missing network mediation and some of the interfaces for introspection. See [https://apparmor.wiki.kernel.org/index.php/Apparmor/upstream_release_notes here] for details. The introspection interfaces are necessary for some tools to work correctly including {{ic|aa-status}} and {{ic|aa-genprof}}. There are compatibility patches provided with the AppArmor tarball that can be applied to every recent kernel to reintroduce these interfaces. The patchset is pretty small and should be applied if you decide to use AppArmor. A suitably patched kernel is provided by the AUR package {{AUR|linux-apparmor}}.<br />
<br />
== Bootloader Configuration ==<br />
=== Enable ===<br />
To test profiles, or enforce the use of AppArmor it must be enabled at boot time. To do this add {{ic|1=apparmor=1 security=apparmor}} to the [[kernel parameters|kernel boot parameters]]. <br />
<br />
After reboot you can test if AppArmor is really enabled using this command as root:<br />
# cat /sys/module/apparmor/parameters/enabled <br />
Y<br />
(Y=enabled, N=disabled, no such file = module not in kernel)<br />
<br />
=== Disable ===<br />
AppArmor will be disabled by default in Arch Linux, so you will not need to disable it explicitly until you will build your own kernel with AppArmor enabled by default. If so, Add {{ic|1=apparmor=0 security=""}} to [[kernel parameters|kernel boot parameters]].<br />
<br />
== System Configuration ==<br />
=== Mounts (/etc/fstab securityfs) ===<br />
http://wiki.apparmor.net/index.php/Kernel_interfaces<br />
none /sys/kernel/security securityfs defaults 0 0<br />
=== Systemd support ===<br />
The AUR package {{AUR|apparmor}} includes a systemd service file that loads all AppArmor profiles in {{ic|/etc/apparmor.d/}}. To enable it to run on boot, use:<br />
{{bc|# systemctl enable apparmor}}<br />
<br />
== UserSpace Tools ==<br />
=== Users ===<br />
You can currently install userspace tools from [[AUR]].<br />
<br />
=== Maintainers ===<br />
You need userspace tools that are compatible with your kernel version. The compatibility list can be found here: http://wiki.apparmor.net/index.php/AppArmor_versions<br />
e.g.: Kernel 2.6.36 is compatible with AppArmor 2.5.1<br />
<br />
== More Info ==<br />
AppArmor, like most other LSMs, supplements rather than replaces the default Discretionary access control. As such it's impossible to grant a process more privileges than it had in the first place. <br />
<br />
Ubuntu, SUSE and a number of other distributions use it by default. RHEL (and it's variants) use SELinux which requires good userspace integration to work properly. People tend to agree that it is also much much harder to configure correctly. <br />
<br />
Taking a common example - A new Flash vulnerability: If you were to browse to a malicious website AppArmor can prevent the exploited plugin from accessing anything that may contain private information. In almost all browsers, plugins run out of process which makes isolating them much easier.<br />
<br />
AppArmor profiles (usually) get stored in easy to read text files in {{ic|/etc/apparmor.d}}<br />
<br />
Every breach of policy triggers a message in the system log, and many distributions also integrate it into DBUS so that you get real-time violation warnings popping up on your desktop.<br />
<br />
== See also ==<br />
* [[TOMOYO Linux]]<br />
* [[SELinux]]</div>Awshttps://wiki.archlinux.org/index.php?title=AppArmor&diff=267523AppArmor2013-07-22T11:12:46Z<p>Aws: /* Kernel Configuration */ removed references to outdated kernels and added details because this is still an issue and it confused me</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:Kernel]]<br />
{{Out of date}}<br />
<br />
[[Wikipedia:AppArmor|AppArmor]] is a MAC (Mandatory Access Control) system, implemented upon LSM (Linux Security Modules).<br />
<br />
== Preventing circumvention of path-based MAC via links ==<br />
<br />
AppArmor can be circumvented via hardlinks in the standard POSIX security model. However, the kernel now includes the ability to prevent this vulnerability, without needing the patches distributions like Ubuntu have applied to their kernels as workarounds.<br />
<br />
See [[Sysctl#Preventing_link_TOCTOU_vulnerabilities]] for details.<br />
<br />
== Implementation Status ==<br />
AppArmor is currently available in the [https://bugs.archlinux.org/task/21406 Arch Linux kernel], but it has to be activated on kernel boot. <br />
<br />
The userspace support requires [[AUR]] packages.<br />
<br />
* https://aur.archlinux.org/packages.php?ID=42279<br />
<br />
Not all the packages work out-of-the-box, but it is a work in progress. If you know how to build profiles yourself you shouldn't have too many problems. <br />
Also there is an [https://aur.archlinux.org/packages.php?ID=60269 AUR kernel] <br />
which includes apparmor specific patches from Ubuntu's [https://launchpad.net/apparmor launchpad]. <br />
<br />
=== AUR/apparmor package ===<br />
Added lot of features:<br />
* apparmor-parser<br />
* libapparmor<br />
* apparmor-utils<br />
* apparmor-profiles<br />
* apparmor-notify<br />
* apparmor-lib<br />
* apparmor-perl<br />
* apparmor-python<br />
* apparmor-ruby<br />
* apparmor-dbus<br />
* apparmor-profile-editor<br />
