]>
Commit | Line | Data |
---|---|---|
d657c51f | 1 | systemd System and Service Manager |
31cee6f6 LP |
2 | |
3 | DETAILS: | |
4 | http://0pointer.de/blog/projects/systemd.html | |
5 | ||
6 | WEB SITE: | |
7 | http://www.freedesktop.org/wiki/Software/systemd | |
8 | ||
9 | GIT: | |
9fa2f410 KS |
10 | git://anongit.freedesktop.org/systemd/systemd |
11 | ssh://git.freedesktop.org/git/systemd/systemd | |
31cee6f6 LP |
12 | |
13 | GITWEB: | |
9fa2f410 | 14 | http://cgit.freedesktop.org/systemd/systemd |
31cee6f6 LP |
15 | |
16 | MAILING LIST: | |
17 | http://lists.freedesktop.org/mailman/listinfo/systemd-devel | |
18 | http://lists.freedesktop.org/mailman/listinfo/systemd-commits | |
19 | ||
20 | IRC: | |
21 | #systemd on irc.freenode.org | |
22 | ||
23 | BUG REPORTS: | |
24 | https://bugs.freedesktop.org/enter_bug.cgi?product=systemd | |
25 | ||
26 | AUTHOR: | |
5430f7f2 LP |
27 | Lennart Poettering |
28 | Kay Sievers | |
29 | ...and many others | |
31cee6f6 | 30 | |
673eab9b | 31 | LICENSE: |
5430f7f2 | 32 | LGPLv2.1+ for all code |
b67f541f LP |
33 | - except src/shared/MurmurHash2.c which is Public Domain |
34 | - except src/shared/siphash24.c which is CC0 Public Domain | |
85424725 KS |
35 | - except src/journal/lookup3.c which is Public Domain |
36 | - except src/udev/* which is (currently still) GPLv2, GPLv2+ | |
673eab9b | 37 | |
31cee6f6 | 38 | REQUIREMENTS: |
be2ea723 | 39 | Linux kernel >= 3.7 |
23aedd02 KS |
40 | Linux kernel >= 3.8 for Smack support |
41 | ||
42 | Kernel Config Options: | |
713bc0cf | 43 | CONFIG_DEVTMPFS |
d28315e4 | 44 | CONFIG_CGROUPS (it is OK to disable all controllers) |
713bc0cf KS |
45 | CONFIG_INOTIFY_USER |
46 | CONFIG_SIGNALFD | |
47 | CONFIG_TIMERFD | |
48 | CONFIG_EPOLL | |
41938693 | 49 | CONFIG_NET |
713bc0cf | 50 | CONFIG_SYSFS |
06d461ee | 51 | CONFIG_PROC_FS |
5d31974e | 52 | CONFIG_FHANDLE (libudev, mount and bind mount handling) |
713bc0cf | 53 | |
be2ea723 | 54 | udev will fail to work with the legacy sysfs layout: |
f28cbd03 | 55 | CONFIG_SYSFS_DEPRECATED=n |
713bc0cf KS |
56 | |
57 | Legacy hotplug slows down the system and confuses udev: | |
58 | CONFIG_UEVENT_HELPER_PATH="" | |
59 | ||
be2ea723 KS |
60 | Userspace firmware loading is not supported and should |
61 | be disabled in the kernel: | |
713bc0cf KS |
62 | CONFIG_FW_LOADER_USER_HELPER=n |
63 | ||
64 | Some udev rules and virtualization detection relies on it: | |
65 | CONFIG_DMIID | |
66 | ||
a5c724b2 KS |
67 | Support for some SCSI devices serial number retrieval, to |
68 | create additional symlinks in /dev/disk/ and /dev/tape: | |
69 | CONFIG_BLK_DEV_BSG | |
70 | ||
13468826 MG |
71 | Required for PrivateNetwork in service units: |
72 | CONFIG_NET_NS | |
73 | ||
713bc0cf KS |
74 | Optional but strongly recommended: |
75 | CONFIG_IPV6 | |
76 | CONFIG_AUTOFS4_FS | |
77 | CONFIG_TMPFS_POSIX_ACL | |
78 | CONFIG_TMPFS_XATTR | |
f28cbd03 | 79 | CONFIG_SECCOMP |
713bc0cf | 80 | |
a21b4670 UTL |
81 | Required for CPUShares in resource control unit settings |
82 | CONFIG_CGROUP_SCHED | |
83 | CONFIG_FAIR_GROUP_SCHED | |
84 | ||
0acd5a08 WC |
85 | Required for CPUQuota in resource control unit settings |
86 | CONFIG_CFS_BANDWIDTH | |
87 | ||
06d461ee | 88 | For systemd-bootchart, several proc debug interfaces are required: |
713bc0cf KS |
89 | CONFIG_SCHEDSTATS |
90 | CONFIG_SCHED_DEBUG | |
91 | ||
f28cbd03 | 92 | For UEFI systems: |
f33016ff | 93 | CONFIG_EFIVAR_FS |
f28cbd03 KS |
94 | CONFIG_EFI_PARTITION |
95 | ||
77b6e194 LP |
96 | Note that kernel auditing is broken when used with systemd's |
97 | container code. When using systemd in conjunction with | |
19aadacf | 98 | containers, please make sure to either turn off auditing at |
77b6e194 LP |
99 | runtime using the kernel command line option "audit=0", or |
100 | turn it off at kernel compile time using: | |
