Merge pull request #18684 from yuwata/sd-device-cleanups-and-udevadm-fix

[thirdparty/systemd.git] / man / daemon.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="daemon">

  <refentryinfo>
    <title>daemon</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>daemon</refentrytitle>
    <manvolnum>7</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>daemon</refname>
    <refpurpose>Writing and packaging system daemons</refpurpose>
  </refnamediv>

  <refsect1>
    <title>Description</title>

    <para>A daemon is a service process that runs in the background
    and supervises the system or provides functionality to other
    processes. Traditionally, daemons are implemented following a
    scheme originating in SysV Unix. Modern daemons should follow a
    simpler yet more powerful scheme (here called "new-style"
    daemons), as implemented by
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    This manual page covers both schemes, and in particular includes
    recommendations for daemons that shall be included in the systemd
    init system.</para>

    <refsect2>
      <title>SysV Daemons</title>

      <para>When a traditional SysV daemon starts, it should execute
      the following steps as part of the initialization. Note that
      these steps are unnecessary for new-style daemons (see below),
      and should only be implemented if compatibility with SysV is
      essential.</para>

      <orderedlist>
        <listitem><para>Close all open file descriptors except
        standard input, output, and error (i.e. the first three file
        descriptors 0, 1, 2). This ensures that no accidentally passed
        file descriptor stays around in the daemon process. On Linux,
        this is best implemented by iterating through
        <filename>/proc/self/fd</filename>, with a fallback of
        iterating from file descriptor 3 to the value returned by
        <function>getrlimit()</function> for
        <constant>RLIMIT_NOFILE</constant>. </para></listitem>

        <listitem><para>Reset all signal handlers to their default.
        This is best done by iterating through the available signals
        up to the limit of <constant>_NSIG</constant> and resetting
        them to <constant>SIG_DFL</constant>.</para></listitem>

        <listitem><para>Reset the signal mask
        using
        <function>sigprocmask()</function>.</para></listitem>

        <listitem><para>Sanitize the environment block, removing or
        resetting environment variables that might negatively impact
        daemon runtime.</para></listitem>

        <listitem><para>Call <function>fork()</function>, to create a
        background process.</para></listitem>

        <listitem><para>In the child, call
        <function>setsid()</function> to detach from any terminal and
        create an independent session.</para></listitem>

        <listitem><para>In the child, call <function>fork()</function> again, to ensure that the daemon can
        never re-acquire a terminal again. (This relevant if the program — and all its dependencies — does
        not carefully specify `O_NOCTTY` on each and every single `open()` call that might potentially open a
        TTY device node.)</para></listitem>

        <listitem><para>Call <function>exit()</function> in the first
        child, so that only the second child (the actual daemon
        process) stays around. This ensures that the daemon process is
        re-parented to init/PID 1, as all daemons should
        be.</para></listitem>

        <listitem><para>In the daemon process, connect
        <filename>/dev/null</filename> to standard input, output, and
        error.</para></listitem>

        <listitem><para>In the daemon process, reset the umask to 0,
        so that the file modes passed to <function>open()</function>,
        <function>mkdir()</function> and suchlike directly control the
        access mode of the created files and
        directories.</para></listitem>

        <listitem><para>In the daemon process, change the current
        directory to the root directory (/), in order to avoid that
        the daemon involuntarily blocks mount points from being
        unmounted.</para></listitem>

        <listitem><para>In the daemon process, write the daemon PID
        (as returned by <function>getpid()</function>) to a PID file,
        for example <filename index='false'>/run/foobar.pid</filename> (for a
        hypothetical daemon "foobar") to ensure that the daemon cannot
        be started more than once. This must be implemented in
        race-free fashion so that the PID file is only updated when it
        is verified at the same time that the PID previously stored in
        the PID file no longer exists or belongs to a foreign
        process.</para></listitem>

        <listitem><para>In the daemon process, drop privileges, if
        possible and applicable.</para></listitem>

