README

   1 systemd System and Service Manager
   2
   3 DETAILS:
   4         http://0pointer.de/blog/projects/systemd.html
   5
   6 WEB SITE:
   7         https://www.freedesktop.org/wiki/Software/systemd
   8
   9 GIT:
  10         git@github.com:systemd/systemd.git
  11         https://github.com/systemd/systemd
  12
  13 MAILING LIST:
  14         https://lists.freedesktop.org/mailman/listinfo/systemd-devel
  15
  16 IRC:
  17         #systemd on irc.freenode.org
  18
  19 BUG REPORTS:
  20         https://github.com/systemd/systemd/issues
  21
  22 AUTHOR:
  23         Lennart Poettering
  24         Kay Sievers
  25         ...and many others
  26
  27 LICENSE:
  28         LGPLv2.1+ for all code
  29         - except src/basic/MurmurHash2.c which is Public Domain
  30         - except src/basic/siphash24.c which is CC0 Public Domain
  31         - except src/journal/lookup3.c which is Public Domain
  32         - except src/udev/* which is (currently still) GPLv2, GPLv2+
  33
  34 REQUIREMENTS:
  35         Linux kernel >= 3.13
  36         Linux kernel >= 4.2 for unified cgroup hierarchy support
  37
  38         Kernel Config Options:
  39           CONFIG_DEVTMPFS
  40           CONFIG_CGROUPS (it is OK to disable all controllers)
  41           CONFIG_INOTIFY_USER
  42           CONFIG_SIGNALFD
  43           CONFIG_TIMERFD
  44           CONFIG_EPOLL
  45           CONFIG_NET
  46           CONFIG_SYSFS
  47           CONFIG_PROC_FS
  48           CONFIG_FHANDLE (libudev, mount and bind mount handling)
  49
  50         Kernel crypto/hash API
  51           CONFIG_CRYPTO_USER_API_HASH
  52           CONFIG_CRYPTO_HMAC
  53           CONFIG_CRYPTO_SHA256
  54
  55         udev will fail to work with the legacy sysfs layout:
  56           CONFIG_SYSFS_DEPRECATED=n
  57
  58         Legacy hotplug slows down the system and confuses udev:
  59           CONFIG_UEVENT_HELPER_PATH=""
  60
  61         Userspace firmware loading is not supported and should
  62         be disabled in the kernel:
  63           CONFIG_FW_LOADER_USER_HELPER=n
  64
  65         Some udev rules and virtualization detection relies on it:
  66           CONFIG_DMIID
  67
  68         Support for some SCSI devices serial number retrieval, to
  69         create additional symlinks in /dev/disk/ and /dev/tape:
  70           CONFIG_BLK_DEV_BSG
  71
  72         Required for PrivateNetwork= and PrivateDevices= in service units:
  73           CONFIG_NET_NS
  74           CONFIG_DEVPTS_MULTIPLE_INSTANCES
  75         Note that systemd-localed.service and other systemd units use
  76         PrivateNetwork and PrivateDevices so this is effectively required.
  77
  78         Required for PrivateUsers= in service units:
  79           CONFIG_USER_NS
  80
  81         Optional but strongly recommended:
  82           CONFIG_IPV6
  83           CONFIG_AUTOFS4_FS
  84           CONFIG_TMPFS_XATTR
  85           CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
  86           CONFIG_SECCOMP
  87           CONFIG_SECCOMP_FILTER (required for seccomp support)
  88           CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
  89
  90         Required for CPUShares= in resource control unit settings
  91           CONFIG_CGROUP_SCHED
  92           CONFIG_FAIR_GROUP_SCHED
  93
  94         Required for CPUQuota= in resource control unit settings
  95           CONFIG_CFS_BANDWIDTH
  96
  97         For UEFI systems:
  98           CONFIG_EFIVAR_FS
  99           CONFIG_EFI_PARTITION
 100
 101         We recommend to turn off Real-Time group scheduling in the
 102         kernel when using systemd. RT group scheduling effectively
 103         makes RT scheduling unavailable for most userspace, since it
 104         requires explicit assignment of RT budgets to each unit whose
 105         processes making use of RT. As there's no sensible way to
 106         assign these budgets automatically this cannot really be
 107         fixed, and it's best to disable group scheduling hence.