101 | CONFIG_AUDIT=n | |
a7b1c397 LP |
102 | If systemd is compiled with libseccomp support on |
103 | architectures which do not use socketcall() and where seccomp | |
104 | is supported (this effectively means x86-64 and ARM, but | |
70a44afe | 105 | excludes 32-bit x86!), then nspawn will now install a |
a7b1c397 LP |
106 | work-around seccomp filter that makes containers boot even |
107 | with audit being enabled. This works correctly only on kernels | |
108 | 3.14 and newer though. TL;DR: turn audit off, still. | |
77b6e194 | 109 | |
ff70c61b | 110 | glibc >= 2.14 |
3ede835a | 111 | libcap |
8d3ae2bd | 112 | libmount >= 2.20 (from util-linux) |
c0467cf3 | 113 | libseccomp >= 1.0.0 (optional) |
d47f6ca5 | 114 | libblkid >= 2.24 (from util-linux) (optional) |
a18535d9 | 115 | libkmod >= 15 (optional) |
3ede835a LP |
116 | PAM >= 1.1.2 (optional) |
117 | libcryptsetup (optional) | |
118 | libaudit (optional) | |
19d5d4cb | 119 | libacl (optional) |
3ede835a | 120 | libselinux (optional) |
19d5d4cb | 121 | liblzma (optional) |
a509e0e6 | 122 | liblz4 >= 119 (optional) |
7b17a7d7 LP |
123 | libgcrypt (optional) |
124 | libqrencode (optional) | |
125 | libmicrohttpd (optional) | |
2cc86f09 | 126 | libpython (optional) |
f9ffbca2 | 127 | libidn (optional) |
a900b827 | 128 | gobject-introspection > 1.40.0 (optional) |
5b244719 | 129 | elfutils >= 158 (optional) |
2cc86f09 ZJS |
130 | make, gcc, and similar tools |
131 | ||
19aadacf JE |
132 | During runtime, you need the following additional |
133 | dependencies: | |
2cc86f09 | 134 | |
fdbbad98 | 135 | util-linux >= v2.25 required |
df41776d | 136 | dbus >= 1.4.0 (strictly speaking optional, but recommended) |
2cc86f09 | 137 | dracut (optional) |
46ba8aae | 138 | PolicyKit (optional) |
3ede835a | 139 | |
19aadacf JE |
140 | When building from git, you need the following additional |
141 | dependencies: | |
3ede835a | 142 | |
3ede835a LP |
143 | docbook-xsl |
144 | xsltproc | |
145 | automake | |
146 | autoconf | |
147 | libtool | |
19d5d4cb | 148 | intltool |
b62cfcea | 149 | gperf |
19d5d4cb ZJS |
150 | gtkdocize (optional) |
151 | python (optional) | |
32dcef3a | 152 | python-lxml (optional, but required to build the indices) |
9015fa64 | 153 | sphinx (optional) |
21bc923a | 154 | |
19aadacf JE |
155 | When systemd-hostnamed is used, it is strongly recommended to |
156 | install nss-myhostname to ensure that, in a world of | |
157 | dynamically changing hostnames, the hostname stays resolvable | |
fff2e5b5 | 158 | under all circumstances. In fact, systemd-hostnamed will warn |
bf9e477c | 159 | if nss-myhostname is not installed. |
fff2e5b5 | 160 | |
9015fa64 ZJS |
161 | To build HTML documentation for python-systemd using sphinx, |
162 | please first install systemd (using 'make install'), and then | |
163 | invoke sphinx-build with 'make sphinx-<target>', with <target> | |
164 | being 'html' or 'latexpdf'. If using DESTDIR for installation, | |
165 | pass the same DESTDIR to 'make sphinx-html' invocation. | |
166 | ||
a24c64f0 | 167 | USERS AND GROUPS: |
37495eed LP |
168 | Default udev rules use the following standard system group |
169 | names, which need to be resolvable by getgrnam() at any time, | |
170 | even in the very early boot stages, where no other databases | |
171 | and network are available: | |
172 | ||
3dff3e00 | 173 | audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video |
37c0e8f3 | 174 | |
19aadacf | 175 | During runtime, the journal daemon requires the |
1a9ce3f7 | 176 | "systemd-journal" system group to exist. New journal files will |
19aadacf | 177 | be readable by this group (but not writable), which may be used |
a24c64f0 LP |
178 | to grant specific users read access. |
179 | ||
180 | It is also recommended to grant read access to all journal | |
