]>
Commit | Line | Data |
---|---|---|
d657c51f | 1 | systemd System and Service Manager |
31cee6f6 LP |
2 | |
3 | DETAILS: | |
4 | http://0pointer.de/blog/projects/systemd.html | |
5 | ||
6 | WEB SITE: | |
7 | http://www.freedesktop.org/wiki/Software/systemd | |
8 | ||
9 | GIT: | |
eb0914fc JB |
10 | git@github.com:systemd/systemd.git |
11 | https://github.com/systemd/systemd.git | |
31cee6f6 LP |
12 | |
13 | GITWEB: | |
eb0914fc | 14 | https://github.com/systemd/systemd |
31cee6f6 LP |
15 | |
16 | MAILING LIST: | |
17 | http://lists.freedesktop.org/mailman/listinfo/systemd-devel | |
31cee6f6 LP |
18 | |
19 | IRC: | |
20 | #systemd on irc.freenode.org | |
21 | ||
22 | BUG REPORTS: | |
eb0914fc | 23 | https://github.com/systemd/systemd/issues |
31cee6f6 LP |
24 | |
25 | AUTHOR: | |
5430f7f2 LP |
26 | Lennart Poettering |
27 | Kay Sievers | |
28 | ...and many others | |
31cee6f6 | 29 | |
673eab9b | 30 | LICENSE: |
5430f7f2 | 31 | LGPLv2.1+ for all code |
a095315b KS |
32 | - except src/basic/MurmurHash2.c which is Public Domain |
33 | - except src/basic/siphash24.c which is CC0 Public Domain | |
85424725 KS |
34 | - except src/journal/lookup3.c which is Public Domain |
35 | - except src/udev/* which is (currently still) GPLv2, GPLv2+ | |
673eab9b | 36 | |
31cee6f6 | 37 | REQUIREMENTS: |
58015d78 | 38 | Linux kernel >= 3.12 |
a0c3e16b | 39 | Linux kernel >= 4.2 for unified cgroup hierarchy support |
23aedd02 KS |
40 | |
41 | Kernel Config Options: | |
713bc0cf | 42 | CONFIG_DEVTMPFS |
d28315e4 | 43 | CONFIG_CGROUPS (it is OK to disable all controllers) |
713bc0cf KS |
44 | CONFIG_INOTIFY_USER |
45 | CONFIG_SIGNALFD | |
46 | CONFIG_TIMERFD | |
47 | CONFIG_EPOLL | |
41938693 | 48 | CONFIG_NET |
713bc0cf | 49 | CONFIG_SYSFS |
06d461ee | 50 | CONFIG_PROC_FS |
5d31974e | 51 | CONFIG_FHANDLE (libudev, mount and bind mount handling) |
713bc0cf | 52 | |
be2ea723 | 53 | udev will fail to work with the legacy sysfs layout: |
f28cbd03 | 54 | CONFIG_SYSFS_DEPRECATED=n |
713bc0cf KS |
55 | |
56 | Legacy hotplug slows down the system and confuses udev: | |
57 | CONFIG_UEVENT_HELPER_PATH="" | |
58 | ||
be2ea723 KS |
59 | Userspace firmware loading is not supported and should |
60 | be disabled in the kernel: | |
713bc0cf KS |
61 | CONFIG_FW_LOADER_USER_HELPER=n |
62 | ||
63 | Some udev rules and virtualization detection relies on it: | |
64 | CONFIG_DMIID | |
65 | ||
a5c724b2 KS |
66 | Support for some SCSI devices serial number retrieval, to |
67 | create additional symlinks in /dev/disk/ and /dev/tape: | |
68 | CONFIG_BLK_DEV_BSG | |
69 | ||
b52a4a3b | 70 | Required for PrivateNetwork and PrivateDevices in service units: |
13468826 | 71 | CONFIG_NET_NS |
b52a4a3b ZJS |
72 | CONFIG_DEVPTS_MULTIPLE_INSTANCES |
73 | Note that systemd-localed.service and other systemd units use | |
74 | PrivateNetwork and PrivateDevices so this is effectively required. | |
13468826 | 75 | |
713bc0cf KS |
76 | Optional but strongly recommended: |
77 | CONFIG_IPV6 | |
78 | CONFIG_AUTOFS4_FS | |
713bc0cf | 79 | CONFIG_TMPFS_XATTR |
a6cccd8f | 80 | CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL |
f28cbd03 | 81 | CONFIG_SECCOMP |
fd74fa79 | 82 | CONFIG_SECCOMP_FILTER (required for seccomp support) |
3b920d78 | 83 | CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall) |
713bc0cf | 84 | |
f4e74be1 | 85 | Required for CPUShares= in resource control unit settings |