<br />
But we still miss following features (TODO):<br />
* init (rc.d) scripts! http://aur.pastebin.com/beQ4BjGX<br />
* chase missing dependencies<br />
* test everything<br />
* make list of files that should go to backup=() arrays in packages...<br />
* changehat modules for PAM(!), Apache and Tomcat (btw those are dependent on libapparmor)<br />
* out-of-box-experience know-how<br />
** make some package with profiles for all [core] packages enabled by default without need for any further user configuration<br />
** etc...<br />
* apparmor gnome applet (can't build, deprecated...)<br />
<br />
== Links ==<br />
* Official pages<br />
** Kernel: https://apparmor.wiki.kernel.org/ http://wiki.apparmor.net/index.php/Main_Page<br />
** Userspace: https://launchpad.net/apparmor<br />
<br />
* http://www.kernel.org/pub/linux/security/apparmor/AppArmor-2.6/<br />
* http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference<br />
<br />
* http://ubuntuforums.org/showthread.php?t=1008906 (Tutorial)<br />
* https://help.ubuntu.com/community/AppArmor<br />
*{{Bug|21406}}<br />
* http://stuff.mit.edu/afs/sipb/contrib/linux/Documentation/apparmor.txt <br />
* http://wiki.apparmor.net/index.php/Kernel_interfaces<br />
* http://wiki.apparmor.net/index.php/AppArmor_versions<br />
* http://manpages.ubuntu.com/manpages/oneiric/man5/apparmor.d.5.html<br />
* http://manpages.ubuntu.com/manpages/oneiric/man8/apparmor_parser.8.html<br />
* http://wiki.apparmor.net/index.php/Distro_CentOS<br />
* http://bodhizazen.net/aa-profiles/<br />
* https://wiki.ubuntu.com/ApparmorProfileMigration<br />
* [[wikipedia:Linux_Security_Modules]]<br />
* http://wiki.apparmor.net/index.php/Gittutorial<br />
<br />
== AppArmor Packages ==<br />
* Arch's {{Pkg|linux}} package has AppArmor support<br />
* aur/[https://aur.archlinux.org/packages.php?ID=42279 apparmor]<br />
<br />
== Kernel Configuration ==<br />
Here is configuration of ArchLinux kernel which enables AppArmor (just FYI, you do not need to touch it):<br />
CONFIG_SECURITY_APPARMOR=y<br />
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0<br />
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set<br />
<br />
However, integration of AppArmor into the kernel is not quite complete. It is missing network mediation and some of the interfaces for introspection. See [https://apparmor.wiki.kernel.org/index.php/Apparmor/upstream_release_notes here] for details. The introspection interfaces are necessary for some tools to work correctly including {{ic|aa-status}} and {{ic|aa-genprof}}. There are compatibility patches provided with the AppArmor tarball that can be applied to every recent kernel to reintroduce these interfaces. The patchset is pretty small and should be applied if you decide to use AppArmor. A suitably patched kernel is provided by the AUR package {{AUR|linux-apparmor}}.<br />
<br />
== Bootloader Configuration ==<br />
=== Enable ===<br />
To test profiles, or enforce the use of AppArmor it must be enabled at boot time. To do this add {{ic|1=apparmor=1 security=apparmor}} to the [[kernel parameters|kernel boot parameters]]. <br />
<br />
After reboot you can test if AppArmor is really enabled using this command as root:<br />
# cat /sys/module/apparmor/parameters/enabled <br />
Y<br />
(Y=enabled, N=disabled, no such file = module not in kernel)<br />
<br />
==== Disable ====<br />
AppArmor will be disabled by default in Arch Linux, so you will not need to disable it explicitly until you will build your own kernel with AppArmor enabled by default. If so, Add {{ic|1=apparmor=0 security=""}} to [[kernel parameters|kernel boot parameters]].<br />
<br />
== System Configuration ==<br />
=== Mounts (/etc/fstab securityfs) ===<br />
http://wiki.apparmor.net/index.php/Kernel_interfaces<br />
none /sys/kernel/security securityfs defaults 0 0<br />
=== Systemd support ===<br />
The AUR package {{AUR|apparmor}} includes a systemd service file that loads all AppArmor profiles in {{ic|/etc/apparmor.d/}}. To enable it to run on boot, use:<br />
{{bc|# systemctl enable apparmor}}<br />
<br />
== UserSpace Tools ==<br />
=== Users ===<br />
You can currently install userspace tools from [[AUR]].<br />
<br />
=== Maintainers ===<br />
You need userspace tools that are compatible with your kernel version. The compatibility list can be found here: http://wiki.apparmor.net/index.php/AppArmor_versions<br />
e.g.: Kernel 2.6.36 is compatible with AppArmor 2.5.1<br />
<br />
== More Info ==<br />
AppArmor, like most other LSMs, supplements rather than replaces the default Discretionary access control. As such it's impossible to grant a process more privileges than it had in the first place. <br />
<br />
Ubuntu, SUSE and a number of other distributions use it by default. RHEL (and it's variants) use SELinux which requires good userspace integration to work properly. People tend to agree that it is also much much harder to configure correctly. <br />
<br />
Taking a common example - A new Flash vulnerability: If you were to browse to a malicious website AppArmor can prevent the exploited plugin from accessing anything that may contain private information. In almost all browsers, plugins run out of process which makes isolating them much easier.<br />