181 | files to the system groups "wheel" and "adm" with a command | |
182 | like the following in the post installation script of the | |
183 | package: | |
184 | ||
185 | # setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ | |
186 | ||
37495eed | 187 | The journal gateway daemon requires the |
1a9ce3f7 | 188 | "systemd-journal-gateway" system user and group to |
37495eed LP |
189 | exist. During execution this network facing service will drop |
190 | privileges and assume this uid/gid for security reasons. | |
191 | ||
8d0e0ddd | 192 | Similarly, the NTP daemon requires the "systemd-timesync" system |
323a2f0b LP |
193 | user and group to exist. |
194 | ||
8d0e0ddd | 195 | Similarly, the network management daemon requires the |
323a2f0b LP |
196 | "systemd-network" system user and group to exist. |
197 | ||
8d0e0ddd | 198 | Similarly, the name resolution daemon requires the |
323a2f0b LP |
199 | "systemd-resolve" system user and group to exist. |
200 | ||
8d0e0ddd | 201 | Similarly, the kdbus dbus1 proxy daemon requires the |
323a2f0b | 202 | "systemd-bus-proxy" system user and group to exist. |
682265d5 | 203 | |
a4a79605 LP |
204 | NSS: |
205 | systemd ships with three NSS modules: | |
206 | ||
207 | nss-myhostname resolves the local hostname to locally | |
208 | configured IP addresses, as well as "localhost" to | |
209 | 127.0.0.1/::1. | |
210 | ||
211 | nss-resolve enables DNS resolution via the systemd-resolved | |
212 | DNS/LLMNR caching stub resolver "systemd-resolved". | |
213 | ||
214 | nss-mymachines enables resolution of all local containers | |
215 | registered with machined to their respective IP addresses. | |
216 | ||
217 | To make use of these NSS modules, please add them to the | |
218 | "hosts: " line in /etc/nsswitch.conf. The "resolve" module | |
219 | should replace the glibc "dns" module in this file. | |
220 | ||
221 | The three modules should be used in the following order: | |
222 | ||
223 | hosts: files mymachines resolve myhostname | |
224 | ||
21bc923a LP |
225 | WARNINGS: |
226 | systemd will warn you during boot if /etc/mtab is not a | |
227 | symlink to /proc/mounts. Please ensure that /etc/mtab is a | |
228 | proper symlink. | |
229 | ||
230 | systemd will warn you during boot if /usr is on a different | |
231 | file system than /. While in systemd itself very little will | |
19aadacf | 232 | break if /usr is on a separate partition, many of its |
21bc923a | 233 | dependencies very likely will break sooner or later in one |
19aadacf | 234 | form or another. For example, udev rules tend to refer to |
21bc923a LP |
235 | binaries in /usr, binaries that link to libraries in /usr or |
236 | binaries that refer to data files in /usr. Since these | |
19aadacf | 237 | breakages are not always directly visible, systemd will warn |
21bc923a LP |
238 | about this, since this kind of file system setup is not really |
239 | supported anymore by the basic set of Linux OS components. | |
fc7a744c | 240 | |
47bc23c1 | 241 | systemd requires that the /run mount point exists. systemd also |
b8bde116 | 242 | requires that /var/run is a a symlink to /run. |
47bc23c1 | 243 | |
aa167132 LP |
244 | For more information on this issue consult |
245 | http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken | |
246 | ||
1b4bb4fd ZJS |
247 | To run systemd under valgrind, compile with VALGRIND defined |
248 | (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise, | |
249 | false positives will be triggered by code which violates | |
250 | some rules but is actually safe. | |
2b671e95 LP |
251 | |
252 | ENGINEERING AND CONSULTING SERVICES: | |
253 | ENDOCODE <https://endocode.com/> offers professional | |
254 | engineering and consulting services for systemd. Please | |
255 | contact Chris Kühl <chris@endocode.com> for more information. |