https://wiki.archlinux.org/api.php?action=feedcontributions&user=FarmerF&feedformat=atomArchWiki - User contributions [en]2024-03-28T17:25:55ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Kodi&diff=248449Kodi2013-02-25T19:42:35Z<p>FarmerF: /* Autostarting at boot */</p>
<hr />
<div>[[Category:Player]]<br />
XBMC (formerly "Xbox Media Center") is a free, [http://www.gnu.org/copyleft/gpl.html open source (GPL)] multimedia player that originally ran on the first-generation [[Wikipedia:Microsoft Xbox|XBox]], (not the newer Xbox 360), and now runs on computers running Linux, Mac OS X, Windows, and iOS. XBMC can be used to play/view the most popular video, audio, and picture formats, and many more lesser-known formats, including: <br />
<br />
* Video - DVD-Video, VCD/SVCD, MPEG-1/2/4, DivX, XviD, Matroska <br />
* Audio - MP3, AAC. <br />
* Picture - JPG, GIF, PNG. <br />
<br />
These can all be played directly from a CD/DVD, or from the hard-drive. XBMC can also play multimedia from a computer over a local network (LAN), or play media streams directly from the Internet. For more information, see the [http://wiki.xbmc.org/index.php?title=XBMC_FAQ XBMC FAQ].<br />
<br />
==Installation==<br />
<br />
{{Note|These instructions assume you have a working X installation. If you have not done this yet, please consult [[Beginners_Guide#Graphical_User_Interface]].}}<br />
<br />
The stable version of XBMC is available in the community repo:<br />
<br />
{{bc|# pacman -Syu xbmc}}<br />
<br />
The SVN (testing) version of XBMC can be downloaded from the [[AUR]] ([https://aur.archlinux.org/packages.php?ID=45036 XBMC-git]), e.g. using yaourt:<br />
<br />
{{bc|# yaourt -Syua xbmc-git}}<br />
<br />
{{Warning|This is not the recommended way of using XBMC, as svn versions are always on the bleeding edge of development and thus can break sometimes. If you want a stable media center experience, go with the stable releases.}}<br />
<br />
==Configuration==<br />
<br />
===Autostarting at boot===<br />
<br />
To use XBMC on HTPC you may want to start XBMC automatically on boot. Since version 11.0-11 {{ic|xbmc}} package includes the xbmc group, user, and service file necessary to do this.<br />
<br />
To make XBMC start at system boot you should simply enable the service:<br />
<br />
{{bc|# systemctl enable xbmc}}<br />
<br />
===Enabling shutdown, restart, hibernate and suspend===<br />
<br />
Since version 12 XBMC supports power management via systemd logind daemon. To enable it you should have {{ic|polkit}} installed on your system.<br />
<br />
Add the following rule file which will allow users added to ''power'' group shutdown, restart, hibernate and suspend computer.<br />
<br />
{{hc|/etc/polkit-1/rules.d/10-xbmc.rules|2=<br />
polkit.addRule(function(action, subject) {<br />
if(action.id.match("org.freedesktop.login1.") && subject.isInGroup("power")) {<br />
return polkit.Result.YES;<br />
}<br />
});<br />
}}<br />
<br />
===Using a Remote===<br />
<br />
As XBMC is geared toward being a remote-controlled media center, if your computer has an IR receiver, you will probably want to set up a remote using [[LIRC]]. Once you are sure your remote is working properly (tested with {{ic|$ irw}}), add '''lircd''' to your [[Daemons#Starting_on_Boot|DAEMONS Array]] and you'll be ready to create an Lircmap.xml file for it.<br />
<br />
Using your favorite text editor, you'll need to go in and create an [[Wikipedia:XML|XML]] file at {{ic|~/.xbmc/userdata/Lircmap.xml}} (note the capital 'L'). Lircmap.xml format is as follows: <br />
<br />
{{bc|1=<lircmap><br />
<remote device="devicename"><br />
<XBMC_button>LIRC_button</XBMC_button><br />
...<br />
</remote><br />
</lircmap>}}<br />
<br />
* '''Device Name''' is whatever LIRC calls your remote. This is set using the '''Name''' directive in lircd.conf and can be viewed by running {{ic|$ irw}} and pressing a few buttons on the remote. IRW will report the name of the button pressed and the name of the remote will appear on the end of the line.<br />
<br />
* '''XBMC_button''' is the name of the button as defined in [http://wiki.xbmc.org/index.php?title=Keymap.xml keymap.xml].<br />
<br />
* '''LIRC_button''' is the name as defined in {{ic|lircd.conf}}. If you automatically generated your lircd.conf using {{ic|# irrecord}}, these are the names you selected for your button then. Refer back to [[LIRC]] for more information.<br />
<br />
* You may want to check out the very thorough [http://wiki.xbmc.org/index.php?title=Lircmap.xml Lircmap.xml] page over at the [http://wiki.xbmc.org/index.php?title=Main_Page XBMC Wiki] for more help and information on this subject.<br />