<br />
AppArmor profiles (usually) get stored in easy to read text files in {{ic|/etc/apparmor.d}}<br />
<br />
Every breach of policy triggers a message in the system log, and many distributions also integrate it into DBUS so that you get real-time violation warnings popping up on your desktop.<br />
<br />
== See also ==<br />
* [[TOMOYO Linux]]<br />
* [[SELinux]]</div>Awshttps://wiki.archlinux.org/index.php?title=AppArmor&diff=267443AppArmor2013-07-21T17:26:30Z<p>Aws: added subsection on systemd service file</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:Kernel]]<br />
{{Out of date}}<br />
<br />
[[Wikipedia:AppArmor|AppArmor]] is a MAC (Mandatory Access Control) system, implemented upon LSM (Linux Security Modules).<br />
<br />
== Preventing circumvention of path-based MAC via links ==<br />
<br />
AppArmor can be circumvented via hardlinks in the standard POSIX security model. However, the kernel now includes the ability to prevent this vulnerability, without needing the patches distributions like Ubuntu have applied to their kernels as workarounds.<br />
<br />
See [[Sysctl#Preventing_link_TOCTOU_vulnerabilities]] for details.<br />
<br />
== Implementation Status ==<br />
AppArmor is currently available in the [https://bugs.archlinux.org/task/21406 Arch Linux kernel], but it has to be activated on kernel boot. <br />
<br />
The userspace support requires [[AUR]] packages.<br />
<br />
* https://aur.archlinux.org/packages.php?ID=42279<br />
<br />
Not all the packages work out-of-the-box, but it is a work in progress. If you know how to build profiles yourself you shouldn't have too many problems. <br />
Also there is an [https://aur.archlinux.org/packages.php?ID=60269 AUR kernel] <br />
which includes apparmor specific patches from Ubuntu's [https://launchpad.net/apparmor launchpad]. <br />
<br />
=== AUR/apparmor package ===<br />
Added lot of features:<br />
* apparmor-parser<br />
* libapparmor<br />
* apparmor-utils<br />
* apparmor-profiles<br />
* apparmor-notify<br />
* apparmor-lib<br />
* apparmor-perl<br />
* apparmor-python<br />
* apparmor-ruby<br />
* apparmor-dbus<br />
* apparmor-profile-editor<br />
<br />
But we still miss following features (TODO):<br />
* init (rc.d) scripts! http://aur.pastebin.com/beQ4BjGX<br />
* chase missing dependencies<br />
* test everything<br />
* make list of files that should go to backup=() arrays in packages...<br />
* changehat modules for PAM(!), Apache and Tomcat (btw those are dependent on libapparmor)<br />
* out-of-box-experience know-how<br />
** make some package with profiles for all [core] packages enabled by default without need for any further user configuration<br />
** etc...<br />
* apparmor gnome applet (can't build, deprecated...)<br />
<br />
== Links ==<br />
* Official pages<br />
** Kernel: https://apparmor.wiki.kernel.org/ http://wiki.apparmor.net/index.php/Main_Page<br />
** Userspace: https://launchpad.net/apparmor<br />
<br />
* http://www.kernel.org/pub/linux/security/apparmor/AppArmor-2.6/<br />
* http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference<br />
<br />
* http://ubuntuforums.org/showthread.php?t=1008906 (Tutorial)<br />
* https://help.ubuntu.com/community/AppArmor<br />
*{{Bug|21406}}<br />
* http://stuff.mit.edu/afs/sipb/contrib/linux/Documentation/apparmor.txt <br />
* http://wiki.apparmor.net/index.php/Kernel_interfaces<br />
* http://wiki.apparmor.net/index.php/AppArmor_versions<br />
* http://manpages.ubuntu.com/manpages/oneiric/man5/apparmor.d.5.html<br />
* http://manpages.ubuntu.com/manpages/oneiric/man8/apparmor_parser.8.html<br />
* http://wiki.apparmor.net/index.php/Distro_CentOS<br />
* http://bodhizazen.net/aa-profiles/<br />
* https://wiki.ubuntu.com/ApparmorProfileMigration<br />
* [[wikipedia:Linux_Security_Modules]]<br />
* http://wiki.apparmor.net/index.php/Gittutorial<br />
<br />
== AppArmor Packages ==<br />
* Arch's {{Pkg|linux}} package has AppArmor support<br />
* aur/[https://aur.archlinux.org/packages.php?ID=42279 apparmor]<br />
<br />
== Kernel Configuration ==<br />
Here is configuration of ArchLinux kernel which enables AppArmor (just FYI, you do not need to touch it):<br />
CONFIG_SECURITY_APPARMOR=y<br />
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0<br />
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set<br />
<br />
However, integration of AppArmor into the 2.6.36 kernel is not quite complete. It is missing network mediation and some of the interfaces for introspection. See [https://apparmor.wiki.kernel.org/index.php/Apparmor/upstream_release_notes here] for details. There are compatibility patches that can be applied to every recent kernel to reintroduce these interfaces. The patchset is pretty small and should be applied if you decide to use AppArmor. (Note: the patchset for 2.6.39 works with Kernel 3.0.x)<br />
<br />
== Bootloader Configuration ==<br />
=== Enable ===<br />
To test profiles, or enforce the use of AppArmor it must be enabled at boot time. To do this add {{ic|1=apparmor=1 security=apparmor}} to the [[kernel parameters|kernel boot parameters]]. <br />
<br />
After reboot you can test if AppArmor is really enabled using this command as root:<br />
