X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=README;h=4439be11f034c1b0b0bd03981498b2fa09619766;hb=ed62712dc6fb236845c489a7f386c7aff0ec31d6;hp=5ebaf95796c2752c9c39c412a38dabf73860f3f1;hpb=8f968c7321be09e7a41b29a0d5d2d2c13ee7ded1;p=thirdparty%2Fsystemd.git

diff --git a/README b/README
index 5ebaf95796c..4439be11f03 100644
--- a/README
+++ b/README
@@ -69,11 +69,10 @@ REQUIREMENTS:
         create additional symlinks in /dev/disk/ and /dev/tape:
           CONFIG_BLK_DEV_BSG
 
-        Required for PrivateNetwork= and PrivateDevices= in service units:
+        Required for PrivateNetwork= in service units:
           CONFIG_NET_NS
-          CONFIG_DEVPTS_MULTIPLE_INSTANCES
         Note that systemd-localed.service and other systemd units use
-        PrivateNetwork and PrivateDevices so this is effectively required.
+        PrivateNetwork so this is effectively required.
 
         Required for PrivateUsers= in service units:
           CONFIG_USER_NS
@@ -82,7 +81,7 @@ REQUIREMENTS:
           CONFIG_IPV6
           CONFIG_AUTOFS4_FS
           CONFIG_TMPFS_XATTR
-          CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
+          CONFIG_{TMPFS,EXT4_FS,XFS,BTRFS_FS,...}_POSIX_ACL
           CONFIG_SECCOMP
           CONFIG_SECCOMP_FILTER (required for seccomp support)
           CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
@@ -94,6 +93,10 @@ REQUIREMENTS:
         Required for CPUQuota= in resource control unit settings
           CONFIG_CFS_BANDWIDTH
 
+        Required for IPAddressDeny= and IPAddressAllow= in resource control
+        unit settings
+          CONFIG_CGROUP_BPF
+
         For UEFI systems:
           CONFIG_EFIVAR_FS
           CONFIG_EFI_PARTITION
@@ -115,6 +118,9 @@ REQUIREMENTS:
         isn't. The next best thing is to make this change through a modprobe.d
         drop-in. This is shipped by default, see modprobe.d/systemd.conf.
 
+        Required for systemd-nspawn:
+          CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
+
         Note that kernel auditing is broken when used with systemd's
         container code. When using systemd in conjunction with
         containers, please make sure to either turn off auditing at
@@ -131,9 +137,8 @@ REQUIREMENTS:
 
         glibc >= 2.16
         libcap
-        libmount >= 2.27.1 (from util-linux)
-                (util-linux < 2.29 *must* be built with --enable-libmount-force-mountinfo,
-                 and later versions without --enable-libmount-support-mtab.)
+        libmount >= 2.30 (from util-linux)
+                (util-linux *must* be built without --enable-libmount-support-mtab)
         libseccomp >= 2.3.1 (optional)
         libblkid >= 2.24 (from util-linux) (optional)
         libkmod >= 15 (optional)
@@ -143,30 +148,33 @@ REQUIREMENTS:
         libacl (optional)
         libselinux (optional)
         liblzma (optional)
-        liblz4 >= 119 (optional)
+        liblz4 >= 1.3.0 / 130 (optional)
         libgcrypt (optional)
         libqrencode (optional)
         libmicrohttpd (optional)
         libpython (optional)
         libidn2 or libidn (optional)
+        gnutls >= 3.1.4 (optional, >= 3.5.3 is required to support DNS-over-TLS with gnutls)
+        openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
         elfutils >= 158 (optional)
+        polkit (optional)
         pkg-config
         gperf
         docbook-xsl (optional, required for documentation)
         xsltproc    (optional, required for documentation)
         python-lxml (optional, required to build the indices)
-        python, meson, ninja
+        python >= 3.5, meson >= 0.46, ninja
         gcc, awk, sed, grep, m4, and similar tools
 
         During runtime, you need the following additional
         dependencies:
 
         util-linux >= v2.27.1 required
-        dbus >= 1.4.0 (strictly speaking optional, but recommended)
+        dbus >= 1.9.14 (strictly speaking optional, but recommended)
                 NOTE: If using dbus < 1.9.18, you should override the default
                 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
         dracut (optional)
-        PolicyKit (optional)
+        polkit (optional)
 
         To build in directory build/:
           meson build/ && ninja -C build
@@ -193,6 +201,18 @@ REQUIREMENTS:
         under all circumstances. In fact, systemd-hostnamed will warn
         if nss-myhostname is not installed.
 
