]>
Commit | Line | Data |
---|---|---|
1 | systemd System and Service Manager | |
2 | ||
3 | DETAILS: | |
4 | http://0pointer.de/blog/projects/systemd.html | |
5 | ||
6 | WEB SITE: | |
7 | http://www.freedesktop.org/wiki/Software/systemd | |
8 | ||
9 | GIT: | |
10 | git@github.com:systemd/systemd.git | |
11 | https://github.com/systemd/systemd.git | |
12 | ||
13 | GITWEB: | |
14 | https://github.com/systemd/systemd | |
15 | ||
16 | MAILING LIST: | |
17 | http://lists.freedesktop.org/mailman/listinfo/systemd-devel | |
18 | http://lists.freedesktop.org/mailman/listinfo/systemd-commits | |
19 | ||
20 | IRC: | |
21 | #systemd on irc.freenode.org | |
22 | ||
23 | BUG REPORTS: | |
24 | https://github.com/systemd/systemd/issues | |
25 | ||
26 | AUTHOR: | |
27 | Lennart Poettering | |
28 | Kay Sievers | |
29 | ...and many others | |
30 | ||
31 | LICENSE: | |
32 | LGPLv2.1+ for all code | |
33 | - except src/basic/MurmurHash2.c which is Public Domain | |
34 | - except src/basic/siphash24.c which is CC0 Public Domain | |
35 | - except src/journal/lookup3.c which is Public Domain | |
36 | - except src/udev/* which is (currently still) GPLv2, GPLv2+ | |
37 | ||
38 | REQUIREMENTS: | |
39 | Linux kernel >= 3.11 | |
40 | Linux kernel >= 4.2 for unified cgroup hierarchy support | |
41 | ||
42 | Kernel Config Options: | |
43 | CONFIG_DEVTMPFS | |
44 | CONFIG_CGROUPS (it is OK to disable all controllers) | |
45 | CONFIG_INOTIFY_USER | |
46 | CONFIG_SIGNALFD | |
47 | CONFIG_TIMERFD | |
48 | CONFIG_EPOLL | |
49 | CONFIG_NET | |
50 | CONFIG_SYSFS | |
51 | CONFIG_PROC_FS | |
52 | CONFIG_FHANDLE (libudev, mount and bind mount handling) | |
53 | ||
54 | udev will fail to work with the legacy sysfs layout: | |
55 | CONFIG_SYSFS_DEPRECATED=n | |
56 | ||
57 | Legacy hotplug slows down the system and confuses udev: | |
58 | CONFIG_UEVENT_HELPER_PATH="" | |
59 | ||
60 | Userspace firmware loading is not supported and should | |
61 | be disabled in the kernel: | |
62 | CONFIG_FW_LOADER_USER_HELPER=n | |
63 | ||
64 | Some udev rules and virtualization detection relies on it: | |
65 | CONFIG_DMIID | |
66 | ||
67 | Support for some SCSI devices serial number retrieval, to | |
68 | create additional symlinks in /dev/disk/ and /dev/tape: | |
69 | CONFIG_BLK_DEV_BSG | |
70 | ||
71 | Required for PrivateNetwork and PrivateDevices in service units: | |
72 | CONFIG_NET_NS | |
73 | CONFIG_DEVPTS_MULTIPLE_INSTANCES | |
74 | Note that systemd-localed.service and other systemd units use | |
75 | PrivateNetwork and PrivateDevices so this is effectively required. | |
76 | ||
77 | Optional but strongly recommended: | |
78 | CONFIG_IPV6 | |
79 | CONFIG_AUTOFS4_FS | |
80 | CONFIG_TMPFS_XATTR | |
81 | CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL | |
82 | CONFIG_SECCOMP | |
83 | CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall) | |
84 | ||
85 | Required for CPUShares= in resource control unit settings | |
86 | CONFIG_CGROUP_SCHED | |
87 | CONFIG_FAIR_GROUP_SCHED | |
88 | ||
89 | Required for CPUQuota= in resource control unit settings | |
90 | CONFIG_CFS_BANDWIDTH | |
91 | ||
92 | For systemd-bootchart, several proc debug interfaces are required: | |
93 | CONFIG_SCHEDSTATS | |
94 | CONFIG_SCHED_DEBUG | |
95 | ||
96 | For UEFI systems: | |
97 | CONFIG_EFIVAR_FS | |
98 | CONFIG_EFI_PARTITION | |
99 | ||
100 | We recommend to turn off Real-Time group scheduling in the | |
101 | kernel when using systemd. RT group scheduling effectively | |
102 | makes RT scheduling unavailable for most userspace, since it | |
103 | requires explicit assignment of RT budgets to each unit whose | |
104 | processes making use of RT. As there's no sensible way to | |
105 | assign these budgets automatically this cannot really be | |
106 | fixed, and it's best to disable group scheduling hence. | |