<br />
==== MCE Remote with Lirc and Systemd ====<br />
<br />
Install lirc-utils and link the mce config:<br />
<br />
{{bc|pacman -S lirc-utils<br />
ln -s /usr/share/lirc/remotes/mceusb/lircd.conf.mceusb /etc/lirc/lircd.conf}}<br />
<br />
Then, make sure the remote is using the lirc protocol.<br />
<br />
{{bc|cat /sys/class/rc/rc0/protocols # [lirc] should be selected<br />
echo lirc > /sys/class/rc/rc0/protocols # manually set lirc}}<br />
<br />
A udev rule can be added to make lirc the default. A write rule doesn't seem to work, so a simple RUN command can be executed instead.<br />
<br />
{{hc|/etc/udev/rules.d/99-lirc.rules|2=<br />
KERNEL=="rc*", SUBSYSTEM=="rc", ATTR{protocols}=="*lirc*", RUN+="/bin/sh -c 'echo lirc > $sys$devpath/protocols'"}}<br />
<br />
Next, specify the lirc device. This varies with kernel version. As of 3.6.1 {{ic|/dev/lirc0}} should work with the default driver.<br />
<br />
{{hc|/etc/conf.d/lircd.conf|2=<br />
#<br />
# Parameters for lirc daemon<br />
#<br />
<br />
LIRC_DEVICE="/dev/lirc0"<br />
LIRC_DRIVER="default"<br />
LIRC_EXTRAOPTS=""<br />
LIRC_CONFIGFILE=""}}<br />
<br />
The default service file for lirc ignores this conf file. So we need to create a custom one.<br />
<br />
{{hc|/etc/systemd/system/lirc.service|2=<br />
[Unit]<br />
Description=Linux Infrared Remote Control<br />
<br />
[Service]<br />
EnvironmentFile=/etc/conf.d/lircd.conf<br />
ExecStartPre=/usr/bin/ln -sf /run/lirc/lircd /dev/lircd<br />
ExecStart=/usr/sbin/lircd --pidfile=/run/lirc/lircd.pid --device=${LIRC_DEVICE} --driver=${LIRC_DRIVER}<br />
Type=forking<br />
PIDFile=/run/lirc/lircd.pid<br />
<br />
[Install]<br />
WantedBy=multi-user.target}}<br />
<br />
Finally, enable and start the lirc service.<br />
<br />
{{bc|systemctl enable lirc<br />
systemctl start lirc}}<br />
<br />
This should give a fully working mce remote.<br />
<br />
===Fullscreen mode stretches XBMC accross multiple displays===<br />
<br />
If you have got a multi-monitor setup and don't want XBMC to stretch accross all screens, you can restrict the fullscreen mode to one display, by setting the environment variable SDL_VIDEO_FULLSCREEN_HEAD to the number of the desired target display. For example if you want XBMC to show up on display 0 you can add the following line to your [[Bashrc]]:<br />
<br />
{{bc|1=SDL_VIDEO_FULLSCREEN_HEAD=0}}<br />
<br />
{{Note|Mouse corsor will be hold inside screen with XBMC.}}<br />
<br />
===Slowing down CD/DVD drive speed===<br />
The {{ic|eject}} program from the {{ic|util-linux}} package does a nice job for this, but its setting is cleared as soon as the media is changed.<br />
<br />
This udev-rule reduces the speed permanently:<br />
<br />
{{hc|/etc/udev/rules.d/dvd-speed.rules|2=<br />
KERNEL=="sr0", ACTION=="change", ENV{DISK_MEDIA_CHANGE}=="1", RUN+="/usr/bin/eject -x 2 /dev/sr0"<br />
}}<br />
<br />
Replace {{ic|sr0}} with the device name of your optical drive. Replace {{ic|-x 2}} with {{ic|-x 4}} if you prefer 4x-speed instead of 2x-speed.<br />
<br />
After creating the file, reload the udev rules with<br />
{{bc|udevadm control --reload}}<br />
<br />
==Resources==<br />
<br />
* [http://wiki.xbmc.org/index.php?title=Main_Page XBMC Wiki]: An excellent resource with much information about Arch Linux specifically (upon which the original version of this article was largely based).</div>FarmerFhttps://wiki.archlinux.org/index.php?title=E17&diff=131264E172011-02-17T08:39:32Z<p>FarmerF: /* Compiling with easy_e17.sh */</p>
<hr />
<div>[[Category:Desktop environments (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|E17}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|The Enlightenment project provides useful libraries, a graphical environment and other applications as well as development tools for creating such applications. This article covers its installation, configuration, and troubleshooting.}}<br />
{{Article summary text|E17 uses the [[Elementary]] toolkit.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Graphical user interface overview}}}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Enlightenment}}<br />
{{Article summary end}}<br />
<br />
From [http://trac.enlightenment.org/e/wiki/Enlightenment Enlightenment - Enlightenment]:<br />
<br />
:''The Enlightenment desktop shell provides an efficient yet breathtaking window manager based on the Enlightenment Foundation Libraries along with other essential desktop components like a file manager, desktop icons and widgets. It boasts a unprecedented level of theme-ability while still being capable of performing on older hardware or embedded devices.''<br />