# cat /sys/module/apparmor/parameters/enabled <br />
Y<br />
(Y=enabled, N=disabled, no such file = module not in kernel)<br />
<br />
==== Disable ====<br />
AppArmor will be disabled by default in Arch Linux, so you will not need to disable it explicitly until you will build your own kernel with AppArmor enabled by default. If so, Add {{ic|1=apparmor=0 security=""}} to [[kernel parameters|kernel boot parameters]].<br />
<br />
== System Configuration ==<br />
=== Mounts (/etc/fstab securityfs) ===<br />
http://wiki.apparmor.net/index.php/Kernel_interfaces<br />
none /sys/kernel/security securityfs defaults 0 0<br />
=== Systemd support ===<br />
The AUR package {{AUR|apparmor}} includes a systemd service file that loads all AppArmor profiles in {{ic|/etc/apparmor.d/}}. To enable it to run on boot, use:<br />
{{bc|# systemctl enable apparmor}}<br />
<br />
== UserSpace Tools ==<br />
=== Users ===<br />
You can currently install userspace tools from [[AUR]].<br />
<br />
=== Maintainers ===<br />
You need userspace tools that are compatible with your kernel version. The compatibility list can be found here: http://wiki.apparmor.net/index.php/AppArmor_versions<br />
e.g.: Kernel 2.6.36 is compatible with AppArmor 2.5.1<br />
<br />
== More Info ==<br />
AppArmor, like most other LSMs, supplements rather than replaces the default Discretionary access control. As such it's impossible to grant a process more privileges than it had in the first place. <br />
<br />
Ubuntu, SUSE and a number of other distributions use it by default. RHEL (and it's variants) use SELinux which requires good userspace integration to work properly. People tend to agree that it is also much much harder to configure correctly. <br />
<br />
Taking a common example - A new Flash vulnerability: If you were to browse to a malicious website AppArmor can prevent the exploited plugin from accessing anything that may contain private information. In almost all browsers, plugins run out of process which makes isolating them much easier.<br />
<br />
AppArmor profiles (usually) get stored in easy to read text files in {{ic|/etc/apparmor.d}}<br />
<br />
Every breach of policy triggers a message in the system log, and many distributions also integrate it into DBUS so that you get real-time violation warnings popping up on your desktop.<br />
<br />
== See also ==<br />
* [[TOMOYO Linux]]<br />
* [[SELinux]]</div>Awshttps://wiki.archlinux.org/index.php?title=Help:Editing&diff=267407Help:Editing2013-07-21T13:25:48Z<p>Aws: added missing P</p>
<hr />
<div>[[Category:Help]]<br />
[[cs:Help:Editing]]<br />
[[es:Help:Editing]]<br />
[[fa:راهنما:ویرایش]]<br />
[[fr:Aide:Redaction]]<br />
[[it:Help:Editing]]<br />
[[ja:Help:Editing]]<br />
[[pl:Help:Editing]]<br />
[[pt:Help:Editing]]<br />
[[ru:Help:Editing]]<br />
[[sk:Help:Editing]]<br />
[[sr:Help:Editing]]<br />
[[tr:Wikiye yazı yazmak]]<br />
[[uk:Help:Editing]]<br />
[[zh-CN:Help:Editing]]<br />
[[zh-TW:Help:Editing]]<br />
{{Article summary start}}<br />
{{Article summary text|A short tutorial about editing the ArchWiki. Outlines both widely-known MediaWiki markup and ArchWiki-specific guidelines. A must-read for any would-be contributors.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|ArchWiki:About}}<br />
{{Article summary wiki|Help:Cheatsheet}}<br />
{{Article summary wiki|Help:Style}}<br />
{{Article summary wiki|Help:Reading}}<br />
{{Article summary wiki|Help:Template}}<br />
{{Article summary wiki|Sandbox}}<br />
{{Article summary end}}<br />
<br />
ArchWiki is powered by [http://www.mediawiki.org/wiki/MediaWiki MediaWiki], a free software wiki package written in PHP, originally designed for use on Wikipedia. This is a short tutorial about editing the [[AboutWiki|ArchWiki]]. More in-depth help can be found at [http://www.mediawiki.org/wiki/Help:Contents Help:Contents on MediaWiki] and [http://en.wikipedia.org/wiki/Help:Contents Help:Contents on Wikipedia].<br />
<br />
You must be logged-in to edit pages. Visit [[Special:UserLogin]] to log in or create an account. To experiment with editing, please use the [[sandbox]]. For an overview of wiki markup, see [[ArchWiki Cheatsheet]]. For wiki tasks, see [[ArchWiki:Tasks]].<br />
<br />
Before editing or creating pages, users are encouraged to familiarize themselves with the general tone, layout, and style of existing articles. An effort should be made to maintain a level of consistency throughout the wiki. See [[Help:Reading]] for an overview of common stylistic conventions. See [[Help:Style]] for more detail.<br />
<br />
==Editing==<br />
<br />
To begin editing a page, click the '''edit''' tab at the top of the page. Alternatively, users may edit a specific section of an article by clicking the '''edit''' link to the right of the section heading. The ''Editing'' page will be displayed, which consists of the following elements:<br />
<br />
* Edit toolbar (optional)<br />
* Edit box<br />
* Edit summary box<br />
* ''Save page'', ''Show preview'', ''Show changes'', and ''Cancel'' links<br />
<br />
The edit box will contain the '''wikitext''' (the editable source code from which the server produces the web page) for the current revision of the page or section. To perform an edit:<br />
<br />