        <listitem><para>From the daemon process, notify the original
        process started that initialization is complete. This can be
        implemented via an unnamed pipe or similar communication
        channel that is created before the first
        <function>fork()</function> and hence available in both the
        original and the daemon process.</para></listitem>

        <listitem><para>Call <function>exit()</function> in the
        original process. The process that invoked the daemon must be
        able to rely on that this <function>exit()</function> happens
        after initialization is complete and all external
        communication channels are established and
        accessible.</para></listitem>
      </orderedlist>

      <para>The BSD <function>daemon()</function> function should not
      be used, as it implements only a subset of these steps.</para>

      <para>A daemon that needs to provide compatibility with SysV
      systems should implement the scheme pointed out above. However,
      it is recommended to make this behavior optional and
      configurable via a command line argument to ease debugging as
      well as to simplify integration into systems using
      systemd.</para>
    </refsect2>

    <refsect2>
      <title>New-Style Daemons</title>

      <para>Modern services for Linux should be implemented as
      new-style daemons. This makes it easier to supervise and control
      them at runtime and simplifies their implementation.</para>

      <para>For developing a new-style daemon, none of the
      initialization steps recommended for SysV daemons need to be
      implemented. New-style init systems such as systemd make all of
      them redundant. Moreover, since some of these steps interfere
      with process monitoring, file descriptor passing and other
      functionality of the init system, it is recommended not to
      execute them when run as new-style service.</para>

      <para>Note that new-style init systems guarantee execution of daemon processes in a clean process context: it is
      guaranteed that the environment block is sanitized, that the signal handlers and mask is reset and that no
      left-over file descriptors are passed. Daemons will be executed in their own session, with standard input
      connected to <filename>/dev/null</filename> and standard output/error connected to the
      <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      logging service, unless otherwise configured. The umask is reset.
      </para>

      <para>It is recommended for new-style daemons to implement the
      following:</para>

      <orderedlist>
        <listitem><para>If <constant>SIGTERM</constant> is received,
        shut down the daemon and exit cleanly.</para></listitem>

        <listitem><para>If <constant>SIGHUP</constant> is received,
        reload the configuration files, if this
        applies.</para></listitem>

        <listitem><para>Provide a correct exit code from the main
        daemon process, as this is used by the init system to detect
        service errors and problems. It is recommended to follow the
        exit code scheme as defined in the <ulink
        url="http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
        recommendations for SysV init
        scripts</ulink>.</para></listitem>

        <listitem><para>If possible and applicable, expose the
        daemon's control interface via the D-Bus IPC system and grab a
        bus name as last step of initialization.</para></listitem>

        <listitem><para>For integration in systemd, provide a
        <filename>.service</filename> unit file that carries
        information about starting, stopping and otherwise maintaining
        the daemon. See
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details.</para></listitem>

        <listitem><para>As much as possible, rely on the init system's
        functionality to limit the access of the daemon to files,
        services and other resources, i.e. in the case of systemd,
        rely on systemd's resource limit control instead of
        implementing your own, rely on systemd's privilege dropping
        code instead of implementing it in the daemon, and similar.
        See
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for the available controls.</para></listitem>

        <listitem><para>If D-Bus is used, make your daemon
        bus-activatable by supplying a D-Bus service activation
        configuration file. This has multiple advantages: your daemon
        may be started lazily on-demand; it may be started in parallel
        to other daemons requiring it — which maximizes
        parallelization and boot-up speed; your daemon can be
        restarted on failure without losing any bus requests, as the
        bus queues requests for activatable services. See below for
        details.</para></listitem>

        <listitem><para>If your daemon provides services to other
        local processes or remote clients via a socket, it should be
        made socket-activatable following the scheme pointed out
        below. Like D-Bus activation, this enables on-demand starting
        of services as well as it allows improved parallelization of
        service start-up. Also, for state-less protocols (such as
        syslog, DNS), a daemon implementing socket-based activation
        can be restarted without losing a single request. See below
        for details.</para></listitem>

