1 systemd System and Service Manager
4 http://0pointer.de/blog/projects/systemd.html
7 https://www.freedesktop.org/wiki/Software/systemd
10 git@github.com:systemd/systemd.git
11 https://github.com/systemd/systemd
14 https://lists.freedesktop.org/mailman/listinfo/systemd-devel
17 #systemd on irc.freenode.org
20 https://github.com/systemd/systemd/issues
28 LGPLv2.1+ for all code
29 - except src/basic/MurmurHash2.c which is Public Domain
30 - except src/basic/siphash24.c which is CC0 Public Domain
31 - except src/journal/lookup3.c which is Public Domain
32 - except src/udev/* which is (currently still) GPLv2, GPLv2+
36 Linux kernel >= 4.2 for unified cgroup hierarchy support
38 Kernel Config Options:
40 CONFIG_CGROUPS (it is OK to disable all controllers)
48 CONFIG_FHANDLE (libudev, mount and bind mount handling)
50 Kernel crypto/hash API
51 CONFIG_CRYPTO_USER_API_HASH
55 udev will fail to work with the legacy sysfs layout:
56 CONFIG_SYSFS_DEPRECATED=n
58 Legacy hotplug slows down the system and confuses udev:
59 CONFIG_UEVENT_HELPER_PATH=""
61 Userspace firmware loading is not supported and should
62 be disabled in the kernel:
63 CONFIG_FW_LOADER_USER_HELPER=n
65 Some udev rules and virtualization detection relies on it:
68 Support for some SCSI devices serial number retrieval, to
69 create additional symlinks in /dev/disk/ and /dev/tape:
72 Required for PrivateNetwork= and PrivateDevices= in service units:
74 CONFIG_DEVPTS_MULTIPLE_INSTANCES
75 Note that systemd-localed.service and other systemd units use
76 PrivateNetwork and PrivateDevices so this is effectively required.
78 Required for PrivateUsers= in service units:
81 Optional but strongly recommended:
85 CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
87 CONFIG_SECCOMP_FILTER (required for seccomp support)
88 CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
90 Required for CPUShares= in resource control unit settings
92 CONFIG_FAIR_GROUP_SCHED
94 Required for CPUQuota= in resource control unit settings
101 We recommend to turn off Real-Time group scheduling in the
102 kernel when using systemd. RT group scheduling effectively
103 makes RT scheduling unavailable for most userspace, since it
104 requires explicit assignment of RT budgets to each unit whose
105 processes making use of RT. As there's no sensible way to
106 assign these budgets automatically this cannot really be
107 fixed, and it's best to disable group scheduling hence.
108 CONFIG_RT_GROUP_SCHED=n
110 It's a good idea to disable the implicit creation of networking bonding
111 devices by the kernel networking bonding module, so that the
112 automatically created "bond0" interface doesn't conflict with any such
113 device created by systemd-networkd (or other tools). Ideally there
114 would be a kernel compile-time option for this, but there currently
115 isn't. The next best thing is to make this change through a modprobe.d
116 drop-in. This is shipped by default, see modprobe.d/systemd.conf.
118 Note that kernel auditing is broken when used with systemd's
119 container code. When using systemd in conjunction with
120 containers, please make sure to either turn off auditing at
121 runtime using the kernel command line option "audit=0", or
122 turn it off at kernel compile time using:
124 If systemd is compiled with libseccomp support on
125 architectures which do not use socketcall() and where seccomp
126 is supported (this effectively means x86-64 and ARM, but
127 excludes 32-bit x86!), then nspawn will now install a
128 work-around seccomp filter that makes containers boot even
129 with audit being enabled. This works correctly only on kernels
130 3.14 and newer though. TL;DR: turn audit off, still.
134 libmount >= 2.30 (from util-linux)
135 (util-linux *must* be built without --enable-libmount-support-mtab)
136 libseccomp >= 2.3.1 (optional)
137 libblkid >= 2.24 (from util-linux) (optional)
138 libkmod >= 15 (optional)
139 PAM >= 1.1.2 (optional)
140 libcryptsetup (optional)
143 libselinux (optional)
145 liblz4 >= 119 (optional)
147 libqrencode (optional)
148 libmicrohttpd (optional)
150 libidn2 or libidn (optional)
151 elfutils >= 158 (optional)
154 docbook-xsl (optional, required for documentation)
155 xsltproc (optional, required for documentation)
156 python-lxml (optional, required to build the indices)
158 gcc, awk, sed, grep, m4, and similar tools
160 During runtime, you need the following additional
163 util-linux >= v2.27.1 required
164 dbus >= 1.4.0 (strictly speaking optional, but recommended)
165 NOTE: If using dbus < 1.9.18, you should override the default
166 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
170 To build in directory build/:
171 meson build/ && ninja -C build
173 Any configuration options can be specfied as -Darg=value... arguments
174 to meson. After the build directory is initially configured, meson will
175 refuse to run again, and options must be changed with:
176 mesonconf -Darg=value...