# Modify the wikitext as needed (see [[#Formatting]] below for details).<br />
# Explain the edit in the '''Summary''' box (e.g. "fixed typo" or "added info on xyz" (see [[Wikipedia:Help:Edit summary|Help:Edit summary]] for details)). {{Note|'''All edits should be accompanied by a descriptive summary.''' The summary allows administrators and other maintainers to easily identify controversial edits and vandalism.}}<br />
# Use the '''Show preview''' button to facilitate proofreading and verify formatting before saving. <br />
# Mark the edit as ''[[Wikipedia:Wikipedia:Minor edit|minor]]'' by checking the '''This is a minor edit''' box if the edit is superficial and indisputable.<br />
# Save changes by clicking '''Save page'''. If unsatisfied, click '''Cancel''' instead (or repeat the process until satisfied).<br />
<br />
{{Note|If you are not going to use an external editor like vim, you may want to consider using [https://secure.wikimedia.org/wikipedia/en/wiki/User:Cacycle/wikEd wikEd], which adds syntax highlighting, regex search and replace and other nice features to the standard MediaWiki editor. The greasemonkey script works flawlessly with the ArchWiki.}}<br />
<br />
{{Note|Articles should '''not''' be signed because they are ''shared'' works; one editor should not be singled out above others.}}<br />
<br />
===Reverting edits===<br />
If a page was edited incorrectly, the following procedures describe how to revert an article to a previous version. To revert a single edit:<br />
<br />
#Click the '''history''' tab at the top of the page to be modified (beside the '''edit''' tab). A list of revisions is displayed.<br />
#Click the '''undo''' link to the right of the offending edit. An edit preview is displayed, showing the current revision on the left and the text to be saved on the right.<br />
#If satisfied, click the '''Save page''' button at the bottom of the page.<br />
<br />
The wiki page should now be back in its original state.<br />
<br />
Occasionally, it is necessary to revert several edits at once. To revert an article to a previous version:<br />
<br />
#Click the '''history''' tab at the top of the page to be modified (beside the '''edit''' tab). A list of revisions is displayed.<br />
#View the desired revision (i.e. the last ''good'' version) by clicking on the appropriate timestamp. That revision is displayed.<br />
#If satisfied, click the '''edit''' tab at the top of the page. A warning is displayed: '''You are editing an out-of-date revision of this page.''' Simply click the '''Save page''' button to revert to this version. <br />
<br />
{{Note|'''Avoid combining an undo and an edit!''' Revert the edit first, then make additional changes; do not edit the revision preview.}}<br />
<br />
==Creating pages==<br />
Before creating a new page, please consider the following:<br />
<br />
# ''Is your topic relevant to Arch Linux?'' Irrelevant or unhelpful articles will be deleted.<br />
# ''Is your topic of interest to others?'' Consider not only what you wish to write about, but also what others may wish to read. Personal notes belong on your ''user'' page.<br />
# ''Is your topic worthy of a new page?'' Search the wiki for similar articles. If they exist, consider improving or adding a section to an existing article instead.<br />
# ''Will your contribution be significant?'' Avoid creating stubs unless planning to expand them shortly thereafter.<br />
<br />
Creating a new page requires selection of a descriptive '''title''' and an appropriate '''category'''.<br />
<br />
Please read [[Article Naming Guidelines]] and [[Writing Short Article Names]] for article naming advice. <br />
<br />
# Titles should be capitalized appropriately: ''Title for New Page''; not ''Title for new page''.<br />
# Do not include "Arch Linux" or variations in page titles. This is the Arch Linux wiki; it is assumed that articles will be related to Arch Linux. (e.g., ''Installing Openbox''; not ''Installing Openbox in Arch Linux'').<br />
<br />
Visit the [[Table of Contents]] to help choose an appropriate category. Articles may belong to multiple categories.<br />
<br />
To add a new page to some category (say "My New Page" to "Some Category") you need to:<br />
<br />
# Create a page with your new title by browsing to https://wiki.archlinux.org/index.php/My_New_Page (remember to replace "My_New_Page" with the intended title!)<br />
# Add {{ic|<nowiki>[[Category:Some Category]]</nowiki>}} to the '''''top of your page'''''<br />
<br />
{{Note|'''Do not create uncategorized pages!''' All pages must belong to at least one category. If you cannot find a suitable category, consider creating a new one.}}<br />
<br />
==Formatting==<br />
Text formatting is accomplished with wiki markup whenever possible; learning HTML is not necessary. Various templates are also available for common formatting tasks; see [[Help:Template]] for information about templates. The [[ArchWiki Cheatsheet]] summarizes the most common formatting options.<br />
<br />
===Headings and subheadings===<br />
Headings and subheadings are an easy way to improve the organization of an article. If you can see distinct topics being discussed, you can break up an article by inserting a heading for each section. See [[Help:Style#Section headings]] and [[Effective Use of Headers]] for style information.<br />