a21b4670 UTL |
86 | CONFIG_CGROUP_SCHED |
87 | CONFIG_FAIR_GROUP_SCHED | |
88 | ||
f4e74be1 | 89 | Required for CPUQuota= in resource control unit settings |
0acd5a08 WC |
90 | CONFIG_CFS_BANDWIDTH |
91 | ||
f28cbd03 | 92 | For UEFI systems: |
f33016ff | 93 | CONFIG_EFIVAR_FS |
f28cbd03 KS |
94 | CONFIG_EFI_PARTITION |
95 | ||
f4e74be1 LP |
96 | We recommend to turn off Real-Time group scheduling in the |
97 | kernel when using systemd. RT group scheduling effectively | |
98 | makes RT scheduling unavailable for most userspace, since it | |
99 | requires explicit assignment of RT budgets to each unit whose | |
100 | processes making use of RT. As there's no sensible way to | |
101 | assign these budgets automatically this cannot really be | |
102 | fixed, and it's best to disable group scheduling hence. | |
103 | CONFIG_RT_GROUP_SCHED=n | |
104 | ||
77b6e194 LP |
105 | Note that kernel auditing is broken when used with systemd's |
106 | container code. When using systemd in conjunction with | |
19aadacf | 107 | containers, please make sure to either turn off auditing at |
77b6e194 LP |
108 | runtime using the kernel command line option "audit=0", or |
109 | turn it off at kernel compile time using: | |
110 | CONFIG_AUDIT=n | |
a7b1c397 LP |
111 | If systemd is compiled with libseccomp support on |
112 | architectures which do not use socketcall() and where seccomp | |
113 | is supported (this effectively means x86-64 and ARM, but | |
70a44afe | 114 | excludes 32-bit x86!), then nspawn will now install a |
a7b1c397 LP |
115 | work-around seccomp filter that makes containers boot even |
116 | with audit being enabled. This works correctly only on kernels | |
117 | 3.14 and newer though. TL;DR: turn audit off, still. | |
77b6e194 | 118 | |
3dd26f3e | 119 | glibc >= 2.16 |
3ede835a | 120 | libcap |
1d40ddbf | 121 | libmount >= 2.27.1 (from util-linux) |
d5bd92bb | 122 | (util-linux *must* be built with --enable-libmount-force-mountinfo) |
6abfd303 | 123 | libseccomp >= 2.3.1 (optional) |
d47f6ca5 | 124 | libblkid >= 2.24 (from util-linux) (optional) |
a18535d9 | 125 | libkmod >= 15 (optional) |
3ede835a LP |
126 | PAM >= 1.1.2 (optional) |
127 | libcryptsetup (optional) | |
128 | libaudit (optional) | |
19d5d4cb | 129 | libacl (optional) |
3ede835a | 130 | libselinux (optional) |
19d5d4cb | 131 | liblzma (optional) |
a509e0e6 | 132 | liblz4 >= 119 (optional) |
7b17a7d7 LP |
133 | libgcrypt (optional) |
134 | libqrencode (optional) | |
135 | libmicrohttpd (optional) | |
2cc86f09 | 136 | libpython (optional) |
f9ffbca2 | 137 | libidn (optional) |
5b244719 | 138 | elfutils >= 158 (optional) |
2cc86f09 ZJS |
139 | make, gcc, and similar tools |
140 | ||
19aadacf JE |
141 | During runtime, you need the following additional |
142 | dependencies: | |
2cc86f09 | 143 | |
1d40ddbf | 144 | util-linux >= v2.27.1 required |
ecf4f0a8 MG |
145 | dbus >= 1.4.0 (strictly speaking optional, but recommended) |
146 | NOTE: If using dbus < 1.9.18, you should override the default | |
147 | policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). | |
2cc86f09 | 148 | dracut (optional) |
46ba8aae | 149 | PolicyKit (optional) |
3ede835a | 150 | |
82627069 | 151 | When building from git, the following tools are needed: |
3ede835a | 152 | |
f4e5354a | 153 | pkg-config |
3ede835a LP |
154 | docbook-xsl |
155 | xsltproc | |
156 | automake | |
157 | autoconf | |
