]>
Commit | Line | Data |
---|---|---|
d657c51f | 1 | systemd System and Service Manager |
31cee6f6 | 2 | |
31cee6f6 | 3 | WEB SITE: |
2777a4a3 | 4 | https://systemd.io |
31cee6f6 LP |
5 | |
6 | GIT: | |
eb0914fc | 7 | git@github.com:systemd/systemd.git |
eb0914fc | 8 | https://github.com/systemd/systemd |
31cee6f6 LP |
9 | |
10 | MAILING LIST: | |
19d9372b | 11 | https://lists.freedesktop.org/mailman/listinfo/systemd-devel |
31cee6f6 LP |
12 | |
13 | IRC: | |
fb906b00 | 14 | #systemd on irc.libera.chat |
31cee6f6 LP |
15 | |
16 | BUG REPORTS: | |
eb0914fc | 17 | https://github.com/systemd/systemd/issues |
31cee6f6 | 18 | |
2777a4a3 | 19 | OLDER DOCUMENTATION: |
4445b357 | 20 | https://0pointer.de/blog/projects/systemd.html |
2777a4a3 ZJS |
21 | https://www.freedesktop.org/wiki/Software/systemd |
22 | ||
31cee6f6 | 23 | AUTHOR: |
5430f7f2 LP |
24 | Lennart Poettering |
25 | Kay Sievers | |
26 | ...and many others | |
31cee6f6 | 27 | |
673eab9b | 28 | LICENSE: |
7fe57498 | 29 | LGPL-2.1-or-later for all code, exceptions noted in LICENSES/README.md |
673eab9b | 30 | |
31cee6f6 | 31 | REQUIREMENTS: |
277f0587 | 32 | Linux kernel ≥ 3.15 |
ad11dd94 | 33 | ≥ 4.3 for ambient capabilities |
277f0587 ZJS |
34 | ≥ 4.5 for pids controller in cgroup v2 |
35 | ≥ 4.6 for cgroup namespaces | |
36 | ≥ 4.9 for RENAME_NOREPLACE support in vfat | |
37 | ≥ 4.10 for cgroup-bpf egress and ingress hooks | |
38 | ≥ 4.15 for cgroup-bpf device hook and cpu controller in cgroup v2 | |
39 | ≥ 4.17 for cgroup-bpf socket address hooks | |
be6447b4 | 40 | ≥ 4.20 for PSI (used by systemd-oomd) |
277f0587 ZJS |
41 | ≥ 5.3 for bounded loops in BPF program |
42 | ≥ 5.4 for signed Verity images | |
43 | ≥ 5.7 for BPF links and the BPF LSM hook | |
44 | ||
036b9e7f LP |
45 | ⛔ Kernel versions below 3.15 ("minimum baseline") are not supported at |
46 | all, and are missing required functionality (e.g. CLOCK_BOOTTIME | |
47 | support for timerfd_create()). | |
4213dd23 | 48 | |
036b9e7f | 49 | ⚠️ Kernel versions below 4.15 ("recommended baseline") have significant |
4213dd23 | 50 | gaps in functionality and are not recommended for use with this version |
036b9e7f | 51 | of systemd (e.g. lack sufficiently comprehensive and working cgroupv2 |
4213dd23 LP |
52 | support). Taint flag 'old-kernel' will be set. systemd will most likely |
53 | still function, but upstream support and testing are limited. | |
23aedd02 KS |
54 | |
55 | Kernel Config Options: | |
713bc0cf | 56 | CONFIG_DEVTMPFS |
d28315e4 | 57 | CONFIG_CGROUPS (it is OK to disable all controllers) |
713bc0cf KS |
58 | CONFIG_INOTIFY_USER |
59 | CONFIG_SIGNALFD | |
60 | CONFIG_TIMERFD | |
61 | CONFIG_EPOLL | |
8d186a35 | 62 | CONFIG_UNIX (it requires CONFIG_NET, but every other flag in it is not necessary) |
713bc0cf | 63 | CONFIG_SYSFS |
06d461ee | 64 | CONFIG_PROC_FS |
5d31974e | 65 | CONFIG_FHANDLE (libudev, mount and bind mount handling) |
713bc0cf | 66 | |
be2ea723 | 67 | udev will fail to work with the legacy sysfs layout: |
f28cbd03 | 68 | CONFIG_SYSFS_DEPRECATED=n |
713bc0cf KS |
69 | |
70 | Legacy hotplug slows down the system and confuses udev: | |
71 | CONFIG_UEVENT_HELPER_PATH="" | |
72 | ||
12801295 ZJS |
73 | Userspace firmware loading is not supported and should be disabled in |
74 | the kernel: | |
713bc0cf KS |
75 | CONFIG_FW_LOADER_USER_HELPER=n |
76 | ||
77 | Some udev rules and virtualization detection relies on it: | |
78 | CONFIG_DMIID | |
79 | ||
12801295 ZJS |