<br />
E17 is the development release 17 (DR17) of the [[Enlightenment]] [[Desktop Environment]]. It comprises both the Enlightenment [[window manager]] and Enlightenment Foundation Libraries (EFL), which provide additional desktop environment features such as a toolkit, object canvas, and abstracted objects. E17 has been under development since 2005, but in February 2011 the core EFLs saw their first stable 1.0 release. Enlightenment the window manager is still in the beta stages, but is already quite usable. Many people currently use E17 as a day-to-day desktop environment without problems.<br />
<br />
== Installing E17 ==<br />
<br />
=== From the community repository (SVN snapshots) ===<br />
<br />
{{Note|Make sure the [[community repository]] is enabled in your {{Filename|/etc/pacman.conf}}.}}<br />
<br />
To install e17:<br />
pacman -S e-svn<br />
<br />
To install additional e17 modules and applications:<br />
pacman -S e17-extra-svn<br />
<br />
You might also want to install additional [[Fonts]], see [[Fonts#Desktop environments|recommended fonts for Desktop Environments]] in particular.<br />
<br />
If you need/want an e17 package which is not (yet) available in [community], see if it is available in the [[AUR]].<br />
<br />
{{Warning|As e17 is still alpha software you are encouraged to keep packages of the previous version on your computer, allowing you to [[downgrade]] if needed.}}<br />
<br />
=== Compiling and packaging with ArchE17 script ===<br />
<br />
You can build your own Arch Linux e17 packages with a small python script called [http://dev.archlinux.org/~ronald/e17.html ArchE17].<br />
<br />
=== Compiling with easy_e17.sh ===<br />
<br />
{{Codeline|easy_e17.sh}} compiles E17 from source and installs it in {{Filename|/opt/e17}}. It does not create packages and therefore does not install dependencies automatically.<br />
<br />
# Get it from the [[AUR]]: {{Package AUR|easy-e17}}.<br />
# Edit {{Filename|/etc/easy_e17.conf}} if you want.<br />
# Run it as root to install E17: <pre># easy_e17.sh -i</pre><br />
{{Warning|This will install the latest svn version. For a stable result add the <nowiki>--srcrev=</nowiki> parameter with the latest stable revision. For beta 3 use 55246 as argument.}}<br />
<br />
# Put {{Filename|/opt/e17/bin}} in your {{Codeline|PATH}} by editing {{Filename|/etc/profile}}. For example, you can add this line at the end of the file: <pre>PATH="$PATH:/opt/e17/bin"</pre><br />
# If, after completing the install, xinitrc complains that it cannot find enlightenment upon starting, you may need to add these lines to the end of /etc/profile as well:<br />
PYTHONPATH=":$PYTHONPATH"<br />
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/e17/lib"<br />
<br />
If you encounter any errors while trying to install E17, first check to make sure it isn't a dependency problem. If it is, install the dependency and continue installing e17.<br />
<br />
To update E17 without using the program mentioned below, run this command as root:<br />
# easy_e17.sh -u<br />
<br />
==== Update_e17.sh ====<br />
<br />
{{Codeline|update_e17.sh}} is a zenity script which is made to accompany {{Codeline|easy_e17.sh}}. It makes several aspects of updating e17 easier as it can backup and restore your E17 svn tree (in case there is breakage), as well as roll it back to a specific revision (again, in case of breakage) or even let you know when a new revision has come around on E17's svn tree. See [http://cafelinux.org/OzOs/content/how-administer-your-ozos-e17-desktop this page] for more information on this optional component. You can get it from the [[AUR]]: {{Package AUR|oz-e17-tools}}.<br />
<br />
== Starting E17 ==<br />
<br />
If you use {{Codeline|startx}} or a simple [[Display Manager]] like XDM or [[SLiM]], add or uncomment the following command in [[xinitrc]]:<br />
exec enlightenment_start<br />
<br />
More advanced display managers like [[GDM]] and [[KDM]] will automatically detect E17 thanks to the {{Filename|/usr/share/xsessions/enlightenment.desktop}} file provided by the {{Codeline|e-svn}} package.<br />
<br />
== Configuring the Network ==<br />
<br />
Enlightenment's preferred network manager is [[Connman]], so the you'll want to download [http://aur.archlinux.org/packages.php?ID=25181 connman] from the [[AUR]]. You don't need to follow any of the other instructions on the [[Connman|Connman wiki page]] -- at least that's my assumption; the current build of ConnMan already includes network policy group section (although with only one statement, not three).<br />
<br />