+        nss-systemd must be enabled on systemd systems, as that's required for
+        DynamicUser= to work. Note that we ship services out-of-the-box that
+        make use of DynamicUser= now, hence enabling nss-systemd is not
+        optional.
+
+        Note that the build prefix for systemd must be /usr. (Moreover,
+        packages systemd relies on — such as D-Bus — really should use the same
+        prefix, otherwise you are on your own.) -Dsplit-usr=false (which is the
+        default and does not need to be specified) is the recommended setting,
+        and -Dsplit-usr=true should be used on systems which have /usr on a
+        separate partition.
+
         Additional packages are necessary to run some tests:
         - busybox            (used by test/TEST-13-NSPAWN-SMOKE)
         - nc                 (used by test/TEST-12-ISSUE-3171)
@@ -207,7 +227,7 @@ USERS AND GROUPS:
         even in the very early boot stages, where no other databases
         and network are available:
 
-        audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
+        audio, cdrom, dialout, disk, input, kmem, kvm, lp, render, tape, tty, video
 
         During runtime, the journal daemon requires the
         "systemd-journal" system group to exist. New journal files will
@@ -216,14 +236,11 @@ USERS AND GROUPS:
         groups "wheel" and "adm" will be given read-only access to
         journal files using systemd-tmpfiles.service.
 
-        The journal gateway daemon requires the
-        "systemd-journal-gateway" system user and group to
+        The journal remote daemon requires the
+        "systemd-journal-remote" system user and group to
         exist. During execution this network facing service will drop
         privileges and assume this uid/gid for security reasons.
 
-        Similarly, the NTP daemon requires the "systemd-timesync" system
-        user and group to exist.
-
         Similarly, the network management daemon requires the
         "systemd-network" system user and group to exist.
 
@@ -259,7 +276,7 @@ NSS:
 
                 passwd: compat mymachines systemd
                 group: compat mymachines systemd
-                hosts: files mymachines resolve myhostname
+                hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
 
 SYSV INIT.D SCRIPTS:
         When calling "systemctl enable/disable/is-enabled" on a unit which is a
@@ -273,16 +290,16 @@ SYSV INIT.D SCRIPTS:
         needs to look like, and provide an implementation at the marked places.
 
 WARNINGS:
-        systemd will warn you during boot if /usr is on a different
-        file system than /. While in systemd itself very little will
-        break if /usr is on a separate partition, many of its
-        dependencies very likely will break sooner or later in one
-        form or another. For example, udev rules tend to refer to
-        binaries in /usr, binaries that link to libraries in /usr or
-        binaries that refer to data files in /usr. Since these
-        breakages are not always directly visible, systemd will warn
-        about this, since this kind of file system setup is not really
-        supported anymore by the basic set of Linux OS components.
+        systemd will warn during early boot if /usr is not already mounted at
+        this point (that means: either located on the same file system as / or
+        already mounted in the initrd). While in systemd itself very little
+        will break if /usr is on a separate, late-mounted partition, many of
+        its dependencies very likely will break sooner or later in one form or
+        another. For example, udev rules tend to refer to binaries in /usr,
+        binaries that link to libraries in /usr or binaries that refer to data
+        files in /usr. Since these breakages are not always directly visible,
+        systemd will warn about this, since this kind of file system setup is
+        not really supported anymore by the basic set of Linux OS components.
 
         systemd requires that the /run mount point exists. systemd also
         requires that /var/run is a symlink to /run.
@@ -290,10 +307,23 @@ WARNINGS:
         For more information on this issue consult
         https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
 
-        To run systemd under valgrind, compile with VALGRIND defined
-        (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
-        false positives will be triggered by code which violates
-        some rules but is actually safe.
+        To run systemd under valgrind, compile with meson option
+        -Dvalgrind=true and have valgrind development headers installed
+        (i.e. valgrind-devel or equivalent). Otherwise, false positives will be
+        triggered by code which violates some rules but is actually safe. Note
+        that valgrind generates nice output only on exit(), hence on shutdown
+        we don't execve() systemd-shutdown.
+
+STABLE BRANCHES AND BACKPORTS
+
+       Stable branches with backported patches are available in the
+       systemd-stable repo at https://github.com/systemd/systemd-stable.
+
+       Stable branches are started for certain releases of systemd and named
+       after them, e.g. v238-stable. Stable branches are managed by
+       distribution maintainers on an as needed basis. See
+       https://www.freedesktop.org/wiki/Software/systemd/Backports/ for some
+       more information and examples.
 
 ENGINEERING AND CONSULTING SERVICES:
         Kinvolk (https://kinvolk.io) offers professional engineering