test: Disable LUKS devices from initramfs in QEMU tests

[thirdparty/systemd.git] / README

diff --git a/README b/README
index d7477510a9c5adec656fe603b47eed4ca4d4739d..8dbf94b49cd4b35e906f46b31bab3b3a5877f6f8 100644 (file)
--- a/README
+++ b/README
@@ -8,9 +8,6 @@ WEB SITE:
 
 GIT:
         git@github.com:systemd/systemd.git
 
 GIT:
         git@github.com:systemd/systemd.git

-        https://github.com/systemd/systemd.git
-
-GITWEB:

         https://github.com/systemd/systemd
 
 MAILING LIST:
         https://github.com/systemd/systemd
 
 MAILING LIST:


@@ -33,6 +30,7 @@ LICENSE:
         - except src/basic/siphash24.c which is CC0 Public Domain
         - except src/journal/lookup3.c which is Public Domain
         - except src/udev/* which is (currently still) GPLv2, GPLv2+
         - except src/basic/siphash24.c which is CC0 Public Domain
         - except src/journal/lookup3.c which is Public Domain
         - except src/udev/* which is (currently still) GPLv2, GPLv2+

+        - except tools/chromiumos/* which is BSD-style

 
 REQUIREMENTS:
         Linux kernel >= 3.13
 
 REQUIREMENTS:
         Linux kernel >= 3.13


@@ -72,11 +70,10 @@ REQUIREMENTS:
         create additional symlinks in /dev/disk/ and /dev/tape:
           CONFIG_BLK_DEV_BSG
 
         create additional symlinks in /dev/disk/ and /dev/tape:
           CONFIG_BLK_DEV_BSG
 

-        Required for PrivateNetwork= and PrivateDevices= in service units:
+        Required for PrivateNetwork= in service units:

           CONFIG_NET_NS
           CONFIG_NET_NS

-          CONFIG_DEVPTS_MULTIPLE_INSTANCES

         Note that systemd-localed.service and other systemd units use
         Note that systemd-localed.service and other systemd units use

-        PrivateNetwork and PrivateDevices so this is effectively required.
+        PrivateNetwork so this is effectively required.

 
         Required for PrivateUsers= in service units:
           CONFIG_USER_NS
 
         Required for PrivateUsers= in service units:
           CONFIG_USER_NS


@@ -85,7 +82,7 @@ REQUIREMENTS:
           CONFIG_IPV6
           CONFIG_AUTOFS4_FS
           CONFIG_TMPFS_XATTR
           CONFIG_IPV6
           CONFIG_AUTOFS4_FS
           CONFIG_TMPFS_XATTR

-          CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
+          CONFIG_{TMPFS,EXT4_FS,XFS,BTRFS_FS,...}_POSIX_ACL

           CONFIG_SECCOMP
           CONFIG_SECCOMP_FILTER (required for seccomp support)
           CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
           CONFIG_SECCOMP
           CONFIG_SECCOMP_FILTER (required for seccomp support)
           CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)


@@ -97,6 +94,10 @@ REQUIREMENTS:
         Required for CPUQuota= in resource control unit settings
           CONFIG_CFS_BANDWIDTH
 
         Required for CPUQuota= in resource control unit settings
           CONFIG_CFS_BANDWIDTH
 

+        Required for IPAddressDeny= and IPAddressAllow= in resource control
+        unit settings
+          CONFIG_CGROUP_BPF
+

         For UEFI systems:
           CONFIG_EFIVAR_FS
           CONFIG_EFI_PARTITION
         For UEFI systems:
           CONFIG_EFIVAR_FS
           CONFIG_EFI_PARTITION


@@ -110,6 +111,17 @@ REQUIREMENTS:
         fixed, and it's best to disable group scheduling hence.
            CONFIG_RT_GROUP_SCHED=n
 
         fixed, and it's best to disable group scheduling hence.
            CONFIG_RT_GROUP_SCHED=n
 

+        It's a good idea to disable the implicit creation of networking bonding
+        devices by the kernel networking bonding module, so that the
+        automatically created "bond0" interface doesn't conflict with any such
+        device created by systemd-networkd (or other tools). Ideally there
+        would be a kernel compile-time option for this, but there currently
+        isn't. The next best thing is to make this change through a modprobe.d
+        drop-in. This is shipped by default, see modprobe.d/systemd.conf.
+
+        Required for systemd-nspawn:
+          CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
+

         Note that kernel auditing is broken when used with systemd's
         container code. When using systemd in conjunction with
         containers, please make sure to either turn off auditing at
         Note that kernel auditing is broken when used with systemd's
         container code. When using systemd in conjunction with
         containers, please make sure to either turn off auditing at