80 | Support for some SCSI devices serial number retrieval, to create |
81 | additional symlinks in /dev/disk/ and /dev/tape: | |
a5c724b2 KS |
82 | CONFIG_BLK_DEV_BSG |
83 | ||
45a582d5 | 84 | Required for PrivateNetwork= in service units: |
13468826 | 85 | CONFIG_NET_NS |
b52a4a3b | 86 | Note that systemd-localed.service and other systemd units use |
45a582d5 | 87 | PrivateNetwork so this is effectively required. |
13468826 | 88 | |
0ca48bb0 | 89 | Required for PrivateUsers= in service units: |
87fe1707 LW |
90 | CONFIG_USER_NS |
91 | ||
713bc0cf KS |
92 | Optional but strongly recommended: |
93 | CONFIG_IPV6 | |
0c651d32 | 94 | CONFIG_AUTOFS_FS |
713bc0cf | 95 | CONFIG_TMPFS_XATTR |
0ceced3d | 96 | CONFIG_{TMPFS,EXT4_FS,XFS,BTRFS_FS,...}_POSIX_ACL |
f28cbd03 | 97 | CONFIG_SECCOMP |
fd74fa79 | 98 | CONFIG_SECCOMP_FILTER (required for seccomp support) |
12801295 ZJS |
99 | CONFIG_KCMP (for the kcmp() syscall, used to be under |
100 | CONFIG_CHECKPOINT_RESTORE before ~5.12) | |
713bc0cf | 101 | |
12801295 | 102 | Required for CPUShares= in resource control unit settings: |
a21b4670 UTL |
103 | CONFIG_CGROUP_SCHED |
104 | CONFIG_FAIR_GROUP_SCHED | |
105 | ||
12801295 | 106 | Required for CPUQuota= in resource control unit settings: |
0acd5a08 WC |
107 | CONFIG_CFS_BANDWIDTH |
108 | ||
c3080258 | 109 | Required for IPAddressDeny=, IPAddressAllow=, IPIngressFilterPath=, |
12801295 | 110 | IPEgressFilterPath= in resource control unit settings unit settings: |
c3080258 JK |
111 | CONFIG_BPF |
112 | CONFIG_BPF_SYSCALL | |
113 | CONFIG_BPF_JIT | |
114 | CONFIG_HAVE_EBPF_JIT | |
115 | CONFIG_CGROUP_BPF | |
116 | ||
43689840 | 117 | Required for SocketBind{Allow|Deny}=, RestrictNetworkInterfaces= in |
12801295 | 118 | resource control unit settings: |
c3080258 JK |
119 | CONFIG_BPF |
120 | CONFIG_BPF_SYSCALL | |
121 | CONFIG_BPF_JIT | |
122 | CONFIG_HAVE_EBPF_JIT | |
b1b96380 AJ |
123 | CONFIG_CGROUP_BPF |
124 | ||
f28cbd03 | 125 | For UEFI systems: |
f33016ff | 126 | CONFIG_EFIVAR_FS |
f28cbd03 KS |
127 | CONFIG_EFI_PARTITION |
128 | ||
c2923fdc LB |
129 | Required for signed Verity images support: |
130 | CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG | |
a460debc LB |
131 | Required to verify signed Verity images using keys enrolled in the MoK |
132 | (Machine-Owner Key) keyring: | |
133 | CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING | |
134 | CONFIG_IMA_ARCH_POLICY | |
135 | CONFIG_INTEGRITY_MACHINE_KEYRING | |
c2923fdc | 136 | |
2d054920 DDM |
137 | Required for reading credentials from SMBIOS: |
138 | CONFIG_DMI | |
139 | CONFIG_DMI_SYSFS | |
140 | ||
ec31dd5a ILG |
141 | Required for RestrictFileSystems= in service units: |
142 | CONFIG_BPF | |
143 | CONFIG_BPF_SYSCALL | |
144 | CONFIG_BPF_LSM | |
145 | CONFIG_DEBUG_INFO_BTF | |
146 | CONFIG_LSM="...,bpf" or kernel booted with lsm="...,bpf". | |
147 | ||
12801295 ZJS |
148 | We recommend to turn off Real-Time group scheduling in the kernel when |
149 | using systemd. RT group scheduling effectively makes RT scheduling | |
150 | unavailable for most userspace, since it requires explicit assignment of | |
151 | RT budgets to each unit whose processes making use of RT. As there's no | |
152 | sensible way to assign these budgets automatically this cannot really be | |
153 | fixed, and it's best to disable group scheduling hence: | |
f4e74be1 LP |
154 | CONFIG_RT_GROUP_SCHED=n |
155 | ||
f5a93d5d LP |