<br />
Headings must start from second level, and can be created like this:<br />
<br />
==Second-level heading==<br />
===Third-level heading===<br />
====Fourth-level heading====<br />
=====Fifth-level heading=====<br />
======Sixth-level heading======<br />
<br />
{{Note|First-level headings are not allowed, their formatting is reserved for the article title.}}<br />
<br />
If an article has at least four headings, a table of contents (TOC) will be automatically generated. If this is not desired, place {{ic|<nowiki>__NOTOC__</nowiki>}} in the article. Try creating some headings in the [[Sandbox]] and see the effect on the TOC.<br />
<br />
===Line breaks===<br />
An empty line is used to start a new paragraph while single line breaks have no effect in regular paragraphs.<br />
<br />
The HTML {{ic|<nowiki><br></nowiki>}} tag can be used to manually insert line breaks, but should be avoided. A manual break may be justified with other formatting elements, such as lists.<br />
<br />
{|border=1 width="79%" class="wikitable"<br />
!wikitext!!rendering<br />
|-<br />
|<br />
This sentence<br />
is broken into<br />
three lines.<br />
|<br />
This sentence<br />
is broken into<br />
three lines.<br />
|-<br />
|<br />
This is paragraph number one.<br />
<br />
This is paragraph number two.<br />
|<br />
This is paragraph number one.<br />
<br />
This is paragraph number two.<br />
|-<br />
|<br />
* This point <nowiki><br></nowiki> spans multiple lines<br />
* This point<br />
ends the list<br />
|<br />
* This point <br> spans multiple lines<br />
* This point<br />
ends the list<br />
|-<br />
|}<br />
<br />
See [[Help:Style#Blank_lines]] for information on the use of blank lines.<br />
<br />
===Bold and italics===<br />
'''Bold''' and ''italics'' are added by surrounding a word or phrase with two, three or five apostrophes ({{ic|'}}):<br />
{|border=1 width="79%" class="wikitable"<br />
!wikitext!!rendering<br />
|-<br />
|<br />
{{ic|<nowiki>''italics''</nowiki>}}<br />
|<br />
''italics''<br />
|-<br />
|<br />
{{ic|<nowiki>'''bold'''</nowiki>}}<br />
|<br />
'''bold'''<br />
|-<br />
|<br />
{{ic|<nowiki>'''''bold and italics'''''</nowiki>}}<br />
|<br />
'''''bold and italics'''''<br />
|-<br />
|}<br />
<br />
===Strike-out===<br />
Use strike-out text to show that the text no longer applies or has relevance.<br />
<br />
{|border=1 width="79%" class="wikitable"<br />
!wikitext!!rendering<br />
|-<br />
|<br />
{{bc|<nowiki><s>Strike-out text</s></nowiki>}}<br />
|<br />
<s>Strike-out text</s><br />
|-<br />
|}<br />
<br />
===Indenting===<br />
{{Note|Indenting should only be used for discussion pages, see [http://en.wikipedia.org/wiki/Wikipedia:Indentation Wikipedia:Indentation]}}<br />
<br />
To indent text, place a colon ({{ic|:}}) at the beginning of a line. The more colons you put, the further indented the text will be. A newline marks the end of the indented paragraph.<br />
<br />
{|border=1 width="79%" class="wikitable"<br />
!wikitext!!rendering<br />
|-<br />
|<br />
This is not indented at all.<br />
:This is indented slightly.<br />
::This is indented more.<br />
|<br />
This is not indented at all.<br />
:This is indented slightly.<br />
::This is indented more.<br />
|-<br />
|}<br />
=== Lists ===<br />
<br />
====Bullet points====<br />
Bullet points have no apparent order of items.<br />
To insert a bullet, use an asterisk ({{ic|*}}). Multiple {{ic|*}}s will increase the level of indentation.<br />
<br />
{|border=1 width="79%" class="wikitable"<br />
!wikitext!!rendering<br />
|-<br />
|<br />
* First item <br />
* Second item <br />
** Sub-item<br />
* Third item <br />
|<br />
* First item <br />
* Second item <br />
** Sub-item<br />
* Third item<br />
|-<br />
|}<br />
<br />
====Numbered lists====<br />
Numbered lists introduce numbering and thus order the list items. You should generally use unordered lists as long as the order in which items appear is not the primary concern.<br />
To create numbered lists, use the number sign or hash symbol ({{ic|#}}). Multiple {{ic|#}}s will increase the level of indentation.<br />
<br />
{|border=1 width="79%" class="wikitable"<br />
!wikitext!!rendering<br />
|-<br />
|<br />
# First item <br />
# Second item <br />
## Sub-item<br />
# Third item <br />
|<br />
# First item<br />
# Second item<br />
## Sub-item<br />
# Third item<br />
|-<br />
|<br />
# First item<br />
# Second item<br />
#* Sub-item<br />
# Third item<br />
|<br />
# First item<br />
# Second item<br />
#* Sub-item<br />
# Third item<br />
|-<br />
|}<br />
<br />
====Definition lists====<br />
Definition lists are defined with a leading semicolon ({{ic|;}}) and a colon ({{ic|:}}) following the term. <br />
<br />
{|border=1 width="79%" class="wikitable"<br />
!wikitext!!rendering<br />
|-<br />
|<br />
Definition lists:<br />
; Keyboard: Input device with buttons or keys<br />
; Mouse: Pointing device for two-dimensional input<br />
or<br />
; Keyboard<br />
: Input device with buttons or keys<br />
; Mouse<br />
: Pointing device for two-dimensional input<br />
|<br />
Definition lists:<br />
; Keyboard: Input device with buttons or keys<br />
