create additional symlinks in /dev/disk/ and /dev/tape:
CONFIG_BLK_DEV_BSG
- Required for PrivateNetwork= and PrivateDevices= in service units:
+ Required for PrivateNetwork= in service units:
CONFIG_NET_NS
- CONFIG_DEVPTS_MULTIPLE_INSTANCES
Note that systemd-localed.service and other systemd units use
- PrivateNetwork and PrivateDevices so this is effectively required.
+ PrivateNetwork so this is effectively required.
Required for PrivateUsers= in service units:
CONFIG_USER_NS
CONFIG_IPV6
CONFIG_AUTOFS4_FS
CONFIG_TMPFS_XATTR
- CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
+ CONFIG_{TMPFS,EXT4_FS,XFS,BTRFS_FS,...}_POSIX_ACL
CONFIG_SECCOMP
CONFIG_SECCOMP_FILTER (required for seccomp support)
CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
Required for CPUQuota= in resource control unit settings
CONFIG_CFS_BANDWIDTH
+ Required for IPAddressDeny= and IPAddressAllow= in resource control
+ unit settings
+ CONFIG_CGROUP_BPF
+
For UEFI systems:
CONFIG_EFIVAR_FS
CONFIG_EFI_PARTITION
isn't. The next best thing is to make this change through a modprobe.d
drop-in. This is shipped by default, see modprobe.d/systemd.conf.
+ Required for systemd-nspawn:
+ CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
+
Note that kernel auditing is broken when used with systemd's
container code. When using systemd in conjunction with
containers, please make sure to either turn off auditing at
glibc >= 2.16
libcap
- libmount >= 2.27.1 (from util-linux)
- (util-linux < 2.29 *must* be built with --enable-libmount-force-mountinfo,
- and later versions without --enable-libmount-support-mtab.)
+ libmount >= 2.30 (from util-linux)
+ (util-linux *must* be built without --enable-libmount-support-mtab)
libseccomp >= 2.3.1 (optional)
libblkid >= 2.24 (from util-linux) (optional)
libkmod >= 15 (optional)
libacl (optional)
libselinux (optional)
liblzma (optional)
- liblz4 >= 119 (optional)
+ liblz4 >= 1.3.0 / 130 (optional)
libgcrypt (optional)
libqrencode (optional)
libmicrohttpd (optional)
libpython (optional)
libidn2 or libidn (optional)
+ gnutls >= 3.1.4 (optional, >= 3.5.3 is required to support DNS-over-TLS with gnutls)
+ openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
elfutils >= 158 (optional)
+ polkit (optional)
pkg-config
- gperf >= 3.1
+ gperf
docbook-xsl (optional, required for documentation)
xsltproc (optional, required for documentation)
python-lxml (optional, required to build the indices)
- python, meson, ninja
+ python >= 3.5, meson >= 0.46, ninja
gcc, awk, sed, grep, m4, and similar tools
During runtime, you need the following additional
dependencies:
util-linux >= v2.27.1 required
- dbus >= 1.4.0 (strictly speaking optional, but recommended)
+ dbus >= 1.9.14 (strictly speaking optional, but recommended)
NOTE: If using dbus < 1.9.18, you should override the default
policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
dracut (optional)
- PolicyKit (optional)
+ polkit (optional)
To build in directory build/:
meson build/ && ninja -C build
under all circumstances. In fact, systemd-hostnamed will warn
if nss-myhostname is not installed.
+ nss-systemd must be enabled on systemd systems, as that's required for
+ DynamicUser= to work. Note that we ship services out-of-the-box that
+ make use of DynamicUser= now, hence enabling nss-systemd is not
+ optional.
+
+ Note that the build prefix for systemd must be /usr. (Moreover,
+ packages systemd relies on — such as D-Bus — really should use the same
+ prefix, otherwise you are on your own.) -Dsplit-usr=false (which is the
+ default and does not need to be specified) is the recommended setting,
+ and -Dsplit-usr=true should be used on systems which have /usr on a
+ separate partition.
+
Additional packages are necessary to run some tests:
- busybox (used by test/TEST-13-NSPAWN-SMOKE)
- nc (used by test/TEST-12-ISSUE-3171)
even in the very early boot stages, where no other databases
and network are available:
- audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
+ audio, cdrom, dialout, disk, input, kmem, kvm, lp, render, tape, tty, video
During runtime, the journal daemon requires the
"systemd-journal" system group to exist. New journal files will
groups "wheel" and "adm" will be given read-only access to
journal files using systemd-tmpfiles.service.
- The journal gateway daemon requires the
- "systemd-journal-gateway" system user and group to
+ The journal remote daemon requires the
+ "systemd-journal-remote" system user and group to
exist. During execution this network facing service will drop
privileges and assume this uid/gid for security reasons.
- Similarly, the NTP daemon requires the "systemd-timesync" system
- user and group to exist.
-
Similarly, the network management daemon requires the
"systemd-network" system user and group to exist.
passwd: compat mymachines systemd
group: compat mymachines systemd
- hosts: files mymachines resolve myhostname
+ hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
SYSV INIT.D SCRIPTS:
When calling "systemctl enable/disable/is-enabled" on a unit which is a
needs to look like, and provide an implementation at the marked places.
WARNINGS:
- systemd will warn you during boot if /usr is on a different
- file system than /. While in systemd itself very little will
- break if /usr is on a separate partition, many of its
- dependencies very likely will break sooner or later in one
- form or another. For example, udev rules tend to refer to
- binaries in /usr, binaries that link to libraries in /usr or
- binaries that refer to data files in /usr. Since these
- breakages are not always directly visible, systemd will warn
- about this, since this kind of file system setup is not really
- supported anymore by the basic set of Linux OS components.
+ systemd will warn during early boot if /usr is not already mounted at
+ this point (that means: either located on the same file system as / or
+ already mounted in the initrd). While in systemd itself very little
+ will break if /usr is on a separate, late-mounted partition, many of
+ its dependencies very likely will break sooner or later in one form or
+ another. For example, udev rules tend to refer to binaries in /usr,
+ binaries that link to libraries in /usr or binaries that refer to data
+ files in /usr. Since these breakages are not always directly visible,
+ systemd will warn about this, since this kind of file system setup is
+ not really supported anymore by the basic set of Linux OS components.
systemd requires that the /run mount point exists. systemd also
requires that /var/run is a symlink to /run.
For more information on this issue consult
https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
- To run systemd under valgrind, compile with VALGRIND defined
- (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
- false positives will be triggered by code which violates
- some rules but is actually safe.
+ To run systemd under valgrind, compile with meson option
+ -Dvalgrind=true and have valgrind development headers installed
+ (i.e. valgrind-devel or equivalent). Otherwise, false positives will be
+ triggered by code which violates some rules but is actually safe. Note
+ that valgrind generates nice output only on exit(), hence on shutdown
+ we don't execve() systemd-shutdown.
+
+STABLE BRANCHES AND BACKPORTS
+
+ Stable branches with backported patches are available in the
+ systemd-stable repo at https://github.com/systemd/systemd-stable.
+
+ Stable branches are started for certain releases of systemd and named
+ after them, e.g. v238-stable. Stable branches are managed by
+ distribution maintainers on an as needed basis. See
+ https://www.freedesktop.org/wiki/Software/systemd/Backports/ for some
+ more information and examples.
ENGINEERING AND CONSULTING SERVICES:
Kinvolk (https://kinvolk.io) offers professional engineering