156 | It's a good idea to disable the implicit creation of networking bonding |
157 | devices by the kernel networking bonding module, so that the | |
158 | automatically created "bond0" interface doesn't conflict with any such | |
12801295 ZJS |
159 | device created by systemd-networkd (or other tools). Ideally there would |
160 | be a kernel compile-time option for this, but there currently isn't. The | |
161 | next best thing is to make this change through a modprobe.d drop-in. | |
162 | This is shipped by default, see modprobe.d/systemd.conf. | |
f5a93d5d | 163 | |
45a582d5 AJ |
164 | Required for systemd-nspawn: |
165 | CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7 | |
166 | ||
e7b3f1a6 AZ |
167 | Required for systemd-oomd: |
168 | CONFIG_PSI | |
169 | ||
12801295 ZJS |
170 | Note that kernel auditing is broken when used with systemd's container |
171 | code. When using systemd in conjunction with containers, please make | |
172 | sure to either turn off auditing at runtime using the kernel command | |
173 | line option "audit=0", or turn it off at kernel compile time using: | |
77b6e194 | 174 | CONFIG_AUDIT=n |
dbf75097 | 175 | |
12801295 ZJS |
176 | If systemd is compiled with libseccomp support on architectures which do |
177 | not use socketcall() and where seccomp is supported (this effectively | |
178 | means x86-64 and ARM, but excludes 32-bit x86!), then nspawn will now | |
179 | install a work-around seccomp filter that makes containers boot even | |
180 | with audit being enabled. This works correctly only on kernels 3.14 and | |
181 | newer though. TL;DR: turn audit off, still. | |
77b6e194 | 182 | |
3dd26f3e | 183 | glibc >= 2.16 |
3ede835a | 184 | libcap |
d6e80966 ZJS |
185 | libmount >= 2.30 (from util-linux) |
186 | (util-linux *must* be built without --enable-libmount-support-mtab) | |
6abfd303 | 187 | libseccomp >= 2.3.1 (optional) |
d47f6ca5 | 188 | libblkid >= 2.24 (from util-linux) (optional) |
a18535d9 | 189 | libkmod >= 15 (optional) |
3ede835a | 190 | PAM >= 1.1.2 (optional) |
c2923fdc | 191 | libcryptsetup (optional), >= 2.3.0 required for signed Verity images support |
3ede835a | 192 | libaudit (optional) |
19d5d4cb | 193 | libacl (optional) |
afd22e32 | 194 | libbpf >= 0.1.0 (optional) |
baec7d78 | 195 | libfdisk >= 2.32 (from util-linux) (optional) |
3ede835a | 196 | libselinux (optional) |
19d5d4cb | 197 | liblzma (optional) |
e0a1d4b0 | 198 | liblz4 >= 1.3.0 / 130 (optional) |
ef5924aa | 199 | libzstd >= 1.4.0 (optional) |
7b17a7d7 LP |
200 | libgcrypt (optional) |
201 | libqrencode (optional) | |
202 | libmicrohttpd (optional) | |
87057e24 | 203 | libidn2 or libidn (optional) |
38e053c5 | 204 | gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls) |
096cbdce | 205 | openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl) |
5b244719 | 206 | elfutils >= 158 (optional) |
d79a2f5f | 207 | polkit (optional) |
781748af | 208 | tzdata >= 2014f (optional) |
72cdb3e7 | 209 | pkg-config |
8f968c73 | 210 | gperf |
72cdb3e7 ZJS |
211 | docbook-xsl (optional, required for documentation) |
212 | xsltproc (optional, required for documentation) | |
7c0d7913 | 213 | python >= 3.7 (required by meson too, >= 3.9 is required for ukify) |
e0698c66 | 214 | python-jinja2 |
7c0d7913 | 215 | python-pefile (optional, required for ukify) |
72cdb3e7 | 216 | python-lxml (optional, required to build the indices) |
7c0d7913 | 217 | pyelftools (optional, required for systemd-boot) |
9ce707d6 | 218 | meson >= 0.60.0 |