Next, edit your {{Codeline|/etc/rc.conf}}. Remove '''network''' from your DAEMONS line. Add '''connmand''' (don't forget the '''d''') ''after'' '''dbus''' and '''hal'''.<br />
<br />
ConnMan loads very quickly and appears to handle DHCP quite nicely. If you've installed [[Wpa_supplicant]], ConnMan latches onto that shows all available wireless connections.<br />
<br />
== Installing Themes ==<br />
<br />
More themes to customize the look of e17 are available from:<br />
* [http://exchange.enlightenment.org/ exchange.enlightenment.org], for which you can use the {{Package AUR|e17-themes}} [[AUR]] package<br />
* [http://www.e17-stuff.org e17-stuff.org]<br />
<br />
You can install the themes (coming in .edj format) from the configuration dialog.<br />
<br />
You can also change the theme for the etk toolkit (the one which is used by exhibit). You can start the dialog to change the etk toolkit by starting {{Codeline|etk_prefs}}.<br />
<br />
== FAQs ==<br />
<br />
=== What happened to Entrance ? ===<br />
<br />
{{Codeline|entrance}}, a [[Display Manager]] based on the EFLs, is no longer maintained thus packages for it have been dropped. Elsa, a new display manager is now available {{Package AUR|elsa-svn}} [[AUR]].<br />
<br />
== Troubleshooting ==<br />
<br />
If you find some unexpected behavior, there are a few things you can do:<br />
# try to see if the same behavior exists with the default theme<br />
# backup {{Filename|~/.e}} and remove it (e.g. {{Codeline|mv ~/.e ~/.e.back}}).<br />
<br />
If you are sure you found a bug please report it directly upstream.<br />
<br />
=== Cursors ===<br />
<br />
If X complains about X cursors not being available, install the {{Package Official|libxcursor}} package.<br />
<br />
=== Screen unlocking doesn't work ===<br />
<br />
If screenlock does not accept your password add the following to {{Filename|/etc/pam.d/enlightenment}}:<br />
auth required pam_unix_auth.so<br />
<br />
=== Unreadable fonts ===<br />
<br />
If fonts are too small and your screen is unreadable, be sure the right font packages are installed:<br />
pacman -S ttf-dejavu ttf-bitstream-vera<br />
<br />
== External Links ==<br />
<br />
* [http://exchange.enlightenment.org/ exchange.enlightenment.org]<br />
* [http://e17-stuff.org/ e17-stuff.org]</div>FarmerFhttps://wiki.archlinux.org/index.php?title=E17&diff=131263E172011-02-17T08:39:00Z<p>FarmerF: Added information about --srcrev option</p>
<hr />
<div>[[Category:Desktop environments (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|E17}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|The Enlightenment project provides useful libraries, a graphical environment and other applications as well as development tools for creating such applications. This article covers its installation, configuration, and troubleshooting.}}<br />
{{Article summary text|E17 uses the [[Elementary]] toolkit.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Graphical user interface overview}}}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Enlightenment}}<br />
{{Article summary end}}<br />
<br />
From [http://trac.enlightenment.org/e/wiki/Enlightenment Enlightenment - Enlightenment]:<br />
<br />
:''The Enlightenment desktop shell provides an efficient yet breathtaking window manager based on the Enlightenment Foundation Libraries along with other essential desktop components like a file manager, desktop icons and widgets. It boasts a unprecedented level of theme-ability while still being capable of performing on older hardware or embedded devices.''<br />
<br />
E17 is the development release 17 (DR17) of the [[Enlightenment]] [[Desktop Environment]]. It comprises both the Enlightenment [[window manager]] and Enlightenment Foundation Libraries (EFL), which provide additional desktop environment features such as a toolkit, object canvas, and abstracted objects. E17 has been under development since 2005, but in February 2011 the core EFLs saw their first stable 1.0 release. Enlightenment the window manager is still in the beta stages, but is already quite usable. Many people currently use E17 as a day-to-day desktop environment without problems.<br />
<br />
== Installing E17 ==<br />
<br />
=== From the community repository (SVN snapshots) ===<br />
<br />
{{Note|Make sure the [[community repository]] is enabled in your {{Filename|/etc/pacman.conf}}.}}<br />
<br />
To install e17:<br />
pacman -S e-svn<br />
<br />
To install additional e17 modules and applications:<br />
pacman -S e17-extra-svn<br />
<br />
You might also want to install additional [[Fonts]], see [[Fonts#Desktop environments|recommended fonts for Desktop Environments]] in particular.<br />