; Mouse: Pointing device for two-dimensional input<br />
or<br />
; Keyboard<br />
: Input device with buttons or keys<br />
; Mouse<br />
: Pointing device for two-dimensional input<br />
|-<br />
|<br />
Use additional colons if a definition has multiple definitions:<br />
; Term<br />
: First definition<br />
: Second definition<br />
|<br />
Use additional colons if a definition has multiple definitions:<br />
; Term<br />
: First definition<br />
: Second definition<br />
|-<br />
|}<br />
<br />
Definition lists must not be simply used for formatting, see [http://www.w3.org/TR/html4/struct/lists.html#edef-DL W3's examples].<br />
<br />
===Code===<br />
To add code to the wiki, use one of the [[:Category:Template#Code formatting templates|code formatting templates]]. Alternatively, simply start each line with a single whitespace character, but be mindful of line length, as the text will ''not'' automatically wrap to fit the screen.<br />
<br />
See [[Help:Style#Code formatting templates]].<br />
<br />
===Tables===<br />
Used effectively, tables can help organize and summarize swaths of data. For advanced table syntax and formatting see [[Wikipedia:Help:Table|Help:Table]].<br />
<br />
{|border=1 width="79%" class="wikitable"<br />
!wikitext!!rendering<br />
|-<br />
|<br />
{{bc|<nowiki><br />
{| border="1"<br />
|+ Tabular data<br />
! Distro !! Color<br />
|-<br />
| Arch || Blue<br />
|-<br />
| Gentoo || Purple<br />
|-<br />
| Ubuntu || Orange<br />
|}<br />
</nowiki>}}<br />
|<br />
{| border="1"<br />
|+ Tabular data<br />
! Distro !! Color<br />
|-<br />
| Arch || Blue<br />
|-<br />
| Gentoo || Purple<br />
|-<br />
| Ubuntu || Orange<br />
|}<br />
|-<br />
|<br />
{{bc|<nowiki>{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! Filesystem !! Size !! Used !! Avail !! Use% !! Mounted on<br />
|-<br />
| rootfs || 922G || 463G || 413G || 53% || /<br />
|-<br />
| /dev || 1.9G || 0 || 1.9G || 0% || /dev<br />
|}</nowiki>}}<br />
|<br />
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! Filesystem !! Size !! Used !! Avail !! Use% !! Mounted on<br />
|-<br />
| rootfs || 922G || 463G || 413G || 53% || /<br />
|-<br />
| /dev || 1.9G || 0 || 1.9G || 0% || /dev<br />
|}<br />
|-<br />
|}<br />
<br />
==Links==<br />
Links are essential to help readers navigate the site. In general, editors should ensure that every article contains ''outgoing'' links to other articles (avoid [[Special:DeadendPages|dead-end pages]]) and is referenced by ''incoming'' links from other articles (the [[Special:WhatLinksHere|what links here]] special page can be used to display incoming links).<br />
<br />
===Internal links===<br />
You can extensively cross-reference wiki pages using internal links. You can add links to existing titles, and also to titles you think ought to exist in future.<br />
<br />
To make a link to another page on the same wiki, just put the title in double square brackets.<br />
<br />
For example, if you want to make a link to, say, the [[pacman]] article, use:<br />
<nowiki>[[pacman]]</nowiki><br />
<br />
If you want to use words other than the article title as the text of the link, you can add an alternative name after the pipe "|" divider ({{Keypress|Shift}} + {{Keypress|\}} on English-layout and similar keyboards).<br />
<br />
For example:<br />
View <nowiki>[[Arch Linux|this]]</nowiki> article...<br />
<br />
...is rendered as:<br />
:View [[Arch Linux|this]] article...<br />
<br />
When you want to use the plural of an article title (or add any other suffix) for your link, you can add the extra letters directly outside the double square brackets.<br />
<br />
For example:<br />
makepkg is used in conjunction with <nowiki>[[PKGBUILD]]s</nowiki>.<br />
<br />
...is rendered as:<br />
:makepkg is used in conjunction with [[PKGBUILD]]s.<br />
<br />
====Links to sections of a document====<br />
To create a link to a section of a document, simply add a {{ic|#}} followed by the section's heading.<br />
<br />
For example:<br />
<nowiki>[[Help:Editing#Links to sections of a document]]</nowiki><br />
<br />
...is rendered as:<br />
:[[Help:Editing#Links to sections of a document]]<br />
<br />
{{Tip|If linking to a section within the same page, the page name can be omitted (e.g. {{ic|<nowiki>[[#Links to sections of a document]]</nowiki>}}). Do not needlessly reformat same-page section links to hide the anchor symbol (e.g. {{ic|<nowiki>[[#Links to sections of a document|Links to sections of a document]]</nowiki>}}).}}<br />
<br />
===Interlanguage links===<br />
See [[Help:i18n#Interlanguage links]]<br />
<br />
===Interwiki links===<br />
So-called ''interwiki links'' can be used to easily link to articles in other external Wikis, like Wikipedia for example. The syntax for for this link type is the wiki name followed by a colon and the article you want to link to enclosed in double square brackets.<br />
<br />
If you want to link to the [[Wikipedia:Arch Linux]] article you can use the following:<br />
<nowiki>[[Wikipedia:Arch Linux]]</nowiki><br />
<br />
Or you can create a piped link with an alternate link label to the [[Wikipedia:Arch Linux|Arch Linux Wikipedia article]]:<br />
<nowiki>[[Wikipedia:Arch Linux|Arch Linux Wikipedia article]]</nowiki><br />
