README

   1 systemd System and Service Manager
   2
   3 DETAILS:
   4         http://0pointer.de/blog/projects/systemd.html
   5
   6 WEB SITE:
   7         https://www.freedesktop.org/wiki/Software/systemd
   8
   9 GIT:
  10         git@github.com:systemd/systemd.git
  11         https://github.com/systemd/systemd
  12
  13 MAILING LIST:
  14         https://lists.freedesktop.org/mailman/listinfo/systemd-devel
  15
  16 IRC:
  17         #systemd on irc.freenode.org
  18
  19 BUG REPORTS:
  20         https://github.com/systemd/systemd/issues
  21
  22 AUTHOR:
  23         Lennart Poettering
  24         Kay Sievers
  25         ...and many others
  26
  27 LICENSE:
  28         LGPLv2.1+ for all code
  29         - except src/basic/MurmurHash2.c which is Public Domain
  30         - except src/basic/siphash24.c which is CC0 Public Domain
  31         - except src/journal/lookup3.c which is Public Domain
  32         - except src/udev/* which is (currently still) GPLv2, GPLv2+
  33
  34 REQUIREMENTS:
  35         Linux kernel >= 3.13
  36         Linux kernel >= 4.2 for unified cgroup hierarchy support
  37
  38         Kernel Config Options:
  39           CONFIG_DEVTMPFS
  40           CONFIG_CGROUPS (it is OK to disable all controllers)
  41           CONFIG_INOTIFY_USER
  42           CONFIG_SIGNALFD
  43           CONFIG_TIMERFD
  44           CONFIG_EPOLL
  45           CONFIG_NET
  46           CONFIG_SYSFS
  47           CONFIG_PROC_FS
  48           CONFIG_FHANDLE (libudev, mount and bind mount handling)
  49
  50         Kernel crypto/hash API
  51           CONFIG_CRYPTO_USER_API_HASH
  52           CONFIG_CRYPTO_HMAC
  53           CONFIG_CRYPTO_SHA256
  54
  55         udev will fail to work with the legacy sysfs layout:
  56           CONFIG_SYSFS_DEPRECATED=n
  57
  58         Legacy hotplug slows down the system and confuses udev:
  59           CONFIG_UEVENT_HELPER_PATH=""
  60
  61         Userspace firmware loading is not supported and should
  62         be disabled in the kernel:
  63           CONFIG_FW_LOADER_USER_HELPER=n
  64
  65         Some udev rules and virtualization detection relies on it:
  66           CONFIG_DMIID
  67
  68         Support for some SCSI devices serial number retrieval, to
  69         create additional symlinks in /dev/disk/ and /dev/tape:
  70           CONFIG_BLK_DEV_BSG
  71
  72         Required for PrivateNetwork= and PrivateDevices= in service units:
  73           CONFIG_NET_NS
  74           CONFIG_DEVPTS_MULTIPLE_INSTANCES
  75         Note that systemd-localed.service and other systemd units use
  76         PrivateNetwork and PrivateDevices so this is effectively required.
  77
  78         Required for PrivateUsers= in service units:
  79           CONFIG_USER_NS
  80
  81         Optional but strongly recommended:
  82           CONFIG_IPV6
  83           CONFIG_AUTOFS4_FS
  84           CONFIG_TMPFS_XATTR
  85           CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
  86           CONFIG_SECCOMP
  87           CONFIG_SECCOMP_FILTER (required for seccomp support)
  88           CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
  89
  90         Required for CPUShares= in resource control unit settings
  91           CONFIG_CGROUP_SCHED
  92           CONFIG_FAIR_GROUP_SCHED
  93
  94         Required for CPUQuota= in resource control unit settings
  95           CONFIG_CFS_BANDWIDTH
  96
  97         For UEFI systems:
  98           CONFIG_EFIVAR_FS
  99           CONFIG_EFI_PARTITION
 100
 101         We recommend to turn off Real-Time group scheduling in the
 102         kernel when using systemd. RT group scheduling effectively
 103         makes RT scheduling unavailable for most userspace, since it
 104         requires explicit assignment of RT budgets to each unit whose
 105         processes making use of RT. As there's no sensible way to
 106         assign these budgets automatically this cannot really be
 107         fixed, and it's best to disable group scheduling hence.