158 | libtool | |
19d5d4cb | 159 | intltool |
b62cfcea | 160 | gperf |
19d5d4cb | 161 | python (optional) |
32dcef3a | 162 | python-lxml (optional, but required to build the indices) |
21bc923a | 163 | |
82627069 KS |
164 | The build system is initialized with ./autogen.sh. A tar ball |
165 | can be created with: | |
166 | git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz | |
167 | ||
19aadacf JE |
168 | When systemd-hostnamed is used, it is strongly recommended to |
169 | install nss-myhostname to ensure that, in a world of | |
170 | dynamically changing hostnames, the hostname stays resolvable | |
fff2e5b5 | 171 | under all circumstances. In fact, systemd-hostnamed will warn |
bf9e477c | 172 | if nss-myhostname is not installed. |
fff2e5b5 | 173 | |
a2fc3d87 ZJS |
174 | Additional packages are necessary to run some tests: |
175 | - busybox (used by test/TEST-13-NSPAWN-SMOKE) | |
176 | - nc (used by test/TEST-12-ISSUE-3171) | |
177 | - python3-pyparsing | |
178 | - python3-evdev (used by hwdb parsing tests) | |
179 | - strace (used by test/test-functions) | |
180 | ||
a24c64f0 | 181 | USERS AND GROUPS: |
37495eed LP |
182 | Default udev rules use the following standard system group |
183 | names, which need to be resolvable by getgrnam() at any time, | |
184 | even in the very early boot stages, where no other databases | |
185 | and network are available: | |
186 | ||
3dff3e00 | 187 | audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video |
37c0e8f3 | 188 | |
19aadacf | 189 | During runtime, the journal daemon requires the |
1a9ce3f7 | 190 | "systemd-journal" system group to exist. New journal files will |
19aadacf | 191 | be readable by this group (but not writable), which may be used |
a48a62a1 ZJS |
192 | to grant specific users read access. In addition, system |
193 | groups "wheel" and "adm" will be given read-only access to | |
194 | journal files using systemd-tmpfiles.service. | |
a24c64f0 | 195 | |
37495eed | 196 | The journal gateway daemon requires the |
1a9ce3f7 | 197 | "systemd-journal-gateway" system user and group to |
37495eed LP |
198 | exist. During execution this network facing service will drop |
199 | privileges and assume this uid/gid for security reasons. | |
200 | ||
8d0e0ddd | 201 | Similarly, the NTP daemon requires the "systemd-timesync" system |
323a2f0b LP |
202 | user and group to exist. |
203 | ||
8d0e0ddd | 204 | Similarly, the network management daemon requires the |
323a2f0b LP |
205 | "systemd-network" system user and group to exist. |
206 | ||
8d0e0ddd | 207 | Similarly, the name resolution daemon requires the |
323a2f0b LP |
208 | "systemd-resolve" system user and group to exist. |
209 | ||
888e378d LP |
210 | Similarly, the coredump support requires the |
211 | "systemd-coredump" system user and group to exist. | |
212 | ||
a4a79605 | 213 | NSS: |
409093fe | 214 | systemd ships with four glibc NSS modules: |
a4a79605 LP |
215 | |
216 | nss-myhostname resolves the local hostname to locally | |
217 | configured IP addresses, as well as "localhost" to | |
218 | 127.0.0.1/::1. | |
219 | ||
220 | nss-resolve enables DNS resolution via the systemd-resolved | |
221 | DNS/LLMNR caching stub resolver "systemd-resolved". | |
222 | ||
409093fe LP |
223 | nss-mymachines enables resolution of all local containers registered |
224 | with machined to their respective IP addresses. It also maps UID/GIDs | |