40f116f5 | 219 | ninja |
4e71714b | 220 | gcc >= 8.4 |
bab5d847 | 221 | awk, sed, grep, and similar tools |
c3080258 JK |
222 | clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs |
223 | from source code in C) | |
2cc86f09 | 224 | |
19aadacf JE |
225 | During runtime, you need the following additional |
226 | dependencies: | |
2cc86f09 | 227 | |
164070e4 LB |
228 | util-linux >= v2.27.1 required (including but not limited to: mount, |
229 | umount, swapon, swapoff, sulogin, | |
230 | agetty, fsck) | |
b895fa08 LP |
231 | dbus >= 1.4.0 (strictly speaking optional, but recommended) |
232 | NOTE: If using dbus < 1.9.18, you should override the default | |
233 | policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). | |
d35f51ea | 234 | polkit (optional) |
3ede835a | 235 | |
3e609a8a | 236 | To build in directory build/: |
e8a68817 | 237 | meson setup build/ && ninja -C build/ |
3e609a8a | 238 | |
5238e957 | 239 | Any configuration options can be specified as -Darg=value... arguments |
3e609a8a ZJS |
240 | to meson. After the build directory is initially configured, meson will |
241 | refuse to run again, and options must be changed with: | |
5adfb06d | 242 | meson configure -Darg=value build/ |
243 | meson configure without any arguments will print out available options and | |
3e609a8a ZJS |
244 | their current values. |
245 | ||
246 | Useful commands: | |
e8a68817 | 247 | ninja -C build -v some/target |
8b08be40 | 248 | meson test -C build/ |
ead7e86d | 249 | sudo meson install -C build/ --no-rebuild |
8b08be40 | 250 | DESTDIR=... meson install -C build/ |
3e609a8a | 251 | |
72cdb3e7 | 252 | A tarball can be created with: |
3983fc02 | 253 | v=250 && git archive --prefix=systemd-$v/ v$v | zstd >systemd-$v.tar.zstd |
82627069 | 254 | |
12801295 ZJS |
255 | When systemd-hostnamed is used, it is strongly recommended to install |
256 | nss-myhostname to ensure that, in a world of dynamically changing | |
257 | hostnames, the hostname stays resolvable under all circumstances. In | |
258 | fact, systemd-hostnamed will warn if nss-myhostname is not installed. | |
fff2e5b5 | 259 | |
01c8938e LP |
260 | nss-systemd must be enabled on systemd systems, as that's required for |
261 | DynamicUser= to work. Note that we ship services out-of-the-box that | |
262 | make use of DynamicUser= now, hence enabling nss-systemd is not | |
263 | optional. | |
264 | ||
b0d3095f | 265 | Note that the build prefix for systemd must be /usr/. (Moreover, packages |
12801295 | 266 | systemd relies on — such as D-Bus — really should use the same prefix, |
b0d3095f LB |
267 | otherwise you are on your own.) Split-usr and unmerged-usr systems are no |
268 | longer supported, and moving everything under /usr/ is required. Systems | |
269 | with a separate /usr/ partition must mount it before transitioning into it | |
270 | (i.e.: from the initrd). For more information see: | |
271 | https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken | |
272 | https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge | |
01c8938e | 273 | |
a2fc3d87 | 274 | Additional packages are necessary to run some tests: |
a2fc3d87 | 275 | - nc (used by test/TEST-12-ISSUE-3171) |
7c0d7913 ZJS |
276 | - python (test-udev which is installed is in python) |
277 | - python-pyparsing | |
278 | - python-evdev (used by hwdb parsing tests) | |
a2fc3d87 | 279 | - strace (used by test/test-functions) |
e94681ad | 280 | - capsh (optional, used by test-execute) |