        <listitem><para>If applicable, a daemon should notify the init
        system about startup completion or status updates via the
        <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
        interface.</para></listitem>

        <listitem><para>Instead of using the
        <function>syslog()</function> call to log directly to the
        system syslog service, a new-style daemon may choose to simply
        log to standard error via <function>fprintf()</function>,
        which is then forwarded to syslog by the init system. If log
        levels are necessary, these can be encoded by prefixing
        individual log lines with strings like
        <literal>&lt;4&gt;</literal> (for log level 4 "WARNING" in the
        syslog priority scheme), following a similar style as the
        Linux kernel's <function>printk()</function> level system. For
        details, see
        <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
        and
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

        <listitem><para>As new-style daemons are invoked without a controlling TTY (but as their own session
        leaders) care should be taken to always specify `O_NOCTTY` on `open()` calls that possibly reference
        a TTY device node, so that no controlling TTY is accidentally acquired.</para></listitem>

      </orderedlist>

      <para>These recommendations are similar but not identical to the
      <ulink
      url="https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html">Apple
      MacOS X Daemon Requirements</ulink>.</para>
    </refsect2>

  </refsect1>
  <refsect1>
    <title>Activation</title>

    <para>New-style init systems provide multiple additional
    mechanisms to activate services, as detailed below. It is common
    that services are configured to be activated via more than one
    mechanism at the same time. An example for systemd:
    <filename>bluetoothd.service</filename> might get activated either
    when Bluetooth hardware is plugged in, or when an application
    accesses its programming interfaces via D-Bus. Or, a print server
    daemon might get activated when traffic arrives at an IPP port, or
    when a printer is plugged in, or when a file is queued in the
    printer spool directory. Even for services that are intended to be
    started on system bootup unconditionally, it is a good idea to
    implement some of the various activation schemes outlined below,
    in order to maximize parallelization. If a daemon implements a
    D-Bus service or listening socket, implementing the full bus and
    socket activation scheme allows starting of the daemon with its
    clients in parallel (which speeds up boot-up), since all its
    communication channels are established already, and no request is
    lost because client requests will be queued by the bus system (in
    case of D-Bus) or the kernel (in case of sockets) until the
    activation is completed.</para>

    <refsect2>
      <title>Activation on Boot</title>

      <para>Old-style daemons are usually activated exclusively on
      boot (and manually by the administrator) via SysV init scripts,
      as detailed in the <ulink
      url="http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
      Linux Standard Base Core Specification</ulink>. This method of
      activation is supported ubiquitously on Linux init systems, both
      old-style and new-style systems. Among other issues, SysV init
      scripts have the disadvantage of involving shell scripts in the
      boot process. New-style init systems generally employ updated
      versions of activation, both during boot-up and during runtime
      and using more minimal service description files.</para>

      <para>In systemd, if the developer or administrator wants to
      make sure that a service or other unit is activated
      automatically on boot, it is recommended to place a symlink to
      the unit file in the <filename>.wants/</filename> directory of
      either <filename>multi-user.target</filename> or
      <filename>graphical.target</filename>, which are normally used
      as boot targets at system startup. See
      <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for details about the <filename>.wants/</filename> directories,
      and
      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
      for details about the two boot targets.</para>