225 | ranges used by containers to useful names. | |
a4a79605 | 226 | |
409093fe LP |
227 | nss-systemd enables resolution of all dynamically allocated service |
228 | users. (See the DynamicUser= setting in unit files.) | |
a4a79605 | 229 | |
409093fe LP |
230 | To make use of these NSS modules, please add them to the "hosts:", |
231 | "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve" | |
232 | module should replace the glibc "dns" module in this file (and don't | |
233 | worry, it chain-loads the "dns" module if it can't talk to resolved). | |
a4a79605 | 234 | |
409093fe LP |
235 | The four modules should be used in the following order: |
236 | ||
237 | passwd: compat mymachines systemd | |
238 | group: compat mymachines systemd | |
a4a79605 LP |
239 | hosts: files mymachines resolve myhostname |
240 | ||
0f0467e6 MP |
241 | SYSV INIT.D SCRIPTS: |
242 | When calling "systemctl enable/disable/is-enabled" on a unit which is a | |
243 | SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install; | |
244 | this needs to translate the action into the distribution specific | |
245 | mechanism such as chkconfig or update-rc.d. Packagers need to provide | |
246 | this script if you need this functionality (you don't if you disabled | |
247 | SysV init support). | |
248 | ||
249 | Please see src/systemctl/systemd-sysv-install.SKELETON for how this | |
250 | needs to look like, and provide an implementation at the marked places. | |
251 | ||
21bc923a | 252 | WARNINGS: |
21bc923a LP |
253 | systemd will warn you during boot if /usr is on a different |
254 | file system than /. While in systemd itself very little will | |
19aadacf | 255 | break if /usr is on a separate partition, many of its |
21bc923a | 256 | dependencies very likely will break sooner or later in one |
19aadacf | 257 | form or another. For example, udev rules tend to refer to |
21bc923a LP |
258 | binaries in /usr, binaries that link to libraries in /usr or |
259 | binaries that refer to data files in /usr. Since these | |
19aadacf | 260 | breakages are not always directly visible, systemd will warn |
21bc923a LP |
261 | about this, since this kind of file system setup is not really |
262 | supported anymore by the basic set of Linux OS components. | |
fc7a744c | 263 | |
47bc23c1 | 264 | systemd requires that the /run mount point exists. systemd also |
8f42ccd2 | 265 | requires that /var/run is a symlink to /run. |
47bc23c1 | 266 | |
aa167132 LP |
267 | For more information on this issue consult |
268 | http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken | |
269 | ||
1b4bb4fd ZJS |
270 | To run systemd under valgrind, compile with VALGRIND defined |
271 | (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise, | |
272 | false positives will be triggered by code which violates | |
273 | some rules but is actually safe. | |
2b671e95 | 274 | |
2ed3de9c LP |
275 | Currently, systemd-timesyncd defaults to use the Google NTP |
276 | servers if not specified otherwise at configure time. You | |
277 | really should not ship an OS or device with this default | |
278 | setting. See DISTRO_PORTING for details. | |
ada64a0c LP |
279 | |
280 | ENGINEERING AND CONSULTING SERVICES: | |
281 | Kinvolk (https://kinvolk.io) offers professional engineering | |
282 | and consulting services for systemd. Please contact Chris Kühl | |
283 | <chris@kinvolk.io> for more information. |