@@ -126,8 +138,8 @@ REQUIREMENTS:
 
         glibc >= 2.16
         libcap
 
         glibc >= 2.16
         libcap

-        libmount >= 2.27.1 (from util-linux)
-                (util-linux *must* be built with --enable-libmount-force-mountinfo)
+        libmount >= 2.30 (from util-linux)
+                (util-linux *must* be built without --enable-libmount-support-mtab)

         libseccomp >= 2.3.1 (optional)
         libblkid >= 2.24 (from util-linux) (optional)
         libkmod >= 15 (optional)
         libseccomp >= 2.3.1 (optional)
         libblkid >= 2.24 (from util-linux) (optional)
         libkmod >= 15 (optional)


@@ -137,41 +149,39 @@ REQUIREMENTS:
         libacl (optional)
         libselinux (optional)
         liblzma (optional)
         libacl (optional)
         libselinux (optional)
         liblzma (optional)

-        liblz4 >= 119 (optional)
+        liblz4 >= 1.3.0 / 130 (optional)

         libgcrypt (optional)
         libqrencode (optional)
         libmicrohttpd (optional)
         libpython (optional)
         libgcrypt (optional)
         libqrencode (optional)
         libmicrohttpd (optional)
         libpython (optional)

-        libidn (optional)
+        libidn2 or libidn (optional)
+        gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls)
+        openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)

         elfutils >= 158 (optional)
         elfutils >= 158 (optional)

-        make, gcc, and similar tools
+        polkit (optional)
+        tzdata >= 2014f (optional)
+        pkg-config
+        gperf
+        docbook-xsl (optional, required for documentation)
+        xsltproc    (optional, required for documentation)
+        python-lxml (optional, required to build the indices)
+        python >= 3.5
+        meson >= 0.46 (>= 0.49 is required to build position-independent executables)
+        ninja
+        gcc, awk, sed, grep, m4, and similar tools

 
         During runtime, you need the following additional
         dependencies:
 
         util-linux >= v2.27.1 required
 
         During runtime, you need the following additional
         dependencies:
 
         util-linux >= v2.27.1 required

-        dbus >= 1.4.0 (strictly speaking optional, but recommended)
-                NOTE: If using dbus < 1.9.18, you should override the default
-                policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
+        dbus >= 1.11.0 (strictly speaking optional, but recommended)

         dracut (optional)
         dracut (optional)

-        PolicyKit (optional)
-
-        Two build systems are supported: meson + ninja-build and autools + make.
-
-        The following tools are needed with both systems:
-
-        pkg-config
-        gperf >= 3.1
-        docbook-xsl (optional, required for documentation)
-        xsltproc    (optional, required for documentation)
-        python-lxml (optional, required to build the indices)
-
-        When building with meson, python and ninja-build are required.
+        polkit (optional)

 
         To build in directory build/:
           meson build/ && ninja -C build
 
 
         To build in directory build/:
           meson build/ && ninja -C build
 

-        Any configuration options can be specfied as -Darg=value... arguments
+        Any configuration options can be specified as -Darg=value... arguments

         to meson. After the build directory is initially configured, meson will
         refuse to run again, and options must be changed with:
           mesonconf -Darg=value...
         to meson. After the build directory is initially configured, meson will
         refuse to run again, and options must be changed with:
           mesonconf -Darg=value...


@@ -184,19 +194,7 @@ REQUIREMENTS:
           sudo ninja install
           DESTDIR=... ninja install
 
           sudo ninja install
           DESTDIR=... ninja install
 

-        When building with autotools, the following tools are needed:
-
-        automake
-        autoconf
-        libtool
-        intltool
-        python (optional)
-
-        The build system is initialized with ./autogen.sh and the usual
-          ./configure && make
-        should be used.
-
-        A tar ball can be created with:
+        A tarball can be created with:

           git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
 
         When systemd-hostnamed is used, it is strongly recommended to
           git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
 
         When systemd-hostnamed is used, it is strongly recommended to


@@ -205,6 +203,18 @@ REQUIREMENTS:
         under all circumstances. In fact, systemd-hostnamed will warn
         if nss-myhostname is not installed.
 
         under all circumstances. In fact, systemd-hostnamed will warn
         if nss-myhostname is not installed.
 

+        nss-systemd must be enabled on systemd systems, as that's required for
+        DynamicUser= to work. Note that we ship services out-of-the-box that
+        make use of DynamicUser= now, hence enabling nss-systemd is not
+        optional.
+
+        Note that the build prefix for systemd must be /usr. (Moreover,
+        packages systemd relies on — such as D-Bus — really should use the same
+        prefix, otherwise you are on your own.) -Dsplit-usr=false (which is the
+        default and does not need to be specified) is the recommended setting,
+        and -Dsplit-usr=true should be used on systems which have /usr on a
+        separate partition.
+

         Additional packages are necessary to run some tests:
         - busybox            (used by test/TEST-13-NSPAWN-SMOKE)
         - nc                 (used by test/TEST-12-ISSUE-3171)
         Additional packages are necessary to run some tests:
         - busybox            (used by test/TEST-13-NSPAWN-SMOKE)
         - nc                 (used by test/TEST-12-ISSUE-3171)