    </refsect2>

    <refsect2>
      <title>Socket-Based Activation</title>

      <para>In order to maximize the possible parallelization and
      robustness and simplify configuration and development, it is
      recommended for all new-style daemons that communicate via
      listening sockets to employ socket-based activation. In a
      socket-based activation scheme, the creation and binding of the
      listening socket as primary communication channel of daemons to
      local (and sometimes remote) clients is moved out of the daemon
      code and into the init system. Based on per-daemon
      configuration, the init system installs the sockets and then
      hands them off to the spawned process as soon as the respective
      daemon is to be started. Optionally, activation of the service
      can be delayed until the first inbound traffic arrives at the
      socket to implement on-demand activation of daemons. However,
      the primary advantage of this scheme is that all providers and
      all consumers of the sockets can be started in parallel as soon
      as all sockets are established. In addition to that, daemons can
      be restarted with losing only a minimal number of client
      transactions, or even any client request at all (the latter is
      particularly true for state-less protocols, such as DNS or
      syslog), because the socket stays bound and accessible during
      the restart, and all requests are queued while the daemon cannot
      process them.</para>

      <para>New-style daemons which support socket activation must be
      able to receive their sockets from the init system instead of
      creating and binding them themselves. For details about the
      programming interfaces for this scheme provided by systemd, see
      <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
      and
      <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
      For details about porting existing daemons to socket-based
      activation, see below. With minimal effort, it is possible to
      implement socket-based activation in addition to traditional
      internal socket creation in the same codebase in order to
      support both new-style and old-style init systems from the same
      daemon binary.</para>

      <para>systemd implements socket-based activation via
      <filename>.socket</filename> units, which are described in
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
      When configuring socket units for socket-based activation, it is
      essential that all listening sockets are pulled in by the
      special target unit <filename>sockets.target</filename>. It is
      recommended to place a
      <varname>WantedBy=sockets.target</varname> directive in the
      [Install] section to automatically add such a
      dependency on installation of a socket unit. Unless
      <varname>DefaultDependencies=no</varname> is set, the necessary
      ordering dependencies are implicitly created for all socket
      units. For more information about
      <filename>sockets.target</filename>, see
      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
      It is not necessary or recommended to place any additional
      dependencies on socket units (for example from
      <filename>multi-user.target</filename> or suchlike) when one is
      installed in <filename>sockets.target</filename>.</para>
    </refsect2>

    <refsect2>
      <title>Bus-Based Activation</title>

      <para>When the D-Bus IPC system is used for communication with
      clients, new-style daemons should employ bus activation so that
      they are automatically activated when a client application
      accesses their IPC interfaces. This is configured in D-Bus
      service files (not to be confused with systemd service unit
      files!). To ensure that D-Bus uses systemd to start-up and
      maintain the daemon, use the <varname>SystemdService=</varname>
      directive in these service files to configure the matching
      systemd service for a D-Bus service. e.g.: For a D-Bus service
      whose D-Bus activation file is named
      <filename>org.freedesktop.RealtimeKit.service</filename>, make
      sure to set
      <varname>SystemdService=rtkit-daemon.service</varname> in that
      file to bind it to the systemd service
      <filename>rtkit-daemon.service</filename>. This is needed to
      make sure that the daemon is started in a race-free fashion when
      activated via multiple mechanisms simultaneously.</para>
    </refsect2>

    <refsect2>
      <title>Device-Based Activation</title>

      <para>Often, daemons that manage a particular type of hardware
      should be activated only when the hardware of the respective
      kind is plugged in or otherwise becomes available. In a
      new-style init system, it is possible to bind activation to
      hardware plug/unplug events. In systemd, kernel devices
      appearing in the sysfs/udev device tree can be exposed as units
      if they are tagged with the string <literal>systemd</literal>.
      Like any other kind of unit, they may then pull in other units
      when activated (i.e. plugged in) and thus implement device-based
      activation. systemd dependencies may be encoded in the udev
      database via the <varname>SYSTEMD_WANTS=</varname> property. See
      <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for details. Often, it is nicer to pull in services from devices
      only indirectly via dedicated targets. Example: Instead of
      pulling in <filename>bluetoothd.service</filename> from all the
      various bluetooth dongles and other hardware available, pull in
      bluetooth.target from them and
      <filename>bluetoothd.service</filename> from that target. This
      provides for nicer abstraction and gives administrators the
      option to enable <filename>bluetoothd.service</filename> via
      controlling a <filename>bluetooth.target.wants/</filename>
      symlink uniformly with a command like <command>enable</command>
      of
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
      instead of manipulating the udev ruleset.</para>
    </refsect2>

