]> git.ipfire.org Git - thirdparty/systemd.git/blob - README
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5942 from keszybz/timestamp-writing
[thirdparty/systemd.git] / README
1 systemd System and Service Manager
2
3 DETAILS:
4 http://0pointer.de/blog/projects/systemd.html
5
6 WEB SITE:
7 https://www.freedesktop.org/wiki/Software/systemd
8
9 GIT:
10 git@github.com:systemd/systemd.git
11 https://github.com/systemd/systemd.git
12
13 GITWEB:
14 https://github.com/systemd/systemd
15
16 MAILING LIST:
17 https://lists.freedesktop.org/mailman/listinfo/systemd-devel
18
19 IRC:
20 #systemd on irc.freenode.org
21
22 BUG REPORTS:
23 https://github.com/systemd/systemd/issues
24
25 AUTHOR:
26 Lennart Poettering
27 Kay Sievers
28 ...and many others
29
30 LICENSE:
31 LGPLv2.1+ for all code
32 - except src/basic/MurmurHash2.c which is Public Domain
33 - except src/basic/siphash24.c which is CC0 Public Domain
34 - except src/journal/lookup3.c which is Public Domain
35 - except src/udev/* which is (currently still) GPLv2, GPLv2+
36
37 REQUIREMENTS:
38 Linux kernel >= 3.13
39 Linux kernel >= 4.2 for unified cgroup hierarchy support
40
41 Kernel Config Options:
42 CONFIG_DEVTMPFS
43 CONFIG_CGROUPS (it is OK to disable all controllers)
44 CONFIG_INOTIFY_USER
45 CONFIG_SIGNALFD
46 CONFIG_TIMERFD
47 CONFIG_EPOLL
48 CONFIG_NET
49 CONFIG_SYSFS
50 CONFIG_PROC_FS
51 CONFIG_FHANDLE (libudev, mount and bind mount handling)
52
53 Kernel crypto/hash API
54 CONFIG_CRYPTO_USER_API_HASH
55 CONFIG_CRYPTO_HMAC
56 CONFIG_CRYPTO_SHA256
57
58 udev will fail to work with the legacy sysfs layout:
59 CONFIG_SYSFS_DEPRECATED=n
60
61 Legacy hotplug slows down the system and confuses udev:
62 CONFIG_UEVENT_HELPER_PATH=""
63
64 Userspace firmware loading is not supported and should
65 be disabled in the kernel:
66 CONFIG_FW_LOADER_USER_HELPER=n
67
68 Some udev rules and virtualization detection relies on it:
69 CONFIG_DMIID
70
71 Support for some SCSI devices serial number retrieval, to
72 create additional symlinks in /dev/disk/ and /dev/tape:
73 CONFIG_BLK_DEV_BSG
74
75 Required for PrivateNetwork= and PrivateDevices= in service units:
76 CONFIG_NET_NS
77 CONFIG_DEVPTS_MULTIPLE_INSTANCES
78 Note that systemd-localed.service and other systemd units use
79 PrivateNetwork and PrivateDevices so this is effectively required.
80
81 Required for PrivateUsers= in service units:
82 CONFIG_USER_NS
83
84 Optional but strongly recommended:
85 CONFIG_IPV6
86 CONFIG_AUTOFS4_FS
87 CONFIG_TMPFS_XATTR
88 CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
89 CONFIG_SECCOMP
90 CONFIG_SECCOMP_FILTER (required for seccomp support)
91 CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
92
93 Required for CPUShares= in resource control unit settings
94 CONFIG_CGROUP_SCHED
95 CONFIG_FAIR_GROUP_SCHED
96
97 Required for CPUQuota= in resource control unit settings
98 CONFIG_CFS_BANDWIDTH
99
100 For UEFI systems:
101 CONFIG_EFIVAR_FS
102 CONFIG_EFI_PARTITION
103
104 We recommend to turn off Real-Time group scheduling in the
105 kernel when using systemd. RT group scheduling effectively
106 makes RT scheduling unavailable for most userspace, since it
107 requires explicit assignment of RT budgets to each unit whose
108 processes making use of RT. As there's no sensible way to
109 assign these budgets automatically this cannot really be
110 fixed, and it's best to disable group scheduling hence.