107 | CONFIG_RT_GROUP_SCHED=n | |
108 | ||
109 | Note that kernel auditing is broken when used with systemd's | |
110 | container code. When using systemd in conjunction with | |
111 | containers, please make sure to either turn off auditing at | |
112 | runtime using the kernel command line option "audit=0", or | |
113 | turn it off at kernel compile time using: | |
114 | CONFIG_AUDIT=n | |
115 | If systemd is compiled with libseccomp support on | |
116 | architectures which do not use socketcall() and where seccomp | |
117 | is supported (this effectively means x86-64 and ARM, but | |
118 | excludes 32-bit x86!), then nspawn will now install a | |
119 | work-around seccomp filter that makes containers boot even | |
120 | with audit being enabled. This works correctly only on kernels | |
121 | 3.14 and newer though. TL;DR: turn audit off, still. | |
122 | ||
123 | glibc >= 2.16 | |
124 | libcap | |
125 | libmount >= 2.27.1 (from util-linux) | |
126 | libseccomp >= 1.0.0 (optional) | |
127 | libblkid >= 2.24 (from util-linux) (optional) | |
128 | libkmod >= 15 (optional) | |
129 | PAM >= 1.1.2 (optional) | |
130 | libcryptsetup (optional) | |
131 | libaudit (optional) | |
132 | libacl (optional) | |
133 | libselinux (optional) | |
134 | liblzma (optional) | |
135 | liblz4 >= 119 (optional) | |
136 | libgcrypt (optional) | |
137 | libqrencode (optional) | |
138 | libmicrohttpd (optional) | |
139 | libpython (optional) | |
140 | libidn (optional) | |
141 | elfutils >= 158 (optional) | |
142 | make, gcc, and similar tools | |
143 | ||
144 | During runtime, you need the following additional | |
145 | dependencies: | |
146 | ||
147 | util-linux >= v2.27.1 required | |
148 | dbus >= 1.4.0 (strictly speaking optional, but recommended) | |
149 | dracut (optional) | |
150 | PolicyKit (optional) | |
151 | ||
152 | When building from git, the following tools are needed: | |
153 | ||
154 | pkg-config | |
155 | docbook-xsl | |
156 | xsltproc | |
157 | automake | |
158 | autoconf | |
159 | libtool | |
160 | intltool | |
161 | gperf | |
162 | python (optional) | |
163 | python-lxml (optional, but required to build the indices) | |
164 | ||
165 | The build system is initialized with ./autogen.sh. A tar ball | |
166 | can be created with: | |
167 | git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz | |
168 | ||
169 | When systemd-hostnamed is used, it is strongly recommended to | |
170 | install nss-myhostname to ensure that, in a world of | |
171 | dynamically changing hostnames, the hostname stays resolvable | |
172 | under all circumstances. In fact, systemd-hostnamed will warn | |
173 | if nss-myhostname is not installed. | |
174 | ||
175 | USERS AND GROUPS: | |
176 | Default udev rules use the following standard system group | |
177 | names, which need to be resolvable by getgrnam() at any time, | |
178 | even in the very early boot stages, where no other databases | |
179 | and network are available: | |
180 | ||
181 | audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video | |
182 | ||
183 | During runtime, the journal daemon requires the | |
184 | "systemd-journal" system group to exist. New journal files will | |
185 | be readable by this group (but not writable), which may be used | |
186 | to grant specific users read access. In addition, system | |
187 | groups "wheel" and "adm" will be given read-only access to | |
188 | journal files using systemd-tmpfiles.service. | |
189 | ||
190 | The journal gateway daemon requires the | |
191 | "systemd-journal-gateway" system user and group to | |
192 | exist. During execution this network facing service will drop | |
193 | privileges and assume this uid/gid for security reasons. | |
194 | ||
195 | Similarly, the NTP daemon requires the "systemd-timesync" system | |
196 | user and group to exist. | |
197 | ||