a2fc3d87 | 281 | |
5810c204 | 282 | POLICY FOR SUPPORT OF DISTRIBUTIONS AND ARCHITECTURES: |
5810c204 ZJS |
283 | systemd main branch and latest major or stable releases are generally |
284 | expected to compile on current versions of popular distributions (at | |
285 | least all non-EOL versions of Fedora, Debian unstable/testing/stable, | |
286 | latest Ubuntu LTS and non-LTS releases, openSUSE Tumbleweed/Leap, | |
b16e93d7 | 287 | CentOS Stream 8 and 9, up-to-date Arch, etc.) We will generally |
5810c204 | 288 | attempt to support also other non-EOL versions of various distros. |
522c108d | 289 | Features which would break compilation on slightly older distributions |
5810c204 ZJS |
290 | will only be introduced if there are significant reasons for this |
291 | (i.e. supporting them interferes with development or requires too many | |
292 | resources to support). In some cases backports of specific libraries or | |
293 | tools might be required. | |
294 | ||
522c108d | 295 | The policy is similar for architecture support. systemd is regularly |
5810c204 ZJS |
296 | tested on popular architectures (currently amd64, i386, arm64, ppc64el, |
297 | and s390x), but should compile and work also on other architectures, for | |
298 | which support has been added. systemd will emit warnings when | |
299 | architecture-specific constants are not defined. | |
300 | ||
522c108d | 301 | STATIC COMPILATION AND "STANDALONE" BINARIES: |
522c108d ZJS |
302 | systemd provides a public shared libraries libsystemd.so and |
303 | libudev.so. The latter is deprecated, and the sd-device APIs in | |
304 | libsystemd should be used instead for new code. In addition, systemd is | |
305 | built with a private shared library, libsystemd-shared-<suffix>.so, | |
306 | that also includes the libsystemd code, and by default most systemd | |
307 | binaries are linked to it. Using shared libraries saves disk space and | |
308 | memory at runtime, because only one copy of the code is needed. | |
309 | ||
310 | It is possible to build static versions of systemd public shared | |
311 | libraries (via the configuration options '-Dstatic-libsystemd' and | |
312 | '-Dstatic-libudev'). This allows the libsystemd and libudev code to be | |
dbf75097 LP |
313 | linked statically into programs. Note that mixing & matching different |
314 | versions of libsystemd and systemd is generally not recommended, since | |
315 | various of its APIs wrap internal state and protocols of systemd | |
316 | (e.g. logind and udev databases), which are not considered | |
317 | stable. Hence, using static libraries is not recommended since it | |
318 | generally means that version of the static libsystemd linked into | |
319 | applications and the host systemd are not in sync, and will thus create | |
320 | compatibility problems. | |
321 | ||
322 | In addition, it is possible to disable the use of | |
323 | libsystemd-shared-<suffix>.so for various components (via the | |
324 | configuration options '-Dlink-*-shared'). In this mode, the libsystemd | |
325 | and libsystemd-shared code is linked statically into selected | |
326 | binaries. This option is intended for systems where some of the | |
327 | components are intended to be delivered independently of the main | |
522c108d ZJS |
328 | systemd package. Finally, some binaries can be compiled in a second |
329 | version (via the configuration option '-Dstandalone-binaries'). The | |