    <refsect2>
      <title>Path-Based Activation</title>

      <para>Often, runtime of daemons processing spool files or
      directories (such as a printing system) can be delayed until
      these file system objects change state, or become non-empty.
      New-style init systems provide a way to bind service activation
      to file system changes. systemd implements this scheme via
      path-based activation configured in <filename>.path</filename>
      units, as outlined in
      <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
    </refsect2>

    <refsect2>
      <title>Timer-Based Activation</title>

      <para>Some daemons that implement clean-up jobs that are
      intended to be executed in regular intervals benefit from
      timer-based activation. In systemd, this is implemented via
      <filename>.timer</filename> units, as described in
      <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
    </refsect2>

    <refsect2>
      <title>Other Forms of Activation</title>

      <para>Other forms of activation have been suggested and implemented in some systems. However, there are
      often simpler or better alternatives, or they can be put together of combinations of the schemes
      above. Example: Sometimes, it appears useful to start daemons or <filename>.socket</filename> units
      when a specific IP address is configured on a network interface, because network sockets shall be bound
      to the address. However, an alternative to implement this is by utilizing the Linux
      <constant>IP_FREEBIND</constant>/<constant>IPV6_FREEBIND</constant> socket option, as accessible via
      <varname>FreeBind=yes</varname> in systemd socket files (see
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
      details). This option, when enabled, allows sockets to be bound to a non-local, not configured IP
      address, and hence allows bindings to a particular IP address before it actually becomes available,
      making such an explicit dependency to the configured address redundant. Another often suggested trigger
      for service activation is low system load. However, here too, a more convincing approach might be to
      make proper use of features of the operating system, in particular, the CPU or I/O scheduler of
      Linux. Instead of scheduling jobs from userspace based on monitoring the OS scheduler, it is advisable
      to leave the scheduling of processes to the OS scheduler itself. systemd provides fine-grained access
      to the CPU and I/O schedulers. If a process executed by the init system shall not negatively impact the
      amount of CPU or I/O bandwidth available to other processes, it should be configured with
      <varname>CPUSchedulingPolicy=idle</varname> and/or
      <varname>IOSchedulingClass=idle</varname>. Optionally, this may be combined with timer-based activation
      to schedule background jobs during runtime and with minimal impact on the system, and remove it from
      the boot phase itself.</para>
    </refsect2>

  </refsect1>
  <refsect1>
    <title>Integration with systemd</title>

    <refsect2>
      <title>Writing systemd Unit Files</title>

      <para>When writing systemd unit files, it is recommended to
      consider the following suggestions:</para>

      <orderedlist>
        <listitem><para>If possible, do not use the
        <varname>Type=forking</varname> setting in service files. But
        if you do, make sure to set the PID file path using
        <varname>PIDFile=</varname>. See
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details.</para></listitem>

        <listitem><para>If your daemon registers a D-Bus name on the
        bus, make sure to use <varname>Type=dbus</varname> in the
        service file if possible.</para></listitem>

        <listitem><para>Make sure to set a good human-readable
        description string with
        <varname>Description=</varname>.</para></listitem>

        <listitem><para>Do not disable
        <varname>DefaultDependencies=</varname>, unless you really
        know what you do and your unit is involved in early boot or
        late system shutdown.</para></listitem>

        <listitem><para>Normally, little if any dependencies should
        need to be defined explicitly. However, if you do configure
        explicit dependencies, only refer to unit names listed on
        <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        or names introduced by your own package to keep the unit file
        operating system-independent.</para></listitem>