198 | Similarly, the network management daemon requires the | |
199 | "systemd-network" system user and group to exist. | |
200 | ||
201 | Similarly, the name resolution daemon requires the | |
202 | "systemd-resolve" system user and group to exist. | |
203 | ||
204 | Similarly, the kdbus dbus1 proxy daemon requires the | |
205 | "systemd-bus-proxy" system user and group to exist. | |
206 | ||
207 | NSS: | |
208 | systemd ships with three NSS modules: | |
209 | ||
210 | nss-myhostname resolves the local hostname to locally | |
211 | configured IP addresses, as well as "localhost" to | |
212 | 127.0.0.1/::1. | |
213 | ||
214 | nss-resolve enables DNS resolution via the systemd-resolved | |
215 | DNS/LLMNR caching stub resolver "systemd-resolved". | |
216 | ||
217 | nss-mymachines enables resolution of all local containers | |
218 | registered with machined to their respective IP addresses. | |
219 | ||
220 | To make use of these NSS modules, please add them to the | |
221 | "hosts: " line in /etc/nsswitch.conf. The "resolve" module | |
222 | should replace the glibc "dns" module in this file. | |
223 | ||
224 | The three modules should be used in the following order: | |
225 | ||
226 | hosts: files mymachines resolve myhostname | |
227 | ||
228 | SYSV INIT.D SCRIPTS: | |
229 | When calling "systemctl enable/disable/is-enabled" on a unit which is a | |
230 | SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install; | |
231 | this needs to translate the action into the distribution specific | |
232 | mechanism such as chkconfig or update-rc.d. Packagers need to provide | |
233 | this script if you need this functionality (you don't if you disabled | |
234 | SysV init support). | |
235 | ||
236 | Please see src/systemctl/systemd-sysv-install.SKELETON for how this | |
237 | needs to look like, and provide an implementation at the marked places. | |
238 | ||
239 | WARNINGS: | |
240 | systemd will freeze execution during boot if /etc/mtab exists | |
241 | but is not a symlink to /proc/mounts. Please ensure that | |
242 | /etc/mtab is a proper symlink. | |
243 | ||
244 | systemd will warn you during boot if /usr is on a different | |
245 | file system than /. While in systemd itself very little will | |
246 | break if /usr is on a separate partition, many of its | |
247 | dependencies very likely will break sooner or later in one | |
248 | form or another. For example, udev rules tend to refer to | |
249 | binaries in /usr, binaries that link to libraries in /usr or | |
250 | binaries that refer to data files in /usr. Since these | |
251 | breakages are not always directly visible, systemd will warn | |
252 | about this, since this kind of file system setup is not really | |
253 | supported anymore by the basic set of Linux OS components. | |
254 | ||
255 | systemd requires that the /run mount point exists. systemd also | |
256 | requires that /var/run is a symlink to /run. | |
257 | ||
258 | For more information on this issue consult | |
259 | http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken | |
260 | ||
261 | To run systemd under valgrind, compile with VALGRIND defined | |
262 | (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise, | |
263 | false positives will be triggered by code which violates | |
264 | some rules but is actually safe. | |
265 | ||
266 | Currently, systemd-timesyncd defaults to use the Google NTP | |
267 | servers if not specified otherwise at configure time. You | |
268 | really should not ship an OS or device with this default | |
269 | setting. See DISTRO_PORTING for details. | |
270 | ||
271 | ENGINEERING AND CONSULTING SERVICES: | |
272 | Kinvolk (https://kinvolk.io) offers professional engineering | |
273 | and consulting services for systemd. Please contact Chris Kühl | |
274 | <chris@kinvolk.io> for more information. |