<br />
If you need/want an e17 package which is not (yet) available in [community], see if it is available in the [[AUR]].<br />
<br />
{{Warning|As e17 is still alpha software you are encouraged to keep packages of the previous version on your computer, allowing you to [[downgrade]] if needed.}}<br />
<br />
=== Compiling and packaging with ArchE17 script ===<br />
<br />
You can build your own Arch Linux e17 packages with a small python script called [http://dev.archlinux.org/~ronald/e17.html ArchE17].<br />
<br />
=== Compiling with easy_e17.sh ===<br />
<br />
{{Codeline|easy_e17.sh}} compiles E17 from source and installs it in {{Filename|/opt/e17}}. It does not create packages and therefore does not install dependencies automatically.<br />
<br />
# Get it from the [[AUR]]: {{Package AUR|easy-e17}}.<br />
# Edit {{Filename|/etc/easy_e17.conf}} if you want.<br />
# Run it as root to install E17: <pre># easy_e17.sh -i</pre><br />
{{Warning|This will install the latest svn version. For a stable result add the <nowiki>--srcrev=</nowiki> parameter with the latste stable revision. For beta 3 use 55246 as argument.}}<br />
<br />
# Put {{Filename|/opt/e17/bin}} in your {{Codeline|PATH}} by editing {{Filename|/etc/profile}}. For example, you can add this line at the end of the file: <pre>PATH="$PATH:/opt/e17/bin"</pre><br />
# If, after completing the install, xinitrc complains that it cannot find enlightenment upon starting, you may need to add these lines to the end of /etc/profile as well:<br />
PYTHONPATH=":$PYTHONPATH"<br />
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/e17/lib"<br />
<br />
If you encounter any errors while trying to install E17, first check to make sure it isn't a dependency problem. If it is, install the dependency and continue installing e17.<br />
<br />
To update E17 without using the program mentioned below, run this command as root:<br />
# easy_e17.sh -u<br />
<br />
==== Update_e17.sh ====<br />
<br />
{{Codeline|update_e17.sh}} is a zenity script which is made to accompany {{Codeline|easy_e17.sh}}. It makes several aspects of updating e17 easier as it can backup and restore your E17 svn tree (in case there is breakage), as well as roll it back to a specific revision (again, in case of breakage) or even let you know when a new revision has come around on E17's svn tree. See [http://cafelinux.org/OzOs/content/how-administer-your-ozos-e17-desktop this page] for more information on this optional component. You can get it from the [[AUR]]: {{Package AUR|oz-e17-tools}}.<br />
<br />
== Starting E17 ==<br />
<br />
If you use {{Codeline|startx}} or a simple [[Display Manager]] like XDM or [[SLiM]], add or uncomment the following command in [[xinitrc]]:<br />
exec enlightenment_start<br />
<br />
More advanced display managers like [[GDM]] and [[KDM]] will automatically detect E17 thanks to the {{Filename|/usr/share/xsessions/enlightenment.desktop}} file provided by the {{Codeline|e-svn}} package.<br />
<br />
== Configuring the Network ==<br />
<br />
Enlightenment's preferred network manager is [[Connman]], so the you'll want to download [http://aur.archlinux.org/packages.php?ID=25181 connman] from the [[AUR]]. You don't need to follow any of the other instructions on the [[Connman|Connman wiki page]] -- at least that's my assumption; the current build of ConnMan already includes network policy group section (although with only one statement, not three).<br />
<br />
Next, edit your {{Codeline|/etc/rc.conf}}. Remove '''network''' from your DAEMONS line. Add '''connmand''' (don't forget the '''d''') ''after'' '''dbus''' and '''hal'''.<br />
<br />
ConnMan loads very quickly and appears to handle DHCP quite nicely. If you've installed [[Wpa_supplicant]], ConnMan latches onto that shows all available wireless connections.<br />
<br />
== Installing Themes ==<br />
<br />
More themes to customize the look of e17 are available from:<br />
* [http://exchange.enlightenment.org/ exchange.enlightenment.org], for which you can use the {{Package AUR|e17-themes}} [[AUR]] package<br />
* [http://www.e17-stuff.org e17-stuff.org]<br />
<br />
You can install the themes (coming in .edj format) from the configuration dialog.<br />
<br />
You can also change the theme for the etk toolkit (the one which is used by exhibit). You can start the dialog to change the etk toolkit by starting {{Codeline|etk_prefs}}.<br />
<br />
== FAQs ==<br />
<br />
=== What happened to Entrance ? ===<br />
<br />
{{Codeline|entrance}}, a [[Display Manager]] based on the EFLs, is no longer maintained thus packages for it have been dropped. Elsa, a new display manager is now available {{Package AUR|elsa-svn}} [[AUR]].<br />