 108            CONFIG_RT_GROUP_SCHED=n
 109
 110         It's a good idea to disable the implicit creation of networking bonding
 111         devices by the kernel networking bonding module, so that the
 112         automatically created "bond0" interface doesn't conflict with any such
 113         device created by systemd-networkd (or other tools). Ideally there
 114         would be a kernel compile-time option for this, but there currently
 115         isn't. The next best thing is to make this change through a modprobe.d
 116         drop-in. This is shipped by default, see modprobe.d/systemd.conf.
 117
 118         Note that kernel auditing is broken when used with systemd's
 119         container code. When using systemd in conjunction with
 120         containers, please make sure to either turn off auditing at
 121         runtime using the kernel command line option "audit=0", or
 122         turn it off at kernel compile time using:
 123           CONFIG_AUDIT=n
 124         If systemd is compiled with libseccomp support on
 125         architectures which do not use socketcall() and where seccomp
 126         is supported (this effectively means x86-64 and ARM, but
 127         excludes 32-bit x86!), then nspawn will now install a
 128         work-around seccomp filter that makes containers boot even
 129         with audit being enabled. This works correctly only on kernels
 130         3.14 and newer though. TL;DR: turn audit off, still.
 131
 132         glibc >= 2.16
 133         libcap
 134         libmount >= 2.30 (from util-linux)
 135                 (util-linux *must* be built without --enable-libmount-support-mtab)
 136         libseccomp >= 2.3.1 (optional)
 137         libblkid >= 2.24 (from util-linux) (optional)
 138         libkmod >= 15 (optional)
 139         PAM >= 1.1.2 (optional)
 140         libcryptsetup (optional)
 141         libaudit (optional)
 142         libacl (optional)
 143         libselinux (optional)
 144         liblzma (optional)
 145         liblz4 >= 119 (optional)
 146         libgcrypt (optional)
 147         libqrencode (optional)
 148         libmicrohttpd (optional)
 149         libpython (optional)
 150         libidn2 or libidn (optional)
 151         elfutils >= 158 (optional)
 152         pkg-config
 153         gperf
 154         docbook-xsl (optional, required for documentation)
 155         xsltproc    (optional, required for documentation)
 156         python-lxml (optional, required to build the indices)
 157         python, meson, ninja
 158         gcc, awk, sed, grep, m4, and similar tools
 159
 160         During runtime, you need the following additional
 161         dependencies:
 162
 163         util-linux >= v2.27.1 required
 164         dbus >= 1.4.0 (strictly speaking optional, but recommended)
 165                 NOTE: If using dbus < 1.9.18, you should override the default
 166                 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
 167         dracut (optional)
 168         PolicyKit (optional)
 169
 170         To build in directory build/:
 171           meson build/ && ninja -C build
 172
 173         Any configuration options can be specfied as -Darg=value... arguments
 174         to meson. After the build directory is initially configured, meson will
 175         refuse to run again, and options must be changed with:
 176           mesonconf -Darg=value...
 177         mesonconf without any arguments will print out available options and
 178         their current values.
 179
 180         Useful commands:
 181           ninja -v some/target
 182           ninja test
 183           sudo ninja install
 184           DESTDIR=... ninja install
 185
 186         A tarball can be created with:
 187           git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
 188
 189         When systemd-hostnamed is used, it is strongly recommended to
 190         install nss-myhostname to ensure that, in a world of
 191         dynamically changing hostnames, the hostname stays resolvable
 192         under all circumstances. In fact, systemd-hostnamed will warn
 193         if nss-myhostname is not installed.
 194
 195         Additional packages are necessary to run some tests:
 196         - busybox            (used by test/TEST-13-NSPAWN-SMOKE)
 197         - nc                 (used by test/TEST-12-ISSUE-3171)
 198         - python3-pyparsing
 199         - python3-evdev      (used by hwdb parsing tests)
 200         - strace             (used by test/test-functions)
 201         - capsh              (optional, used by test-execute)
 202
 203 USERS AND GROUPS:
 204         Default udev rules use the following standard system group
 205         names, which need to be resolvable by getgrnam() at any time,
 206         even in the very early boot stages, where no other databases
 207         and network are available:
 208
 209         audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
 210
 211         During runtime, the journal daemon requires the
 212         "systemd-journal" system group to exist. New journal files will
 213         be readable by this group (but not writable), which may be used
 214         to grant specific users read access. In addition, system
 215         groups "wheel" and "adm" will be given read-only access to
 216         journal files using systemd-tmpfiles.service.
