]> git.ipfire.org Git - thirdparty/systemd.git/blob - README
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5805 from keszybz/apendv-man-rule
[thirdparty/systemd.git] / README
1 systemd System and Service Manager
2
3 DETAILS:
4 http://0pointer.de/blog/projects/systemd.html
5
6 WEB SITE:
7 https://www.freedesktop.org/wiki/Software/systemd
8
9 GIT:
10 git@github.com:systemd/systemd.git
11 https://github.com/systemd/systemd.git
12
13 GITWEB:
14 https://github.com/systemd/systemd
15
16 MAILING LIST:
17 https://lists.freedesktop.org/mailman/listinfo/systemd-devel
18
19 IRC:
20 #systemd on irc.freenode.org
21
22 BUG REPORTS:
23 https://github.com/systemd/systemd/issues
24
25 AUTHOR:
26 Lennart Poettering
27 Kay Sievers
28 ...and many others
29
30 LICENSE:
31 LGPLv2.1+ for all code
32 - except src/basic/MurmurHash2.c which is Public Domain
33 - except src/basic/siphash24.c which is CC0 Public Domain
34 - except src/journal/lookup3.c which is Public Domain
35 - except src/udev/* which is (currently still) GPLv2, GPLv2+
36
37 REQUIREMENTS:
38 Linux kernel >= 3.13
39 Linux kernel >= 4.2 for unified cgroup hierarchy support
40
41 Kernel Config Options:
42 CONFIG_DEVTMPFS
43 CONFIG_CGROUPS (it is OK to disable all controllers)
44 CONFIG_INOTIFY_USER
45 CONFIG_SIGNALFD
46 CONFIG_TIMERFD
47 CONFIG_EPOLL
48 CONFIG_NET
49 CONFIG_SYSFS
50 CONFIG_PROC_FS
51 CONFIG_FHANDLE (libudev, mount and bind mount handling)
52
53 Kernel crypto/hash API
54 CONFIG_CRYPTO_USER_API_HASH
55 CONFIG_CRYPTO_HMAC
56 CONFIG_CRYPTO_SHA256
57
58 udev will fail to work with the legacy sysfs layout:
59 CONFIG_SYSFS_DEPRECATED=n
60
61 Legacy hotplug slows down the system and confuses udev:
62 CONFIG_UEVENT_HELPER_PATH=""
63
64 Userspace firmware loading is not supported and should
65 be disabled in the kernel:
66 CONFIG_FW_LOADER_USER_HELPER=n
67
68 Some udev rules and virtualization detection relies on it:
69 CONFIG_DMIID
70
71 Support for some SCSI devices serial number retrieval, to
72 create additional symlinks in /dev/disk/ and /dev/tape:
73 CONFIG_BLK_DEV_BSG
74
75 Required for PrivateNetwork= and PrivateDevices= in service units:
76 CONFIG_NET_NS
77 CONFIG_DEVPTS_MULTIPLE_INSTANCES
78 Note that systemd-localed.service and other systemd units use
79 PrivateNetwork and PrivateDevices so this is effectively required.
80
81 Required for PrivateUsers= in service units:
82 CONFIG_USER_NS
83
84 Optional but strongly recommended:
85 CONFIG_IPV6
86 CONFIG_AUTOFS4_FS
87 CONFIG_TMPFS_XATTR
88 CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
89 CONFIG_SECCOMP
90 CONFIG_SECCOMP_FILTER (required for seccomp support)
91 CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
92
93 Required for CPUShares= in resource control unit settings
94 CONFIG_CGROUP_SCHED
95 CONFIG_FAIR_GROUP_SCHED
96
97 Required for CPUQuota= in resource control unit settings
98 CONFIG_CFS_BANDWIDTH
99
100 For UEFI systems:
101 CONFIG_EFIVAR_FS
102 CONFIG_EFI_PARTITION
103
104 We recommend to turn off Real-Time group scheduling in the
105 kernel when using systemd. RT group scheduling effectively
106 makes RT scheduling unavailable for most userspace, since it
107 requires explicit assignment of RT budgets to each unit whose
108 processes making use of RT. As there's no sensible way to
109 assign these budgets automatically this cannot really be
110 fixed, and it's best to disable group scheduling hence.
