1 systemd System and Service Manager
4 http://0pointer.de/blog/projects/systemd.html
7 https://www.freedesktop.org/wiki/Software/systemd
10 git@github.com:systemd/systemd.git
11 https://github.com/systemd/systemd
14 https://lists.freedesktop.org/mailman/listinfo/systemd-devel
17 #systemd on irc.freenode.org
20 https://github.com/systemd/systemd/issues
28 LGPLv2.1+ for all code
29 - except src/basic/MurmurHash2.c which is Public Domain
30 - except src/basic/siphash24.c which is CC0 Public Domain
31 - except src/journal/lookup3.c which is Public Domain
32 - except src/udev/* which is (currently still) GPLv2, GPLv2+
36 Linux kernel >= 4.2 for unified cgroup hierarchy support
38 Kernel Config Options:
40 CONFIG_CGROUPS (it is OK to disable all controllers)
48 CONFIG_FHANDLE (libudev, mount and bind mount handling)
50 Kernel crypto/hash API
51 CONFIG_CRYPTO_USER_API_HASH
55 udev will fail to work with the legacy sysfs layout:
56 CONFIG_SYSFS_DEPRECATED=n
58 Legacy hotplug slows down the system and confuses udev:
59 CONFIG_UEVENT_HELPER_PATH=""
61 Userspace firmware loading is not supported and should
62 be disabled in the kernel:
63 CONFIG_FW_LOADER_USER_HELPER=n
65 Some udev rules and virtualization detection relies on it:
68 Support for some SCSI devices serial number retrieval, to
69 create additional symlinks in /dev/disk/ and /dev/tape:
72 Required for PrivateNetwork= in service units:
74 Note that systemd-localed.service and other systemd units use
75 PrivateNetwork so this is effectively required.
77 Required for PrivateUsers= in service units:
80 Optional but strongly recommended:
84 CONFIG_{TMPFS,EXT4_FS,XFS,BTRFS_FS,...}_POSIX_ACL
86 CONFIG_SECCOMP_FILTER (required for seccomp support)
87 CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
89 Required for CPUShares= in resource control unit settings
91 CONFIG_FAIR_GROUP_SCHED
93 Required for CPUQuota= in resource control unit settings
96 Required for IPAddressDeny= and IPAddressAllow= in resource control
104 We recommend to turn off Real-Time group scheduling in the
105 kernel when using systemd. RT group scheduling effectively
106 makes RT scheduling unavailable for most userspace, since it
107 requires explicit assignment of RT budgets to each unit whose
108 processes making use of RT. As there's no sensible way to
109 assign these budgets automatically this cannot really be
110 fixed, and it's best to disable group scheduling hence.
111 CONFIG_RT_GROUP_SCHED=n
113 It's a good idea to disable the implicit creation of networking bonding
114 devices by the kernel networking bonding module, so that the
115 automatically created "bond0" interface doesn't conflict with any such
116 device created by systemd-networkd (or other tools). Ideally there
117 would be a kernel compile-time option for this, but there currently
118 isn't. The next best thing is to make this change through a modprobe.d
119 drop-in. This is shipped by default, see modprobe.d/systemd.conf.
121 Required for systemd-nspawn:
122 CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
124 Note that kernel auditing is broken when used with systemd's
125 container code. When using systemd in conjunction with
126 containers, please make sure to either turn off auditing at
127 runtime using the kernel command line option "audit=0", or
128 turn it off at kernel compile time using:
130 If systemd is compiled with libseccomp support on
131 architectures which do not use socketcall() and where seccomp
132 is supported (this effectively means x86-64 and ARM, but
133 excludes 32-bit x86!), then nspawn will now install a
134 work-around seccomp filter that makes containers boot even
135 with audit being enabled. This works correctly only on kernels
136 3.14 and newer though. TL;DR: turn audit off, still.
140 libmount >= 2.30 (from util-linux)
141 (util-linux *must* be built without --enable-libmount-support-mtab)
142 libseccomp >= 2.3.1 (optional)
143 libblkid >= 2.24 (from util-linux) (optional)
144 libkmod >= 15 (optional)
145 PAM >= 1.1.2 (optional)
146 libcryptsetup (optional)
149 libselinux (optional)
151 liblz4 >= 119 (optional)
153 libqrencode (optional)
154 libmicrohttpd (optional)
156 libidn2 or libidn (optional)
157 elfutils >= 158 (optional)
161 docbook-xsl (optional, required for documentation)
162 xsltproc (optional, required for documentation)
163 python-lxml (optional, required to build the indices)
164 python >= 3.4, meson >= 0.44, ninja
165 gcc, awk, sed, grep, m4, and similar tools
167 During runtime, you need the following additional
170 util-linux >= v2.27.1 required
171 dbus >= 1.4.0 (strictly speaking optional, but recommended)
172 NOTE: If using dbus < 1.9.18, you should override the default
173 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
177 To build in directory build/:
178 meson build/ && ninja -C build
180 Any configuration options can be specfied as -Darg=value... arguments
181 to meson. After the build directory is initially configured, meson will
182 refuse to run again, and options must be changed with:
183 mesonconf -Darg=value...
184 mesonconf without any arguments will print out available options and
185 their current values.