<br />
== Troubleshooting ==<br />
<br />
If you find some unexpected behavior, there are a few things you can do:<br />
# try to see if the same behavior exists with the default theme<br />
# backup {{Filename|~/.e}} and remove it (e.g. {{Codeline|mv ~/.e ~/.e.back}}).<br />
<br />
If you are sure you found a bug please report it directly upstream.<br />
<br />
=== Cursors ===<br />
<br />
If X complains about X cursors not being available, install the {{Package Official|libxcursor}} package.<br />
<br />
=== Screen unlocking doesn't work ===<br />
<br />
If screenlock does not accept your password add the following to {{Filename|/etc/pam.d/enlightenment}}:<br />
auth required pam_unix_auth.so<br />
<br />
=== Unreadable fonts ===<br />
<br />
If fonts are too small and your screen is unreadable, be sure the right font packages are installed:<br />
pacman -S ttf-dejavu ttf-bitstream-vera<br />
<br />
== External Links ==<br />
<br />
* [http://exchange.enlightenment.org/ exchange.enlightenment.org]<br />
* [http://e17-stuff.org/ e17-stuff.org]</div>FarmerFhttps://wiki.archlinux.org/index.php?title=TOMOYO_Linux&diff=128394TOMOYO Linux2011-01-18T13:22:38Z<p>FarmerF: Tomoyo 2 should be edited with tomoyo-editpolicy not ccs-editpolicy</p>
<hr />
<div>[[Category:Security (English)]]<br />
[[Category:Kernel (English)]]<br />
[[Category:Networking (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[http://tomoyo.sourceforge.jp/ TOMOYO Linux] is Mandatory Access Control (MAC) implementation for Linux. It was launched in March 2003 and is sponsored by [http://www.nttdata.co.jp/en/ NTT Data Corporation]. TOMOYO Linux focuses on the behaviour of a system, allowing each process to declare behaviours and resources needed to achieve its purpose. It can be used as a system analysis tool as well as an access restriction tool.<br />
<br />
The security goal of TOMOYO Linux is to provide "MAC that covers practical requirements for most users and keeps usable for most administrators". TOMOYO Linux is not a tool or security professional but for average users and administrators.<br />
{{Note|This article does not aim to be an exhaustive guide and should be used as a supplement to the extensive [http://tomoyo.sourceforge.jp/ user documentation] provided by the project.}}<br />
{{Tip|TOMOYO Linux 2.x is the easiest choice for basic MAC of files, while AKARI can accommodate for more advanced MAC. Users that are more advanced or need greater security can compile kernel26-ccs to make use of full TOMOYO Linux 1.x functionality.}}<br />
<br />
==Introduction==<br />
TOMOYO Linux attempts to make the system where everything is prearranged in an easy to understand way:<br />
* Make all access requests that will occur at least once during the lifetime of the kernel known in advance<br />
* Allow the administrator to write a policy that only allows expected and desirable access requests<br />
Unlike AppArmor, TOMOYO Linux is intended to protect the whole system from attackers exploiting vulnerabilities in applications. TOMOYO Linux addresses this threat by recording the behaviour of all applications in the test environment and then forcing all applications to act within these recorded behaviours in the production environment.<br />
<br />
TOMOYO Linux is not for users wanting ready-made policy files supplied by others. It involves creating policy from scratch, aided by the "learning mode" which can automatically generate policy files with necessary and sufficient permissions for a specific system. TOMOYO Linux reports what is happening within the Linux system and can therefore be used as a system analysis tool. It resembles strace and reports what is being executed by each program and what files/networks are accessed.<br />
<br />
This [http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#comparison table] provides a comprehensive comparison of TOMOYO Linux with [[AppArmor]], [[SELinux]] and [http://schaufler-ca.com/ SMACK].<br />
<br />
==Branches of development==<br />
[http://tomoyo.sourceforge.jp/1.8/index.html.en TOMOYO Linux 1.x] is the original branch of development. TOMOYO Linux was first released on 11th November 2005. It was implemented as a patch that can be applied to the Linux kernel and is still in active development. It can coexist with other security modules such as SELinux, SMACK and AppArmor.<br />
<br />