 108            CONFIG_RT_GROUP_SCHED=n
 109
 110         It's a good idea to disable the implicit creation of networking bonding
 111         devices by the kernel networking bonding module, so that the
 112         automatically created "bond0" interface doesn't conflict with any such
 113         device created by systemd-networkd (or other tools). Please make sure
 114         that the kernel module bonding.ko is shipped with max_bonds=0 set by
 115         default. Ideally there would be a kernel compile-time option for this,
 116         but there currently isn't. The next best thing is to make this change
 117         through a modprobe.d drop-in.
 118
 119         Note that kernel auditing is broken when used with systemd's
 120         container code. When using systemd in conjunction with
 121         containers, please make sure to either turn off auditing at
 122         runtime using the kernel command line option "audit=0", or
 123         turn it off at kernel compile time using:
 124           CONFIG_AUDIT=n
 125         If systemd is compiled with libseccomp support on
 126         architectures which do not use socketcall() and where seccomp
 127         is supported (this effectively means x86-64 and ARM, but
 128         excludes 32-bit x86!), then nspawn will now install a
 129         work-around seccomp filter that makes containers boot even
 130         with audit being enabled. This works correctly only on kernels
 131         3.14 and newer though. TL;DR: turn audit off, still.
 132
 133         glibc >= 2.16
 134         libcap
 135         libmount >= 2.27.1 (from util-linux)
 136                 (util-linux < 2.29 *must* be built with --enable-libmount-force-mountinfo,
 137                  and later versions without --enable-libmount-support-mtab.)
 138         libseccomp >= 2.3.1 (optional)
 139         libblkid >= 2.24 (from util-linux) (optional)
 140         libkmod >= 15 (optional)
 141         PAM >= 1.1.2 (optional)
 142         libcryptsetup (optional)
 143         libaudit (optional)
 144         libacl (optional)
 145         libselinux (optional)
 146         liblzma (optional)
 147         liblz4 >= 119 (optional)
 148         libgcrypt (optional)
 149         libqrencode (optional)
 150         libmicrohttpd (optional)
 151         libpython (optional)
 152         libidn2 or libidn (optional)
 153         elfutils >= 158 (optional)
 154         pkg-config
 155         gperf >= 3.1
 156         docbook-xsl (optional, required for documentation)
 157         xsltproc    (optional, required for documentation)
 158         python-lxml (optional, required to build the indices)
 159         python, meson, ninja
 160         gcc, awk, sed, grep, m4, and similar tools
 161
 162         During runtime, you need the following additional
 163         dependencies:
 164
 165         util-linux >= v2.27.1 required
 166         dbus >= 1.4.0 (strictly speaking optional, but recommended)
 167                 NOTE: If using dbus < 1.9.18, you should override the default
 168                 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
 169         dracut (optional)
 170         PolicyKit (optional)
 171
 172         To build in directory build/:
 173           meson build/ && ninja -C build
 174
 175         Any configuration options can be specfied as -Darg=value... arguments
 176         to meson. After the build directory is initially configured, meson will
 177         refuse to run again, and options must be changed with:
 178           mesonconf -Darg=value...
 179         mesonconf without any arguments will print out available options and
 180         their current values.
 181
 182         Useful commands:
 183           ninja -v some/target
 184           ninja test
 185           sudo ninja install
 186           DESTDIR=... ninja install
 187
 188         A tarball can be created with:
 189           git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
 190
 191         When systemd-hostnamed is used, it is strongly recommended to
 192         install nss-myhostname to ensure that, in a world of
 193         dynamically changing hostnames, the hostname stays resolvable
 194         under all circumstances. In fact, systemd-hostnamed will warn
 195         if nss-myhostname is not installed.