330 | version suffixed with ".standalone" has the libsystemd and | |
331 | libsystemd-shared code linked statically. Those binaries are intended | |
332 | as replacements to be used in limited installations where the full | |
dbf75097 LP |
333 | systemd suite is not installed. Yet another option is to rebuild |
334 | systemd with a different '-Dshared-lib-tag' setting, allowing different | |
335 | systemd binaries to be linked to instances of the private shared | |
336 | library that can be installed in parallel. | |
337 | ||
338 | Again: Using the default shared linking is recommended, building static | |
339 | or "standalone" versions is not. Mixing versions of systemd components | |
340 | that would normally be built and used together (in particular various | |
341 | daemons and the manager) is not recommended: we do not test such | |
342 | combinations upstream and cannot provide support. Distributors making | |
343 | use of those options are responsible if things do not work as expected. | |
522c108d | 344 | |
a24c64f0 | 345 | USERS AND GROUPS: |
12801295 ZJS |
346 | Default udev rules use the following standard system group names, which |
347 | need to be resolvable by getgrnam() at any time, even in the very early | |
348 | boot stages, where no other databases and network are available: | |
37495eed | 349 | |
2422bd21 | 350 | audio, cdrom, dialout, disk, input, kmem, kvm, lp, render, tape, tty, video |
37c0e8f3 | 351 | |
12801295 ZJS |
352 | During runtime, the journal daemon requires the "systemd-journal" system |
353 | group to exist. New journal files will be readable by this group (but | |
354 | not writable), which may be used to grant specific users read access. In | |
355 | addition, system groups "wheel" and "adm" will be given read-only access | |
7d33146d | 356 | to journal files using systemd-tmpfiles-setup.service. |
a24c64f0 | 357 | |
12801295 ZJS |
358 | The journal remote daemon requires the "systemd-journal-remote" system |
359 | user and group to exist. During execution this network facing service | |
360 | will drop privileges and assume this uid/gid for security reasons. | |
37495eed | 361 | |
12801295 ZJS |
362 | Similarly, the network management daemon requires the "systemd-network" |
363 | system user and group to exist. | |
323a2f0b | 364 | |
12801295 ZJS |
365 | Similarly, the name resolution daemon requires the "systemd-resolve" |
366 | system user and group to exist. | |
323a2f0b | 367 | |
12801295 ZJS |
368 | Similarly, the coredump support requires the "systemd-coredump" system |
369 | user and group to exist. | |
888e378d | 370 | |
c87abcfa | 371 | GLIBC NSS: |
409093fe | 372 | systemd ships with four glibc NSS modules: |
a4a79605 | 373 | |
38ccb557 LP |
374 | nss-myhostname resolves the local hostname to locally configured IP |
375 | addresses, as well as "localhost" to 127.0.0.1/::1. | |
a4a79605 | 376 | |
38ccb557 LP |
377 | nss-resolve enables DNS resolution via the systemd-resolved DNS/LLMNR |
378 | caching stub resolver "systemd-resolved". | |
a4a79605 | 379 | |
409093fe | 380 | nss-mymachines enables resolution of all local containers registered |
38ccb557 | 381 | with machined to their respective IP addresses. |
a4a79605 | 382 | |
38ccb557 | 383 | nss-systemd enables resolution of users/group registered via the |
1d10005b | 384 | User/Group Record Lookup API (https://systemd.io/USER_GROUP_API), |
38ccb557 LP |
385 | including all dynamically allocated service users. (See the |