[http://tomoyo.sourceforge.jp/2.3/index.html.en TOMOYO Linux 2.x] is the Linux mainline kernel branch of development. In June 2009, TOMOYO was merged into the Linux kernel version 2.6.30 and it uses standard Linux Security Module (LSM) hooks. However, the LSM hooks must be extended further in order to port the full MAC functionality of TOMOYO Linux into the Linux kernel. Thus, it does not yet provide equal functionality with the 1.x branch of development. This [http://tomoyo.sourceforge.jp/comparison.html.en chart] compares the differences between each branch.<br />
<br />
[http://akari.sourceforge.jp/ AKARI] is based on the TOMOYO Linux 1.x branch and is implemented as a Loadable Kernel Module (LKM). It therefore has the advantage of not requiring the user to patch and recompile the kernel. This [http://akari.sourceforge.jp/comparison.html table] provides a comprehensive comparison of AKARI with the TOMOYO Linux 1.x and 2.x branches.<br />
<br />
==TOMOYO Linux 1.x==<br />
Implementing TOMOYO Linux 1.x using a kernel patched with ccs-patch provides the full functionality obtainable from the TOMOYO Linux project. However, implementation of this branch requires the most hurdles to be overcome, as the kernel must be patched with [http://sourceforge.jp/projects/tomoyo/ ccs-patch] and subsequently recompiled.<br />
<br />
Both kernel26-ccs and the userspace tools must be installed. A package for [http://aur.archlinux.org/packages.php?ID=44131 kernel-ccs] and a package for [http://aur.archlinux.org/packages.php?ID=42606 ccs-tools] are available on the AUR.<br />
<br />
===Initializing configuration===<br />
The policy must first be initialized:<br />
# /usr/lib/ccs/init_policy<br />
The policy files are saved in the /etc/css/ directory and can be edited by running:<br />
# ccs-editpolicy<br />
<br />
==AKARI==<br />
===Limitations of AKARI===<br />
AKARI has the advantage of not requiring kernel recompilation. If using the TOMOYO Linux project purely for system analysis, then AKARI is the easiest method of achieving this. If using the TOMOYO Linux project for system restriction, it is a minimal effort way to gain most of the functionality of the TOMOYO Linux 1.x branch. However, there are a few limitations that must be considered:<br />
* It depends on the kernel version and configuration provided by the distribution:<br />
<pre><br />
CONFIG_SECURITY=y [required]<br />
CONFIG_KALLSYMS=y [required]<br />
CONFIG_PROC_FS=y [required]<br />
CONFIG_MODULES=y [required]<br />
CONFIG_SECURITY_PATH=y [optional: for using absolute pathnames]<br />
CONFIG_SECURITY_NETWORK=y [optional: for providing network restriction]<br />
</pre><br />
* The restriction of a few advanced networking operations are limited or unavailable due to the absence of required LSM hooks<br />
* Restricting use of [http://en.wikipedia.org/wiki/Capability-based_security capabilities] is not possible<br />
* Looking up per-task variables is slower as they are managed outside "struct task_struct" in order to keep KABI unchanged. However, this should not be noticeable for the typical end-user as performance decrease by pathname based permission checking is dominant<br />
This [http://akari.sourceforge.jp/comparison.html table] provides a comprehensive comparison of AKARI with the TOMOYO Linux 1.x and 2.x branches.<br />
<br />
{{Note|The Arch Linux kernel from 2.6.36 onwards provides all of the configuration options required for full functionality.}}<br />
<br />
===Installation===<br />
Both AKARI and the userspace tools must be installed. A package for [http://aur.archlinux.org/packages.php?ID=42608 AKARI] and a package for [http://aur.archlinux.org/packages.php?ID=42606 ccs-tools] are available on the AUR.<br />
<br />
The bootloader configuration must be changed in order to activate AKARI:<br />
title Arch Linux<br />
root (hd0,0)<br />
kernel /boot/vmlinuz26 root=/dev/sda1 ro init=/sbin/ccs-init<br />
initrd /boot/kernel26.img<br />
<br />
===Initializing configuration===<br />
The policy must first be initialized:<br />
# /usr/lib/ccs/init_policy --module_name=akari<br />
The policy files are saved in the /etc/css/ directory and can be edited by running:<br />
# ccs-editpolicy<br />
<br />
==TOMOYO Linux 2.x==<br />
===Limitations of TOMOYO Linux 2.x===<br />
The implementation of TOMOYO Linux 2.x into the Linux mainline kernel is not yet complete but is still effective for MAC of files. It does not yet support the restriction of:<br />
* file attribute and namespace manipulation<br />
* capabilities<br />
* network<br />
* signal<br />
* environment variables<br />
* local port reservation<br />
This [http://tomoyo.sourceforge.jp/comparison.html.en chart] has a more comprehensive comparison of the differences between each branch of development.<br />
<br />
===Installation===<br />