@@ -219,7 +229,7 @@ USERS AND GROUPS:
         even in the very early boot stages, where no other databases
         and network are available:
 
         even in the very early boot stages, where no other databases
         and network are available:
 

-        audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
+        audio, cdrom, dialout, disk, input, kmem, kvm, lp, render, tape, tty, video

 
         During runtime, the journal daemon requires the
         "systemd-journal" system group to exist. New journal files will
 
         During runtime, the journal daemon requires the
         "systemd-journal" system group to exist. New journal files will


@@ -228,14 +238,11 @@ USERS AND GROUPS:
         groups "wheel" and "adm" will be given read-only access to
         journal files using systemd-tmpfiles.service.
 
         groups "wheel" and "adm" will be given read-only access to
         journal files using systemd-tmpfiles.service.
 

-        The journal gateway daemon requires the
-        "systemd-journal-gateway" system user and group to
+        The journal remote daemon requires the
+        "systemd-journal-remote" system user and group to

         exist. During execution this network facing service will drop
         privileges and assume this uid/gid for security reasons.
 
         exist. During execution this network facing service will drop
         privileges and assume this uid/gid for security reasons.
 

-        Similarly, the NTP daemon requires the "systemd-timesync" system
-        user and group to exist.
-

         Similarly, the network management daemon requires the
         "systemd-network" system user and group to exist.
 
         Similarly, the network management daemon requires the
         "systemd-network" system user and group to exist.
 


@@ -271,7 +278,7 @@ NSS:
 
                 passwd: compat mymachines systemd
                 group: compat mymachines systemd
 
                 passwd: compat mymachines systemd
                 group: compat mymachines systemd

-                hosts: files mymachines resolve myhostname
+                hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

 
 SYSV INIT.D SCRIPTS:
         When calling "systemctl enable/disable/is-enabled" on a unit which is a
 
 SYSV INIT.D SCRIPTS:
         When calling "systemctl enable/disable/is-enabled" on a unit which is a


@@ -285,16 +292,16 @@ SYSV INIT.D SCRIPTS:
         needs to look like, and provide an implementation at the marked places.
 
 WARNINGS:
         needs to look like, and provide an implementation at the marked places.
 
 WARNINGS:

-        systemd will warn you during boot if /usr is on a different
-        file system than /. While in systemd itself very little will
-        break if /usr is on a separate partition, many of its
-        dependencies very likely will break sooner or later in one
-        form or another. For example, udev rules tend to refer to
-        binaries in /usr, binaries that link to libraries in /usr or
-        binaries that refer to data files in /usr. Since these
-        breakages are not always directly visible, systemd will warn
-        about this, since this kind of file system setup is not really
-        supported anymore by the basic set of Linux OS components.
+        systemd will warn during early boot if /usr is not already mounted at
+        this point (that means: either located on the same file system as / or
+        already mounted in the initrd). While in systemd itself very little
+        will break if /usr is on a separate, late-mounted partition, many of
+        its dependencies very likely will break sooner or later in one form or
+        another. For example, udev rules tend to refer to binaries in /usr,
+        binaries that link to libraries in /usr or binaries that refer to data
+        files in /usr. Since these breakages are not always directly visible,
+        systemd will warn about this, since this kind of file system setup is
+        not really supported anymore by the basic set of Linux OS components.

 
         systemd requires that the /run mount point exists. systemd also
         requires that /var/run is a symlink to /run.
 
         systemd requires that the /run mount point exists. systemd also
         requires that /var/run is a symlink to /run.


@@ -302,10 +309,22 @@ WARNINGS:
         For more information on this issue consult
         https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
 
         For more information on this issue consult
         https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
 

-        To run systemd under valgrind, compile with VALGRIND defined
-        (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
-        false positives will be triggered by code which violates
-        some rules but is actually safe.
+        To run systemd under valgrind, compile with meson option
+        -Dvalgrind=true and have valgrind development headers installed
+        (i.e. valgrind-devel or equivalent). Otherwise, false positives will be
+        triggered by code which violates some rules but is actually safe. Note
+        that valgrind generates nice output only on exit(), hence on shutdown
+        we don't execve() systemd-shutdown.
+
+STABLE BRANCHES AND BACKPORTS:
+       Stable branches with backported patches are available in the
+       systemd-stable repo at https://github.com/systemd/systemd-stable.
+
+       Stable branches are started for certain releases of systemd and named
+       after them, e.g. v238-stable. Stable branches are managed by
+       distribution maintainers on an as needed basis. See
+       https://www.freedesktop.org/wiki/Software/systemd/Backports/ for some
+       more information and examples.

 
 ENGINEERING AND CONSULTING SERVICES:
         Kinvolk (https://kinvolk.io) offers professional engineering
 
 ENGINEERING AND CONSULTING SERVICES:
         Kinvolk (https://kinvolk.io) offers professional engineering