        <listitem><para>Make sure to include an
        [Install] section including installation
        information for the unit file. See
        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. To activate your service on boot, make sure to
        add a <varname>WantedBy=multi-user.target</varname> or
        <varname>WantedBy=graphical.target</varname> directive. To
        activate your socket on boot, make sure to add
        <varname>WantedBy=sockets.target</varname>. Usually, you also
        want to make sure that when your service is installed, your
        socket is installed too, hence add
        <varname>Also=foo.socket</varname> in your service file
        <filename>foo.service</filename>, for a hypothetical program
        <filename>foo</filename>.</para></listitem>

      </orderedlist>
    </refsect2>

    <refsect2>
      <title>Installing systemd Service Files</title>

      <para>At the build installation time (e.g. <command>make
      install</command> during package build), packages are
      recommended to install their systemd unit files in the directory
      returned by <command>pkg-config systemd
      --variable=systemdsystemunitdir</command> (for system services)
      or <command>pkg-config systemd
      --variable=systemduserunitdir</command> (for user services).
      This will make the services available in the system on explicit
      request but not activate them automatically during boot.
      Optionally, during package installation (e.g. <command>rpm
      -i</command> by the administrator), symlinks should be created
      in the systemd configuration directories via the
      <command>enable</command> command of the
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
      tool to activate them automatically on boot.</para>

      <para>Packages using
      <citerefentry project='die-net'><refentrytitle>autoconf</refentrytitle><manvolnum>1</manvolnum></citerefentry>
      are recommended to use a configure script
      excerpt like the following to determine the
      unit installation path during source
      configuration:</para>

      <programlisting>PKG_PROG_PKG_CONFIG
AC_ARG_WITH([systemdsystemunitdir],
     [AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files])],,
     [with_systemdsystemunitdir=auto])
AS_IF([test "x$with_systemdsystemunitdir" = "xyes" -o "x$with_systemdsystemunitdir" = "xauto"], [
     def_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)

     AS_IF([test "x$def_systemdsystemunitdir" = "x"],
   [AS_IF([test "x$with_systemdsystemunitdir" = "xyes"],
    [AC_MSG_ERROR([systemd support requested but pkg-config unable to query systemd package])])
    with_systemdsystemunitdir=no],
   [with_systemdsystemunitdir="$def_systemdsystemunitdir"])])
AS_IF([test "x$with_systemdsystemunitdir" != "xno"],
      [AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])])
AM_CONDITIONAL([HAVE_SYSTEMD], [test "x$with_systemdsystemunitdir" != "xno"])</programlisting>

      <para>This snippet allows automatic
      installation of the unit files on systemd
      machines, and optionally allows their
      installation even on machines lacking
      systemd. (Modification of this snippet for the
      user unit directory is left as an exercise for the
      reader.)</para>

      <para>Additionally, to ensure that
      <command>make distcheck</command> continues to
      work, it is recommended to add the following
      to the top-level <filename>Makefile.am</filename>
      file in
      <citerefentry project='die-net'><refentrytitle>automake</refentrytitle><manvolnum>1</manvolnum></citerefentry>-based
      projects:</para>

      <programlisting>AM_DISTCHECK_CONFIGURE_FLAGS = \
  --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)</programlisting>

      <para>Finally, unit files should be installed in the system with an automake excerpt like the following:</para>

      <programlisting>if HAVE_SYSTEMD
systemdsystemunit_DATA = \
  foobar.socket \
  foobar.service
endif</programlisting>

      <para>In the
      <citerefentry project='die-net'><refentrytitle>rpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      <filename>.spec</filename> file, use snippets like the following
      to enable/disable the service during
      installation/deinstallation. This makes use of the RPM macros
      shipped along systemd. Consult the packaging guidelines of your
      distribution for details and the equivalent for other package
      managers.</para>