386 | DynamicUser= setting in unit files.) | |
a4a79605 | 387 | |
409093fe | 388 | To make use of these NSS modules, please add them to the "hosts:", |
02e93087 LP |
389 | "passwd:", "group:", "shadow:" and "gshadow:" lines in |
390 | /etc/nsswitch.conf. | |
a4a79605 | 391 | |
409093fe LP |
392 | The four modules should be used in the following order: |
393 | ||
02e93087 LP |
394 | passwd: files systemd |
395 | group: files [SUCCESS=merge] systemd | |
396 | shadow: files systemd | |
397 | gshadow: files systemd | |
398 | hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns | |
a4a79605 | 399 | |
0f0467e6 MP |
400 | SYSV INIT.D SCRIPTS: |
401 | When calling "systemctl enable/disable/is-enabled" on a unit which is a | |
402 | SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install; | |
403 | this needs to translate the action into the distribution specific | |
404 | mechanism such as chkconfig or update-rc.d. Packagers need to provide | |
405 | this script if you need this functionality (you don't if you disabled | |
406 | SysV init support). | |
407 | ||
408 | Please see src/systemctl/systemd-sysv-install.SKELETON for how this | |
409 | needs to look like, and provide an implementation at the marked places. | |
410 | ||
88a3af94 | 411 | WARNINGS and TAINT FLAGS: |
88a3af94 ZJS |
412 | systemd requires that the /run mount point exists. systemd also |
413 | requires that /var/run is a symlink to /run. Taint flag 'var-run-bad' | |
414 | will be set when this condition is detected. | |
415 | ||
416 | Systemd will also warn when the cgroup support is unavailable in the | |
417 | kernel (taint flag 'cgroups-missing'), the system is using the old | |
418 | cgroup hierarchy (taint flag 'cgroupsv1'), the hardware clock is | |
419 | running in non-UTC mode (taint flag 'local-hwclock'), the kernel | |
420 | overflow UID or GID are not 65534 (taint flags 'overflowuid-not-65534' | |
421 | and 'overflowgid-not-65534'), the UID or GID range assigned to the | |
422 | running systemd instance covers less than 0…65534 (taint flags | |
423 | 'short-uid-range' and 'short-gid-range'). | |
424 | ||
425 | Taint conditions are logged during boot, but may also be checked at any | |
426 | time with: | |
427 | ||
428 | busctl get-property org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager Tainted | |
429 | ||
8bf9eb7e ZJS |
430 | See org.freedesktop.systemd1(5) for more information. |
431 | ||
88a3af94 | 432 | VALGRIND: |
50b35193 ZJS |
433 | To run systemd under valgrind, compile systemd with the valgrind |
434 | development headers available (i.e. valgrind-devel or equivalent). | |
435 | Otherwise, false positives will be triggered by code which violates | |
436 | some rules but is actually safe. Note that valgrind generates nice | |
437 | output only on exit(), hence on shutdown we don't execve() | |
438 | systemd-shutdown. | |
2b671e95 | 439 | |
ba9e3fc4 | 440 | STABLE BRANCHES AND BACKPORTS: |
bfeb370a LP |
441 | Stable branches with backported patches are available in the |
442 | systemd-stable repo at https://github.com/systemd/systemd-stable. | |
443 | ||
444 | Stable branches are started for certain releases of systemd and named | |
445 | after them, e.g. v238-stable. Stable branches are managed by | |
446 | distribution maintainers on an as needed basis. See | |
a25d9395 | 447 | https://www.freedesktop.org/wiki/Software/systemd/Backports for some |
bfeb370a | 448 | more information and examples. |