<br />
{{Note|Using a piped link with an alternative link label should be reserved for abbreviating longer URLs.}}<br />
<br />
See: [[Wikipedia:InterWikimedia links]]<br />
<br />
===External links===<br />
If you want to link to an external site, just type the full URL for the page you want to link to.<br />
<nowiki>http://www.google.com/</nowiki><br />
<br />
It is often more useful to make the link display something other than the URL, so use one square bracket at each end, with the alternative title after the address separated by a '''space''' (''not'' a pipe). So if you want the link to appear as [http://www.google.com/ Google search engine], just type:<br />
<nowiki>[http://www.google.com/ Google search engine]</nowiki><br />
<br />
{{Note|If linking to another ArchWiki or Wikipedia page, '''use [[#Internal links]] or [[#Interwiki links]] rather than external links!''' That is, if your link starts with https://wiki.archlinux.org/ '''use an internal link;''' if your link starts with http://en.wikipedia.org/ '''use an interwiki link!'''}}<br />
<br />
==Redirects==<br />
To redirect automatically from one page to another, add {{ic|<nowiki>#REDIRECT</nowiki>}} and an internal link to the page to be redirected to at the beginning of a page. <br />
<br />
For example, you could redirect from "Cats" to "Cat":<br />
<nowiki>#REDIRECT [[Cat]]</nowiki><br />
<br />
Thus, anyone typing either version in the search box will automatically go to "Cat".<br />
<br />
Any content after the redirect will not be rendered when the page is displayed. However, category tags will still have the desired effect, and can be used to ensure that a redirect is included in category listings.<br />
<br />
==Wiki variables, magic words, and templates==<br />
MediaWiki recognizes certain special strings within an article that alter standard behavior. For example, adding the word {{ic|<nowiki>__NOTOC__</nowiki>}} anywhere in an article will prevent generation of a table of contents. Similarly, the word {{ic|<nowiki>__TOC__</nowiki>}} can be used to alter the default position of the table of contents. See [http://www.mediawiki.org/wiki/Help:Magic_words Help:Magic words] for details.<br />
<br />
Templates and variables are predefined portions of wikitext that can be inserted into an article to aid in formatting content. <br />
<br />
Variables are defined by the system and can be used to display information about the current page, wiki, or date. For example, use {{ic|<nowiki>{{SITENAME}}</nowiki>}} to display the wiki's site name (which, on this wiki, is: '''''{{SITENAME}}'''''). To set an alternate title header for the current page, another wiki variable can be used: {{ic|<nowiki>{{DISPLAYTITLE:New Title}}</nowiki>}} (only capitalization changes are permitted).<br />
<br />
Templates, on the other hand, are user-defined. The content of ''any'' page can be included in another page by adding {{ic|<nowiki>{{Namespace:Page Name}}</nowiki>}} to an article, but this is rarely used with pages outside the ''Template'' namespace. (If the namespace is omitted, ''Template'' is assumed.) For example, [[Template:Note]], which can be included in an article with the following wikitext:<br />
<br />
{{bc|<nowiki>{{Note|This is a note.}}</nowiki>}}<br />
<br />
...is rendered as:<br />
<br />
{{Note|This is a note.}}<br />
<br />
See [[Help:Template]] for more information.<br />
<br />
==Discussion pages==<br />
Discussion or "talk" pages are for communicating with other ArchWiki users.<br />
<br />
To discuss any page, go to that page and then click the "discussion" tab at the top of the page. Add a new comment at the end of the page or reply below an existing comment. Use [[#Indenting|indenting]] to format your discussion. Standard practice is to indent your reply one more level deep than the person to whom you are replying. Further, you should insert your comment beneath the one to which you are replying, but below others who are doing the same.<br />
<br />
Sign comments by typing {{ic|<nowiki>~~~~</nowiki>}} to insert your username and a timestamp. Avoid editing another user's comments.<br />
<br />
Experiment by editing the [[Talk:Sandbox|talk page of the Sandbox]].<br />
<br />
===User talk pages===<br />
Note the difference between a user page, and a user talk page. Everyone may have a user talk page on which other people can leave public messages. If one does not exist for a particular user, you may create it so that you can leave a comment. If someone has left you a message on yours, you will see a note saying "You have new messages" with a link to your own user talk page: in this case you are supposed to reply on your own talk page ''beneath'' the original message with appropriate indentation. Please avoid replying to a discussion on a different talk page, for example the one of the user who contacted you, since such a style of communication creates disconnects with the flow of information regarding the subject at hand.<br />
<br />
Do not edit a user's own page without permission (i.e. ''<nowiki>[[User:Name]]</nowiki>''); these serve as personal user spaces. The "user ''talk'' page" is the correct place for communicating (other than sending private email if the address is published).</div>Aws