191 DESTDIR=... ninja install
193 A tarball can be created with:
194 git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
196 When systemd-hostnamed is used, it is strongly recommended to
197 install nss-myhostname to ensure that, in a world of
198 dynamically changing hostnames, the hostname stays resolvable
199 under all circumstances. In fact, systemd-hostnamed will warn
200 if nss-myhostname is not installed.
202 nss-systemd must be enabled on systemd systems, as that's required for
203 DynamicUser= to work. Note that we ship services out-of-the-box that
204 make use of DynamicUser= now, hence enabling nss-systemd is not
207 Note that the build prefix for systemd must be /usr. -Dsplit-usr=false
208 (which is the default and does not need to be specified) is the
209 recommended setting, and -Dsplit-usr=true should be used on systems
210 which have /usr on a separate partition.
212 Additional packages are necessary to run some tests:
213 - busybox (used by test/TEST-13-NSPAWN-SMOKE)
214 - nc (used by test/TEST-12-ISSUE-3171)
216 - python3-evdev (used by hwdb parsing tests)
217 - strace (used by test/test-functions)
218 - capsh (optional, used by test-execute)
221 Default udev rules use the following standard system group
222 names, which need to be resolvable by getgrnam() at any time,
223 even in the very early boot stages, where no other databases
224 and network are available:
226 audio, cdrom, dialout, disk, input, kmem, kvm, lp, render, tape, tty, video
228 During runtime, the journal daemon requires the
229 "systemd-journal" system group to exist. New journal files will
230 be readable by this group (but not writable), which may be used
231 to grant specific users read access. In addition, system
232 groups "wheel" and "adm" will be given read-only access to
233 journal files using systemd-tmpfiles.service.
235 The journal remote daemon requires the
236 "systemd-journal-remote" system user and group to
237 exist. During execution this network facing service will drop
238 privileges and assume this uid/gid for security reasons.
240 Similarly, the network management daemon requires the
241 "systemd-network" system user and group to exist.
243 Similarly, the name resolution daemon requires the
244 "systemd-resolve" system user and group to exist.
246 Similarly, the coredump support requires the
247 "systemd-coredump" system user and group to exist.
250 systemd ships with four glibc NSS modules:
252 nss-myhostname resolves the local hostname to locally
253 configured IP addresses, as well as "localhost" to
256 nss-resolve enables DNS resolution via the systemd-resolved
257 DNS/LLMNR caching stub resolver "systemd-resolved".
259 nss-mymachines enables resolution of all local containers registered
260 with machined to their respective IP addresses. It also maps UID/GIDs
261 ranges used by containers to useful names.
263 nss-systemd enables resolution of all dynamically allocated service
264 users. (See the DynamicUser= setting in unit files.)
266 To make use of these NSS modules, please add them to the "hosts:",
267 "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
268 module should replace the glibc "dns" module in this file (and don't
269 worry, it chain-loads the "dns" module if it can't talk to resolved).
271 The four modules should be used in the following order:
273 passwd: compat mymachines systemd
274 group: compat mymachines systemd
275 hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
278 When calling "systemctl enable/disable/is-enabled" on a unit which is a
279 SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
280 this needs to translate the action into the distribution specific
281 mechanism such as chkconfig or update-rc.d. Packagers need to provide
282 this script if you need this functionality (you don't if you disabled
285 Please see src/systemctl/systemd-sysv-install.SKELETON for how this
286 needs to look like, and provide an implementation at the marked places.
289 systemd will warn during early boot if /usr is not already mounted at
290 this point (that means: either located on the same file system as / or
291 already mounted in the initrd). While in systemd itself very little
292 will break if /usr is on a separate, late-mounted partition, many of
293 its dependencies very likely will break sooner or later in one form or
294 another. For example, udev rules tend to refer to binaries in /usr,
295 binaries that link to libraries in /usr or binaries that refer to data
296 files in /usr. Since these breakages are not always directly visible,
297 systemd will warn about this, since this kind of file system setup is
298 not really supported anymore by the basic set of Linux OS components.
300 systemd requires that the /run mount point exists. systemd also
301 requires that /var/run is a symlink to /run.
303 For more information on this issue consult
304 https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
306 To run systemd under valgrind, compile with meson option
307 -Dvalgrind=true and have valgrind development headers installed
308 (i.e. valgrind-devel or equivalent). Otherwise, false positives will be
309 triggered by code which violates some rules but is actually safe. Note
310 that valgrind generates nice output only on exit(), hence on shutdown
311 we don't execve() systemd-shutdown.
313 STABLE BRANCHES AND BACKPORTS
315 Stable branches with backported patches are available in the
316 systemd-stable repo at https://github.com/systemd/systemd-stable.
318 Stable branches are started for certain releases of systemd and named
319 after them, e.g. v238-stable. Stable branches are managed by
320 distribution maintainers on an as needed basis. See
321 https://www.freedesktop.org/wiki/Software/systemd/Backports/ for some
322 more information and examples.
324 ENGINEERING AND CONSULTING SERVICES:
325 Kinvolk (https://kinvolk.io) offers professional engineering
326 and consulting services for systemd. Please contact Chris Kühl
327 <chris@kinvolk.io> for more information.