 196
 197         Additional packages are necessary to run some tests:
 198         - busybox            (used by test/TEST-13-NSPAWN-SMOKE)
 199         - nc                 (used by test/TEST-12-ISSUE-3171)
 200         - python3-pyparsing
 201         - python3-evdev      (used by hwdb parsing tests)
 202         - strace             (used by test/test-functions)
 203         - capsh              (optional, used by test-execute)
 204
 205 USERS AND GROUPS:
 206         Default udev rules use the following standard system group
 207         names, which need to be resolvable by getgrnam() at any time,
 208         even in the very early boot stages, where no other databases
 209         and network are available:
 210
 211         audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
 212
 213         During runtime, the journal daemon requires the
 214         "systemd-journal" system group to exist. New journal files will
 215         be readable by this group (but not writable), which may be used
 216         to grant specific users read access. In addition, system
 217         groups "wheel" and "adm" will be given read-only access to
 218         journal files using systemd-tmpfiles.service.
 219
 220         The journal gateway daemon requires the
 221         "systemd-journal-gateway" system user and group to
 222         exist. During execution this network facing service will drop
 223         privileges and assume this uid/gid for security reasons.
 224
 225         Similarly, the NTP daemon requires the "systemd-timesync" system
 226         user and group to exist.
 227
 228         Similarly, the network management daemon requires the
 229         "systemd-network" system user and group to exist.
 230
 231         Similarly, the name resolution daemon requires the
 232         "systemd-resolve" system user and group to exist.
 233
 234         Similarly, the coredump support requires the
 235         "systemd-coredump" system user and group to exist.
 236
 237 NSS:
 238         systemd ships with four glibc NSS modules:
 239
 240         nss-myhostname resolves the local hostname to locally
 241         configured IP addresses, as well as "localhost" to
 242         127.0.0.1/::1.
 243
 244         nss-resolve enables DNS resolution via the systemd-resolved
 245         DNS/LLMNR caching stub resolver "systemd-resolved".
 246
 247         nss-mymachines enables resolution of all local containers registered
 248         with machined to their respective IP addresses. It also maps UID/GIDs
 249         ranges used by containers to useful names.
 250
 251         nss-systemd enables resolution of all dynamically allocated service
 252         users. (See the DynamicUser= setting in unit files.)
 253
 254         To make use of these NSS modules, please add them to the "hosts:",
 255         "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
 256         module should replace the glibc "dns" module in this file (and don't
 257         worry, it chain-loads the "dns" module if it can't talk to resolved).
 258
 259         The four modules should be used in the following order:
 260
 261                 passwd: compat mymachines systemd
 262                 group: compat mymachines systemd
 263                 hosts: files mymachines resolve myhostname
 264
 265 SYSV INIT.D SCRIPTS:
 266         When calling "systemctl enable/disable/is-enabled" on a unit which is a
 267         SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
 268         this needs to translate the action into the distribution specific
 269         mechanism such as chkconfig or update-rc.d. Packagers need to provide
 270         this script if you need this functionality (you don't if you disabled
 271         SysV init support).
 272
 273         Please see src/systemctl/systemd-sysv-install.SKELETON for how this
 274         needs to look like, and provide an implementation at the marked places.
 275
 276 WARNINGS:
 277         systemd will warn you during boot if /usr is on a different
 278         file system than /. While in systemd itself very little will
 279         break if /usr is on a separate partition, many of its
 280         dependencies very likely will break sooner or later in one
 281         form or another. For example, udev rules tend to refer to
 282         binaries in /usr, binaries that link to libraries in /usr or
 283         binaries that refer to data files in /usr. Since these
 284         breakages are not always directly visible, systemd will warn
 285         about this, since this kind of file system setup is not really
 286         supported anymore by the basic set of Linux OS components.
 287
 288         systemd requires that the /run mount point exists. systemd also
 289         requires that /var/run is a symlink to /run.
 290
 291         For more information on this issue consult
 292         https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
 293
 294         To run systemd under valgrind, compile with VALGRIND defined
 295         (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
 296         false positives will be triggered by code which violates
 297         some rules but is actually safe.
 298
 299 ENGINEERING AND CONSULTING SERVICES:
 300         Kinvolk (https://kinvolk.io) offers professional engineering
 301         and consulting services for systemd. Please contact Chris Kühl
 302         <chris@kinvolk.io> for more information.