1 systemd System and Service Manager
4 http://0pointer.de/blog/projects/systemd.html
7 https://www.freedesktop.org/wiki/Software/systemd
10 git@github.com:systemd/systemd.git
11 https://github.com/systemd/systemd
14 https://lists.freedesktop.org/mailman/listinfo/systemd-devel
17 #systemd on irc.freenode.org
20 https://github.com/systemd/systemd/issues
28 LGPLv2.1+ for all code
29 - except src/basic/MurmurHash2.c which is Public Domain
30 - except src/basic/siphash24.c which is CC0 Public Domain
31 - except src/journal/lookup3.c which is Public Domain
32 - except src/udev/* which is (currently still) GPLv2, GPLv2+
36 Linux kernel >= 4.2 for unified cgroup hierarchy support
38 Kernel Config Options:
40 CONFIG_CGROUPS (it is OK to disable all controllers)
48 CONFIG_FHANDLE (libudev, mount and bind mount handling)
50 Kernel crypto/hash API
51 CONFIG_CRYPTO_USER_API_HASH
55 udev will fail to work with the legacy sysfs layout:
56 CONFIG_SYSFS_DEPRECATED=n
58 Legacy hotplug slows down the system and confuses udev:
59 CONFIG_UEVENT_HELPER_PATH=""
61 Userspace firmware loading is not supported and should
62 be disabled in the kernel:
63 CONFIG_FW_LOADER_USER_HELPER=n
65 Some udev rules and virtualization detection relies on it:
68 Support for some SCSI devices serial number retrieval, to
69 create additional symlinks in /dev/disk/ and /dev/tape:
72 Required for PrivateNetwork= in service units:
74 Note that systemd-localed.service and other systemd units use
75 PrivateNetwork so this is effectively required.
77 Required for PrivateUsers= in service units:
80 Optional but strongly recommended:
84 CONFIG_{TMPFS,EXT4_FS,XFS,BTRFS_FS,...}_POSIX_ACL
86 CONFIG_SECCOMP_FILTER (required for seccomp support)
87 CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
89 Required for CPUShares= in resource control unit settings
91 CONFIG_FAIR_GROUP_SCHED
93 Required for CPUQuota= in resource control unit settings
96 Required for IPAddressDeny= and IPAddressAllow= in resource control
104 We recommend to turn off Real-Time group scheduling in the
105 kernel when using systemd. RT group scheduling effectively
106 makes RT scheduling unavailable for most userspace, since it
107 requires explicit assignment of RT budgets to each unit whose
108 processes making use of RT. As there's no sensible way to
109 assign these budgets automatically this cannot really be
110 fixed, and it's best to disable group scheduling hence.
111 CONFIG_RT_GROUP_SCHED=n
113 It's a good idea to disable the implicit creation of networking bonding
114 devices by the kernel networking bonding module, so that the
115 automatically created "bond0" interface doesn't conflict with any such
116 device created by systemd-networkd (or other tools). Ideally there
117 would be a kernel compile-time option for this, but there currently
118 isn't. The next best thing is to make this change through a modprobe.d
119 drop-in. This is shipped by default, see modprobe.d/systemd.conf.
121 Required for systemd-nspawn:
122 CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
124 Note that kernel auditing is broken when used with systemd's
125 container code. When using systemd in conjunction with
126 containers, please make sure to either turn off auditing at
127 runtime using the kernel command line option "audit=0", or
128 turn it off at kernel compile time using:
130 If systemd is compiled with libseccomp support on
131 architectures which do not use socketcall() and where seccomp
132 is supported (this effectively means x86-64 and ARM, but
133 excludes 32-bit x86!), then nspawn will now install a
134 work-around seccomp filter that makes containers boot even
135 with audit being enabled. This works correctly only on kernels
136 3.14 and newer though. TL;DR: turn audit off, still.
140 libmount >= 2.30 (from util-linux)
141 (util-linux *must* be built without --enable-libmount-support-mtab)
142 libseccomp >= 2.3.1 (optional)
143 libblkid >= 2.24 (from util-linux) (optional)
144 libkmod >= 15 (optional)
145 PAM >= 1.1.2 (optional)
146 libcryptsetup (optional)
149 libselinux (optional)
151 liblz4 >= 119 (optional)
153 libqrencode (optional)
154 libmicrohttpd (optional)
156 libidn2 or libidn (optional)
157 gnutls >= 3.1.4 (optional, >= 3.5.3 is necessary to support DNS-over-TLS)
158 elfutils >= 158 (optional)
162 docbook-xsl (optional, required for documentation)
163 xsltproc (optional, required for documentation)
164 python-lxml (optional, required to build the indices)
165 python >= 3.4, meson >= 0.44, ninja
166 gcc, awk, sed, grep, m4, and similar tools
168 During runtime, you need the following additional
171 util-linux >= v2.27.1 required
172 dbus >= 1.4.0 (strictly speaking optional, but recommended)
173 NOTE: If using dbus < 1.9.18, you should override the default
174 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
178 To build in directory build/:
179 meson build/ && ninja -C build
181 Any configuration options can be specfied as -Darg=value... arguments
182 to meson. After the build directory is initially configured, meson will
183 refuse to run again, and options must be changed with:
184 mesonconf -Darg=value...