TOMOYO Linux 2.x is part of the Linux mainline kernel and, in addition to those previously mentioned, requires the following kernel configuration:<br />
CONFIG_SECURITY_TOMOYO=y<br />
{{note|The Arch Linux kernel from 2.6.36 onwards provides all of the configuration options required for full functionality.}}<br />
<br />
If the kernel supports TOMOYO Linux 2.x, then only the userspace tools need to be installed. <br />
* For kernel versions between 2.6.30 and 2.6.35, tomoyo-tools 2.2.x should be installed. A package is available on the [http://aur.archlinux.org/packages.php?ID=42272 AUR]<br />
* For kernel versions 2.6.36 and above, tomoyo-tools 2.3.x should be installed. A package is available on the [http://aur.archlinux.org/packages.php?ID=39931 AUR]<br />
<br />
===Initializing configuration===<br />
The policy must first be initialized:<br />
# /usr/lib/tomoyo/init_policy<br />
The policy files are saved in the /etc/tomoyo/ directory and can be edited by running:<br />
# tomoyo-editpolicy<br />
<br />
==Usage==<br />
It is important to consult the relevant documentation in order to use TOMOYO Linux or AKARI effectively:<br />
* [http://akari.sourceforge.jp/index.html.en AKARI documentation]<br />
* [http://tomoyo.sourceforge.jp/1.8/index.html.en TOMOYO Linux 1.8.x documentation]<br />
* [http://tomoyo.sourceforge.jp/2.3/index.html.en TOMOYO Linux 2.3.x documentation]<br />
Run the policy editor to begin editing. If using TOMOYO Linux 1.x or AKARI then ccs-tools should be used:<br />
# /usr/sbin/ccs-editpolicy /etc/ccs/<br />
If using TOMOYO Linux 2.x then tomoyo-tools should be used:<br />
# /usr/sbin/tomoyo-editpolicy /etc/tomoyo/<br />
Instructions on how to use the policy editor can be found here:<br />
* [http://akari.sourceforge.jp/tool-editpolicy.html.en How to use the policy editor for AKARI]<br />
* [http://tomoyo.sourceforge.jp/1.8/tool-editpolicy.html.en How to use the policy editor for TOMOYO Linux 1.8]<br />
* [http://tomoyo.sourceforge.jp/2.3/tool-editpolicy.html.en How to use the policy editor for TOMOYO Linux 2.3]<br />
As the system runs, TOMOYO Linux will create domains and add them to the tree. The access analysis/restriction in TOMOYO Linux is applied via domains. Every process belongs to a single domain and the process will transit to a different domain whenever it executes a program. The name of a domain is a concatenated string expression for the process execution history. For example, the name of the domain which the kernel belongs to is "<kernel>"; the name of domain which /sbin/init invoked by the kernel belongs to is "<kernel> /sbin/init"; the name of domain which /etc/rc.d/rc invoked by the /sbin/init belongs to is "<kernel> /sbin/init /etc/rc.d/rc". You can suppress or initialize domain transitions as needed.<br />
<br />
Profiles can be assigned to each domain. There are four default profiles:<br />
<br />
{| border="1"<br />
| Disabled || Works as if regular kernel.<br />
|-<br />
| Learning || Do not reject an access request if it violates policy. Append the request to policy.<br />
|-<br />
| Permissive || Do not reject an access request if it violates policy. Do not append the request to policy.<br />
|-<br />
| Enforcing || Reject an access request if it violates policy. Do not append the request to policy.<br />
|}<br />
The learning profile can be used to analyse the system or a specific application. Once all of the desired access requests of a domain have been identified, the policy for that domain can be edited as required before selecting the enforcing profile. This can be done for any and all domains from the start of system boot.<br />
<br />
==Tips and tricks==<br />
<br />
==Troubleshooting==<br />
<br />
==References==<br />
* [http://tomomyo.sourceforge.jp/ TOMOYO Linux SourceForge page]<br />
* [http://tomoyo.sourceforge.jp/wiki-e/ TOMOYO Linux Wiki]<br />
* [http://akari.sourceforge.jp/index.html.en AKARI SourceForge page]<br />
* [http://akari.sourceforge.jp/index.html.en AKARI documentation]<br />
* [http://tomoyo.sourceforge.jp/1.8/index.html.en TOMOYO Linux 1.8.x documentation]<br />
* [http://tomoyo.sourceforge.jp/2.3/index.html.en TOMOYO Linux 2.3.x documentation]<br />
* [http://lwn.net/Articles/263179/ TOMOYO Linux Security Goal]<br />
* [http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/etch/domain_policy.conf?v=policy-sample Policy sample]<br />
* [http://elinux.org/TomoyoLinux TOMOYO Linux on the Embedded Linux Wiki]<br />
* [http://sourceforge.jp/projects/tomoyo/document/PacSec2007-en-demo.pdf Presentation slides from PacSec 2007]<br />
<br />
==See also==<br />
* [[AppArmor]]<br />
* [[SELinux]]</div>FarmerF