      <para>At the top of the file:</para>

      <programlisting>BuildRequires: systemd
%{?systemd_requires}</programlisting>

      <para>And as scriptlets, further down:</para>

      <programlisting>%post
%systemd_post foobar.service foobar.socket

%preun
%systemd_preun foobar.service foobar.socket

%postun
%systemd_postun</programlisting>

      <para>If the service shall be restarted during upgrades, replace
      the <literal>%postun</literal> scriptlet above with the
      following:</para>

      <programlisting>%postun
%systemd_postun_with_restart foobar.service</programlisting>

      <para>Note that <literal>%systemd_post</literal> and
      <literal>%systemd_preun</literal> expect the names of all units
      that are installed/removed as arguments, separated by spaces.
      <literal>%systemd_postun</literal> expects no arguments.
      <literal>%systemd_postun_with_restart</literal> expects the
      units to restart as arguments.</para>

      <para>To facilitate upgrades from a package version that shipped
      only SysV init scripts to a package version that ships both a
      SysV init script and a native systemd service file, use a
      fragment like the following:</para>

      <programlisting>%triggerun -- foobar &lt; 0.47.11-1
if /sbin/chkconfig --level 5 foobar ; then
  /bin/systemctl --no-reload enable foobar.service foobar.socket >/dev/null 2>&amp;1 || :
fi</programlisting>

      <para>Where 0.47.11-1 is the first package version that includes
      the native unit file. This fragment will ensure that the first
      time the unit file is installed, it will be enabled if and only
      if the SysV init script is enabled, thus making sure that the
      enable status is not changed. Note that
      <command>chkconfig</command> is a command specific to Fedora
      which can be used to check whether a SysV init script is
      enabled. Other operating systems will have to use different
      commands here.</para>
    </refsect2>
  </refsect1>

  <refsect1>
    <title>Porting Existing Daemons</title>

    <para>Since new-style init systems such as systemd are compatible
    with traditional SysV init systems, it is not strictly necessary
    to port existing daemons to the new style. However, doing so
    offers additional functionality to the daemons as well as
    simplifying integration into new-style init systems.</para>

    <para>To port an existing SysV compatible daemon, the following
    steps are recommended:</para>

    <orderedlist>
      <listitem><para>If not already implemented, add an optional
      command line switch to the daemon to disable daemonization. This
      is useful not only for using the daemon in new-style init
      systems, but also to ease debugging.</para></listitem>

      <listitem><para>If the daemon offers interfaces to other
      software running on the local system via local
      <constant>AF_UNIX</constant> sockets, consider implementing
      socket-based activation (see above). Usually, a minimal patch is
      sufficient to implement this: Extend the socket creation in the
      daemon code so that
      <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
      is checked for already passed sockets first. If sockets are
      passed (i.e. when <function>sd_listen_fds()</function> returns a
      positive value), skip the socket creation step and use the
      passed sockets. Secondly, ensure that the file system socket
      nodes for local <constant>AF_UNIX</constant> sockets used in the
      socket-based activation are not removed when the daemon shuts
      down, if sockets have been passed. Third, if the daemon normally
      closes all remaining open file descriptors as part of its
      initialization, the sockets passed from the init system must be
      spared. Since new-style init systems guarantee that no left-over
      file descriptors are passed to executed processes, it might be a
      good choice to simply skip the closing of all remaining open
      file descriptors if sockets are passed.</para></listitem>

      <listitem><para>Write and install a systemd unit file for the
      service (and the sockets if socket-based activation is used, as
      well as a path unit file, if the daemon processes a spool
      directory), see above for details.</para></listitem>

      <listitem><para>If the daemon exposes interfaces via D-Bus,
      write and install a D-Bus activation file for the service, see
      above for details.</para></listitem>
    </orderedlist>
  </refsect1>

  <refsect1>
    <title>Placing Daemon Data</title>

    <para>It is recommended to follow the general guidelines for
    placing package files, as discussed in
    <citerefentry><refentrytitle>file-hierarchy</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>file-hierarchy</refentrytitle><manvolnum>7</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>