185 mesonconf without any arguments will print out available options and
186 their current values.
192 DESTDIR=... ninja install
194 A tarball can be created with:
195 git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
197 When systemd-hostnamed is used, it is strongly recommended to
198 install nss-myhostname to ensure that, in a world of
199 dynamically changing hostnames, the hostname stays resolvable
200 under all circumstances. In fact, systemd-hostnamed will warn
201 if nss-myhostname is not installed.
203 nss-systemd must be enabled on systemd systems, as that's required for
204 DynamicUser= to work. Note that we ship services out-of-the-box that
205 make use of DynamicUser= now, hence enabling nss-systemd is not
208 Note that the build prefix for systemd must be /usr. -Dsplit-usr=false
209 (which is the default and does not need to be specified) is the
210 recommended setting, and -Dsplit-usr=true should be used on systems
211 which have /usr on a separate partition.
213 Additional packages are necessary to run some tests:
214 - busybox (used by test/TEST-13-NSPAWN-SMOKE)
215 - nc (used by test/TEST-12-ISSUE-3171)
217 - python3-evdev (used by hwdb parsing tests)
218 - strace (used by test/test-functions)
219 - capsh (optional, used by test-execute)
222 Default udev rules use the following standard system group
223 names, which need to be resolvable by getgrnam() at any time,
224 even in the very early boot stages, where no other databases
225 and network are available:
227 audio, cdrom, dialout, disk, input, kmem, kvm, lp, render, tape, tty, video
229 During runtime, the journal daemon requires the
230 "systemd-journal" system group to exist. New journal files will
231 be readable by this group (but not writable), which may be used
232 to grant specific users read access. In addition, system
233 groups "wheel" and "adm" will be given read-only access to
234 journal files using systemd-tmpfiles.service.
236 The journal remote daemon requires the
237 "systemd-journal-remote" system user and group to
238 exist. During execution this network facing service will drop
239 privileges and assume this uid/gid for security reasons.
241 Similarly, the network management daemon requires the
242 "systemd-network" system user and group to exist.
244 Similarly, the name resolution daemon requires the
245 "systemd-resolve" system user and group to exist.
247 Similarly, the coredump support requires the
248 "systemd-coredump" system user and group to exist.
251 systemd ships with four glibc NSS modules:
253 nss-myhostname resolves the local hostname to locally
254 configured IP addresses, as well as "localhost" to
257 nss-resolve enables DNS resolution via the systemd-resolved
258 DNS/LLMNR caching stub resolver "systemd-resolved".
260 nss-mymachines enables resolution of all local containers registered
261 with machined to their respective IP addresses. It also maps UID/GIDs
262 ranges used by containers to useful names.
264 nss-systemd enables resolution of all dynamically allocated service
265 users. (See the DynamicUser= setting in unit files.)
267 To make use of these NSS modules, please add them to the "hosts:",
268 "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
269 module should replace the glibc "dns" module in this file (and don't
270 worry, it chain-loads the "dns" module if it can't talk to resolved).
272 The four modules should be used in the following order:
274 passwd: compat mymachines systemd
275 group: compat mymachines systemd
276 hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
279 When calling "systemctl enable/disable/is-enabled" on a unit which is a
280 SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
281 this needs to translate the action into the distribution specific
282 mechanism such as chkconfig or update-rc.d. Packagers need to provide
283 this script if you need this functionality (you don't if you disabled
286 Please see src/systemctl/systemd-sysv-install.SKELETON for how this
287 needs to look like, and provide an implementation at the marked places.
290 systemd will warn during early boot if /usr is not already mounted at
291 this point (that means: either located on the same file system as / or
292 already mounted in the initrd). While in systemd itself very little
293 will break if /usr is on a separate, late-mounted partition, many of
294 its dependencies very likely will break sooner or later in one form or
295 another. For example, udev rules tend to refer to binaries in /usr,
296 binaries that link to libraries in /usr or binaries that refer to data
297 files in /usr. Since these breakages are not always directly visible,
298 systemd will warn about this, since this kind of file system setup is
299 not really supported anymore by the basic set of Linux OS components.
301 systemd requires that the /run mount point exists. systemd also
302 requires that /var/run is a symlink to /run.
304 For more information on this issue consult
305 https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
307 To run systemd under valgrind, compile with meson option
308 -Dvalgrind=true and have valgrind development headers installed
309 (i.e. valgrind-devel or equivalent). Otherwise, false positives will be
310 triggered by code which violates some rules but is actually safe. Note
311 that valgrind generates nice output only on exit(), hence on shutdown
312 we don't execve() systemd-shutdown.
314 STABLE BRANCHES AND BACKPORTS
316 Stable branches with backported patches are available in the
317 systemd-stable repo at https://github.com/systemd/systemd-stable.
319 Stable branches are started for certain releases of systemd and named
320 after them, e.g. v238-stable. Stable branches are managed by
321 distribution maintainers on an as needed basis. See
322 https://www.freedesktop.org/wiki/Software/systemd/Backports/ for some
323 more information and examples.
325 ENGINEERING AND CONSULTING SERVICES:
326 Kinvolk (https://kinvolk.io) offers professional engineering
327 and consulting services for systemd. Please contact Chris Kühl
328 <chris@kinvolk.io> for more information.