 217
 218         The journal gateway daemon requires the
 219         "systemd-journal-gateway" system user and group to
 220         exist. During execution this network facing service will drop
 221         privileges and assume this uid/gid for security reasons.
 222
 223         Similarly, the NTP daemon requires the "systemd-timesync" system
 224         user and group to exist.
 225
 226         Similarly, the network management daemon requires the
 227         "systemd-network" system user and group to exist.
 228
 229         Similarly, the name resolution daemon requires the
 230         "systemd-resolve" system user and group to exist.
 231
 232         Similarly, the coredump support requires the
 233         "systemd-coredump" system user and group to exist.
 234
 235 NSS:
 236         systemd ships with four glibc NSS modules:
 237
 238         nss-myhostname resolves the local hostname to locally
 239         configured IP addresses, as well as "localhost" to
 240         127.0.0.1/::1.
 241
 242         nss-resolve enables DNS resolution via the systemd-resolved
 243         DNS/LLMNR caching stub resolver "systemd-resolved".
 244
 245         nss-mymachines enables resolution of all local containers registered
 246         with machined to their respective IP addresses. It also maps UID/GIDs
 247         ranges used by containers to useful names.
 248
 249         nss-systemd enables resolution of all dynamically allocated service
 250         users. (See the DynamicUser= setting in unit files.)
 251
 252         To make use of these NSS modules, please add them to the "hosts:",
 253         "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
 254         module should replace the glibc "dns" module in this file (and don't
 255         worry, it chain-loads the "dns" module if it can't talk to resolved).
 256
 257         The four modules should be used in the following order:
 258
 259                 passwd: compat mymachines systemd
 260                 group: compat mymachines systemd
 261                 hosts: files mymachines resolve myhostname
 262
 263 SYSV INIT.D SCRIPTS:
 264         When calling "systemctl enable/disable/is-enabled" on a unit which is a
 265         SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
 266         this needs to translate the action into the distribution specific
 267         mechanism such as chkconfig or update-rc.d. Packagers need to provide
 268         this script if you need this functionality (you don't if you disabled
 269         SysV init support).
 270
 271         Please see src/systemctl/systemd-sysv-install.SKELETON for how this
 272         needs to look like, and provide an implementation at the marked places.
 273
 274 WARNINGS:
 275         systemd will warn you during boot if /usr is on a different
 276         file system than /. While in systemd itself very little will
 277         break if /usr is on a separate partition, many of its
 278         dependencies very likely will break sooner or later in one
 279         form or another. For example, udev rules tend to refer to
 280         binaries in /usr, binaries that link to libraries in /usr or
 281         binaries that refer to data files in /usr. Since these
 282         breakages are not always directly visible, systemd will warn
 283         about this, since this kind of file system setup is not really
 284         supported anymore by the basic set of Linux OS components.
 285
 286         systemd requires that the /run mount point exists. systemd also
 287         requires that /var/run is a symlink to /run.
 288
 289         For more information on this issue consult
 290         https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
 291
 292         To run systemd under valgrind, compile with VALGRIND defined
 293         (e.g. CPPFLAGS='... -DVALGRIND=1' meson <options>) and have valgrind
 294         development headers installed (i.e. valgrind-devel or
 295         equivalent). Otherwise, false positives will be triggered by code which
 296         violates some rules but is actually safe. Note that valgrind generates
 297         nice output only on exit(), hence on shutdown we don't execve()
 298         systemd-shutdown.
 299
 300 ENGINEERING AND CONSULTING SERVICES:
 301         Kinvolk (https://kinvolk.io) offers professional engineering
 302         and consulting services for systemd. Please contact Chris Kühl
 303         <chris@kinvolk.io> for more information.