177 mesonconf without any arguments will print out available options and
178 their current values.
184 DESTDIR=... ninja install
186 A tarball can be created with:
187 git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
189 When systemd-hostnamed is used, it is strongly recommended to
190 install nss-myhostname to ensure that, in a world of
191 dynamically changing hostnames, the hostname stays resolvable
192 under all circumstances. In fact, systemd-hostnamed will warn
193 if nss-myhostname is not installed.
195 Additional packages are necessary to run some tests:
196 - busybox (used by test/TEST-13-NSPAWN-SMOKE)
197 - nc (used by test/TEST-12-ISSUE-3171)
199 - python3-evdev (used by hwdb parsing tests)
200 - strace (used by test/test-functions)
201 - capsh (optional, used by test-execute)
204 Default udev rules use the following standard system group
205 names, which need to be resolvable by getgrnam() at any time,
206 even in the very early boot stages, where no other databases
207 and network are available:
209 audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
211 During runtime, the journal daemon requires the
212 "systemd-journal" system group to exist. New journal files will
213 be readable by this group (but not writable), which may be used
214 to grant specific users read access. In addition, system
215 groups "wheel" and "adm" will be given read-only access to
216 journal files using systemd-tmpfiles.service.
218 The journal gateway daemon requires the
219 "systemd-journal-gateway" system user and group to
220 exist. During execution this network facing service will drop
221 privileges and assume this uid/gid for security reasons.
223 Similarly, the NTP daemon requires the "systemd-timesync" system
224 user and group to exist.
226 Similarly, the network management daemon requires the
227 "systemd-network" system user and group to exist.
229 Similarly, the name resolution daemon requires the
230 "systemd-resolve" system user and group to exist.
232 Similarly, the coredump support requires the
233 "systemd-coredump" system user and group to exist.
236 systemd ships with four glibc NSS modules:
238 nss-myhostname resolves the local hostname to locally
239 configured IP addresses, as well as "localhost" to
242 nss-resolve enables DNS resolution via the systemd-resolved
243 DNS/LLMNR caching stub resolver "systemd-resolved".
245 nss-mymachines enables resolution of all local containers registered
246 with machined to their respective IP addresses. It also maps UID/GIDs
247 ranges used by containers to useful names.
249 nss-systemd enables resolution of all dynamically allocated service
250 users. (See the DynamicUser= setting in unit files.)
252 To make use of these NSS modules, please add them to the "hosts:",
253 "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
254 module should replace the glibc "dns" module in this file (and don't
255 worry, it chain-loads the "dns" module if it can't talk to resolved).
257 The four modules should be used in the following order:
259 passwd: compat mymachines systemd
260 group: compat mymachines systemd
261 hosts: files mymachines resolve myhostname
264 When calling "systemctl enable/disable/is-enabled" on a unit which is a
265 SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
266 this needs to translate the action into the distribution specific
267 mechanism such as chkconfig or update-rc.d. Packagers need to provide
268 this script if you need this functionality (you don't if you disabled
271 Please see src/systemctl/systemd-sysv-install.SKELETON for how this
272 needs to look like, and provide an implementation at the marked places.
275 systemd will warn you during boot if /usr is on a different
276 file system than /. While in systemd itself very little will
277 break if /usr is on a separate partition, many of its
278 dependencies very likely will break sooner or later in one
279 form or another. For example, udev rules tend to refer to
280 binaries in /usr, binaries that link to libraries in /usr or
281 binaries that refer to data files in /usr. Since these
282 breakages are not always directly visible, systemd will warn
283 about this, since this kind of file system setup is not really
284 supported anymore by the basic set of Linux OS components.
286 systemd requires that the /run mount point exists. systemd also
287 requires that /var/run is a symlink to /run.
289 For more information on this issue consult
290 https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
292 To run systemd under valgrind, compile with VALGRIND defined
293 (e.g. CPPFLAGS='... -DVALGRIND=1' meson <options>) and have valgrind
294 development headers installed (i.e. valgrind-devel or
295 equivalent). Otherwise, false positives will be triggered by code which
296 violates some rules but is actually safe. Note that valgrind generates
297 nice output only on exit(), hence on shutdown we don't execve()
300 ENGINEERING AND CONSULTING SERVICES:
301 Kinvolk (https://kinvolk.io) offers professional engineering
302 and consulting services for systemd. Please contact Chris Kühl
303 <chris@kinvolk.io> for more information.