1 systemd System and Service Manager
4 http://0pointer.de/blog/projects/systemd.html
7 https://www.freedesktop.org/wiki/Software/systemd
10 git@github.com:systemd/systemd.git
11 https://github.com/systemd/systemd
14 https://lists.freedesktop.org/mailman/listinfo/systemd-devel
17 #systemd on irc.freenode.org
20 https://github.com/systemd/systemd/issues
28 LGPLv2.1+ for all code
29 - except src/basic/MurmurHash2.c which is Public Domain
30 - except src/basic/siphash24.c which is CC0 Public Domain
31 - except src/journal/lookup3.c which is Public Domain
32 - except src/udev/* which is (currently still) GPLv2, GPLv2+
36 Linux kernel >= 4.2 for unified cgroup hierarchy support
38 Kernel Config Options:
40 CONFIG_CGROUPS (it is OK to disable all controllers)
48 CONFIG_FHANDLE (libudev, mount and bind mount handling)
50 Kernel crypto/hash API
51 CONFIG_CRYPTO_USER_API_HASH
55 udev will fail to work with the legacy sysfs layout:
56 CONFIG_SYSFS_DEPRECATED=n
58 Legacy hotplug slows down the system and confuses udev:
59 CONFIG_UEVENT_HELPER_PATH=""
61 Userspace firmware loading is not supported and should
62 be disabled in the kernel:
63 CONFIG_FW_LOADER_USER_HELPER=n
65 Some udev rules and virtualization detection relies on it:
68 Support for some SCSI devices serial number retrieval, to
69 create additional symlinks in /dev/disk/ and /dev/tape:
72 Required for PrivateNetwork= and PrivateDevices= in service units:
74 CONFIG_DEVPTS_MULTIPLE_INSTANCES
75 Note that systemd-localed.service and other systemd units use
76 PrivateNetwork and PrivateDevices so this is effectively required.
78 Required for PrivateUsers= in service units:
81 Optional but strongly recommended:
85 CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
87 CONFIG_SECCOMP_FILTER (required for seccomp support)
88 CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
90 Required for CPUShares= in resource control unit settings
92 CONFIG_FAIR_GROUP_SCHED
94 Required for CPUQuota= in resource control unit settings
101 We recommend to turn off Real-Time group scheduling in the
102 kernel when using systemd. RT group scheduling effectively
103 makes RT scheduling unavailable for most userspace, since it
104 requires explicit assignment of RT budgets to each unit whose
105 processes making use of RT. As there's no sensible way to
106 assign these budgets automatically this cannot really be
107 fixed, and it's best to disable group scheduling hence.
108 CONFIG_RT_GROUP_SCHED=n
110 It's a good idea to disable the implicit creation of networking bonding
111 devices by the kernel networking bonding module, so that the
112 automatically created "bond0" interface doesn't conflict with any such
113 device created by systemd-networkd (or other tools). Please make sure
114 that the kernel module bonding.ko is shipped with max_bonds=0 set by
115 default. Ideally there would be a kernel compile-time option for this,
116 but there currently isn't. The next best thing is to make this change
117 through a modprobe.d drop-in.
119 Note that kernel auditing is broken when used with systemd's
120 container code. When using systemd in conjunction with
121 containers, please make sure to either turn off auditing at
122 runtime using the kernel command line option "audit=0", or
123 turn it off at kernel compile time using:
125 If systemd is compiled with libseccomp support on
126 architectures which do not use socketcall() and where seccomp
127 is supported (this effectively means x86-64 and ARM, but
128 excludes 32-bit x86!), then nspawn will now install a
129 work-around seccomp filter that makes containers boot even
130 with audit being enabled. This works correctly only on kernels
131 3.14 and newer though. TL;DR: turn audit off, still.
135 libmount >= 2.27.1 (from util-linux)
136 (util-linux < 2.29 *must* be built with --enable-libmount-force-mountinfo,
137 and later versions without --enable-libmount-support-mtab.)
138 libseccomp >= 2.3.1 (optional)
139 libblkid >= 2.24 (from util-linux) (optional)
140 libkmod >= 15 (optional)
141 PAM >= 1.1.2 (optional)
142 libcryptsetup (optional)
145 libselinux (optional)
147 liblz4 >= 119 (optional)
149 libqrencode (optional)
150 libmicrohttpd (optional)
152 libidn2 or libidn (optional)
153 elfutils >= 158 (optional)
156 docbook-xsl (optional, required for documentation)
157 xsltproc (optional, required for documentation)
158 python-lxml (optional, required to build the indices)
160 gcc, awk, sed, grep, m4, and similar tools
162 During runtime, you need the following additional
165 util-linux >= v2.27.1 required
166 dbus >= 1.4.0 (strictly speaking optional, but recommended)
167 NOTE: If using dbus < 1.9.18, you should override the default
168 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
172 To build in directory build/:
173 meson build/ && ninja -C build
175 Any configuration options can be specfied as -Darg=value... arguments
176 to meson. After the build directory is initially configured, meson will
177 refuse to run again, and options must be changed with:
178 mesonconf -Darg=value...