111 CONFIG_RT_GROUP_SCHED=n
112
113 Note that kernel auditing is broken when used with systemd's
114 container code. When using systemd in conjunction with
115 containers, please make sure to either turn off auditing at
116 runtime using the kernel command line option "audit=0", or
117 turn it off at kernel compile time using:
118 CONFIG_AUDIT=n
119 If systemd is compiled with libseccomp support on
120 architectures which do not use socketcall() and where seccomp
121 is supported (this effectively means x86-64 and ARM, but
122 excludes 32-bit x86!), then nspawn will now install a
123 work-around seccomp filter that makes containers boot even
124 with audit being enabled. This works correctly only on kernels
125 3.14 and newer though. TL;DR: turn audit off, still.
126
127 glibc >= 2.16
128 libcap
129 libmount >= 2.27.1 (from util-linux)
130 (util-linux *must* be built with --enable-libmount-force-mountinfo)
131 libseccomp >= 2.3.1 (optional)
132 libblkid >= 2.24 (from util-linux) (optional)
133 libkmod >= 15 (optional)
134 PAM >= 1.1.2 (optional)
135 libcryptsetup (optional)
136 libaudit (optional)
137 libacl (optional)
138 libselinux (optional)
139 liblzma (optional)
140 liblz4 >= 119 (optional)
141 libgcrypt (optional)
142 libqrencode (optional)
143 libmicrohttpd (optional)
144 libpython (optional)
145 libidn (optional)
146 elfutils >= 158 (optional)
147 make, gcc, and similar tools
148
149 During runtime, you need the following additional
150 dependencies:
151
152 util-linux >= v2.27.1 required
153 dbus >= 1.4.0 (strictly speaking optional, but recommended)
154 NOTE: If using dbus < 1.9.18, you should override the default
155 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
156 dracut (optional)
157 PolicyKit (optional)
158
159 Two build systems are supported: meson + ninja-build and autools + make.
160
161 The following tools are needed with both systems:
162
163 pkg-config
164 gperf >= 3.1
165 docbook-xsl (optional, required for documentation)
166 xsltproc (optional, required for documentation)
167 python-lxml (optional, required to build the indices)
168
169 When building with meson, python and ninja-build are required.
170
171 To build in directory build/:
172 meson build/ && ninja -C build
173
174 Any configuration options can be specfied as -Darg=value... arguments
175 to meson. After the build directory is initially configured, meson will
176 refuse to run again, and options must be changed with:
177 mesonconf -Darg=value...
178 mesonconf without any arguments will print out available options and
179 their current values.
180
181 Useful commands:
182 ninja -v some/target
183 ninja test
184 sudo ninja install
185 DESTDIR=... ninja install
186
187 When building with autotools, the following tools are needed:
188
189 automake
190 autoconf
191 libtool
192 intltool
193 python (optional)
194
195 The build system is initialized with ./autogen.sh and the usual
196 ./configure && make
197 should be used.
198
199 A tar ball can be created with:
200 git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
201
202 When systemd-hostnamed is used, it is strongly recommended to
203 install nss-myhostname to ensure that, in a world of
204 dynamically changing hostnames, the hostname stays resolvable
205 under all circumstances. In fact, systemd-hostnamed will warn
206 if nss-myhostname is not installed.
207
208 Additional packages are necessary to run some tests:
209 - busybox (used by test/TEST-13-NSPAWN-SMOKE)
210 - nc (used by test/TEST-12-ISSUE-3171)
211 - python3-pyparsing
212 - python3-evdev (used by hwdb parsing tests)
213 - strace (used by test/test-functions)
214 - capsh (optional, used by test-execute)
215
216 USERS AND GROUPS:
217 Default udev rules use the following standard system group
218 names, which need to be resolvable by getgrnam() at any time,
219 even in the very early boot stages, where no other databases
220 and network are available:
221
222 audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
223
224 During runtime, the journal daemon requires the
225 "systemd-journal" system group to exist. New journal files will
226 be readable by this group (but not writable), which may be used
227 to grant specific users read access. In addition, system
228 groups "wheel" and "adm" will be given read-only access to
229 journal files using systemd-tmpfiles.service.
230
231 The journal gateway daemon requires the
232 "systemd-journal-gateway" system user and group to
233 exist. During execution this network facing service will drop
234 privileges and assume this uid/gid for security reasons.
235
236 Similarly, the NTP daemon requires the "systemd-timesync" system
237 user and group to exist.
238
239 Similarly, the network management daemon requires the
240 "systemd-network" system user and group to exist.
241
242 Similarly, the name resolution daemon requires the
243 "systemd-resolve" system user and group to exist.
244
245 Similarly, the coredump support requires the
246 "systemd-coredump" system user and group to exist.
247
248 NSS:
249 systemd ships with four glibc NSS modules:
250
251 nss-myhostname resolves the local hostname to locally
252 configured IP addresses, as well as "localhost" to
253 127.0.0.1/::1.
254
255 nss-resolve enables DNS resolution via the systemd-resolved
256 DNS/LLMNR caching stub resolver "systemd-resolved".
257
258 nss-mymachines enables resolution of all local containers registered
259 with machined to their respective IP addresses. It also maps UID/GIDs
260 ranges used by containers to useful names.
261
262 nss-systemd enables resolution of all dynamically allocated service
263 users. (See the DynamicUser= setting in unit files.)
264
265 To make use of these NSS modules, please add them to the "hosts:",
266 "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
267 module should replace the glibc "dns" module in this file (and don't
268 worry, it chain-loads the "dns" module if it can't talk to resolved).
269
270 The four modules should be used in the following order:
271
272 passwd: compat mymachines systemd
273 group: compat mymachines systemd
274 hosts: files mymachines resolve myhostname
275
276 SYSV INIT.D SCRIPTS:
277 When calling "systemctl enable/disable/is-enabled" on a unit which is a
278 SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
279 this needs to translate the action into the distribution specific
280 mechanism such as chkconfig or update-rc.d. Packagers need to provide
281 this script if you need this functionality (you don't if you disabled
282 SysV init support).
283
284 Please see src/systemctl/systemd-sysv-install.SKELETON for how this
285 needs to look like, and provide an implementation at the marked places.
286
287 WARNINGS:
288 systemd will warn you during boot if /usr is on a different
289 file system than /. While in systemd itself very little will
290 break if /usr is on a separate partition, many of its
291 dependencies very likely will break sooner or later in one
292 form or another. For example, udev rules tend to refer to
293 binaries in /usr, binaries that link to libraries in /usr or
294 binaries that refer to data files in /usr. Since these
295 breakages are not always directly visible, systemd will warn
296 about this, since this kind of file system setup is not really
297 supported anymore by the basic set of Linux OS components.
298
299 systemd requires that the /run mount point exists. systemd also
300 requires that /var/run is a symlink to /run.
301
302 For more information on this issue consult
303 https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
304
305 To run systemd under valgrind, compile with VALGRIND defined
306 (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
307 false positives will be triggered by code which violates
308 some rules but is actually safe.
309
310 ENGINEERING AND CONSULTING SERVICES:
311 Kinvolk (https://kinvolk.io) offers professional engineering
312 and consulting services for systemd. Please contact Chris Kühl
313 <chris@kinvolk.io> for more information.
Unnamed repository; edit this file 'description' to name the repository.