179 mesonconf without any arguments will print out available options and
180 their current values.
186 DESTDIR=... ninja install
188 A tarball can be created with:
189 git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
191 When systemd-hostnamed is used, it is strongly recommended to
192 install nss-myhostname to ensure that, in a world of
193 dynamically changing hostnames, the hostname stays resolvable
194 under all circumstances. In fact, systemd-hostnamed will warn
195 if nss-myhostname is not installed.
197 Additional packages are necessary to run some tests:
198 - busybox (used by test/TEST-13-NSPAWN-SMOKE)
199 - nc (used by test/TEST-12-ISSUE-3171)
201 - python3-evdev (used by hwdb parsing tests)
202 - strace (used by test/test-functions)
203 - capsh (optional, used by test-execute)
206 Default udev rules use the following standard system group
207 names, which need to be resolvable by getgrnam() at any time,
208 even in the very early boot stages, where no other databases
209 and network are available:
211 audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
213 During runtime, the journal daemon requires the
214 "systemd-journal" system group to exist. New journal files will
215 be readable by this group (but not writable), which may be used
216 to grant specific users read access. In addition, system
217 groups "wheel" and "adm" will be given read-only access to
218 journal files using systemd-tmpfiles.service.
220 The journal gateway daemon requires the
221 "systemd-journal-gateway" system user and group to
222 exist. During execution this network facing service will drop
223 privileges and assume this uid/gid for security reasons.
225 Similarly, the NTP daemon requires the "systemd-timesync" system
226 user and group to exist.
228 Similarly, the network management daemon requires the
229 "systemd-network" system user and group to exist.
231 Similarly, the name resolution daemon requires the
232 "systemd-resolve" system user and group to exist.
234 Similarly, the coredump support requires the
235 "systemd-coredump" system user and group to exist.
238 systemd ships with four glibc NSS modules:
240 nss-myhostname resolves the local hostname to locally
241 configured IP addresses, as well as "localhost" to
244 nss-resolve enables DNS resolution via the systemd-resolved
245 DNS/LLMNR caching stub resolver "systemd-resolved".
247 nss-mymachines enables resolution of all local containers registered
248 with machined to their respective IP addresses. It also maps UID/GIDs
249 ranges used by containers to useful names.
251 nss-systemd enables resolution of all dynamically allocated service
252 users. (See the DynamicUser= setting in unit files.)
254 To make use of these NSS modules, please add them to the "hosts:",
255 "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
256 module should replace the glibc "dns" module in this file (and don't
257 worry, it chain-loads the "dns" module if it can't talk to resolved).
259 The four modules should be used in the following order:
261 passwd: compat mymachines systemd
262 group: compat mymachines systemd
263 hosts: files mymachines resolve myhostname
266 When calling "systemctl enable/disable/is-enabled" on a unit which is a
267 SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
268 this needs to translate the action into the distribution specific
269 mechanism such as chkconfig or update-rc.d. Packagers need to provide
270 this script if you need this functionality (you don't if you disabled
273 Please see src/systemctl/systemd-sysv-install.SKELETON for how this
274 needs to look like, and provide an implementation at the marked places.
277 systemd will warn you during boot if /usr is on a different
278 file system than /. While in systemd itself very little will
279 break if /usr is on a separate partition, many of its
280 dependencies very likely will break sooner or later in one
281 form or another. For example, udev rules tend to refer to
282 binaries in /usr, binaries that link to libraries in /usr or
283 binaries that refer to data files in /usr. Since these
284 breakages are not always directly visible, systemd will warn
285 about this, since this kind of file system setup is not really
286 supported anymore by the basic set of Linux OS components.
288 systemd requires that the /run mount point exists. systemd also
289 requires that /var/run is a symlink to /run.
291 For more information on this issue consult
292 https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
294 To run systemd under valgrind, compile with VALGRIND defined
295 (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
296 false positives will be triggered by code which violates
297 some rules but is actually safe.
299 ENGINEERING AND CONSULTING SERVICES:
300 Kinvolk (https://kinvolk.io) offers professional engineering
301 and consulting services for systemd. Please contact Chris Kühl
302 <chris@kinvolk.io> for more information.