111 CONFIG_RT_GROUP_SCHED=n
112
113 Note that kernel auditing is broken when used with systemd's
114 container code. When using systemd in conjunction with
115 containers, please make sure to either turn off auditing at
116 runtime using the kernel command line option "audit=0", or
117 turn it off at kernel compile time using:
118 CONFIG_AUDIT=n
119 If systemd is compiled with libseccomp support on
120 architectures which do not use socketcall() and where seccomp
121 is supported (this effectively means x86-64 and ARM, but
122 excludes 32-bit x86!), then nspawn will now install a
123 work-around seccomp filter that makes containers boot even
124 with audit being enabled. This works correctly only on kernels
125 3.14 and newer though. TL;DR: turn audit off, still.
126
127 glibc >= 2.16
128 libcap
129 libmount >= 2.27.1 (from util-linux)
130 (util-linux < 2.29 *must* be built with --enable-libmount-force-mountinfo,
131 and later versions without --enable-libmount-support-mtab.)
132 libseccomp >= 2.3.1 (optional)
133 libblkid >= 2.24 (from util-linux) (optional)
134 libkmod >= 15 (optional)
135 PAM >= 1.1.2 (optional)
136 libcryptsetup (optional)
137 libaudit (optional)
138 libacl (optional)
139 libselinux (optional)
140 liblzma (optional)
141 liblz4 >= 119 (optional)
142 libgcrypt (optional)
143 libqrencode (optional)
144 libmicrohttpd (optional)
145 libpython (optional)
146 libidn (optional)
147 elfutils >= 158 (optional)
148 make, gcc, and similar tools
149
150 During runtime, you need the following additional
151 dependencies:
152
153 util-linux >= v2.27.1 required
154 dbus >= 1.4.0 (strictly speaking optional, but recommended)
155 NOTE: If using dbus < 1.9.18, you should override the default
156 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
157 dracut (optional)
158 PolicyKit (optional)
159
160 Two build systems are supported: meson + ninja-build and autools + make.
161
162 The following tools are needed with both systems:
163
164 pkg-config
165 gperf >= 3.1
166 docbook-xsl (optional, required for documentation)
167 xsltproc (optional, required for documentation)
168 python-lxml (optional, required to build the indices)
169
170 When building with meson, python and ninja-build are required.
171
172 To build in directory build/:
173 meson build/ && ninja -C build
174
175 Any configuration options can be specfied as -Darg=value... arguments
176 to meson. After the build directory is initially configured, meson will
177 refuse to run again, and options must be changed with:
178 mesonconf -Darg=value...
179 mesonconf without any arguments will print out available options and
180 their current values.
181
182 Useful commands:
183 ninja -v some/target
184 ninja test
185 sudo ninja install
186 DESTDIR=... ninja install
187
188 When building with autotools, the following tools are needed:
189
190 automake
191 autoconf
192 libtool
193 intltool
194 python (optional)
195
196 The build system is initialized with ./autogen.sh and the usual
197 ./configure && make
198 should be used.
199
200 A tar ball can be created with:
201 git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
202
203 When systemd-hostnamed is used, it is strongly recommended to
204 install nss-myhostname to ensure that, in a world of
205 dynamically changing hostnames, the hostname stays resolvable
206 under all circumstances. In fact, systemd-hostnamed will warn
207 if nss-myhostname is not installed.
208
209 Additional packages are necessary to run some tests:
210 - busybox (used by test/TEST-13-NSPAWN-SMOKE)
211 - nc (used by test/TEST-12-ISSUE-3171)
212 - python3-pyparsing
213 - python3-evdev (used by hwdb parsing tests)
214 - strace (used by test/test-functions)
215 - capsh (optional, used by test-execute)
216
217 USERS AND GROUPS:
218 Default udev rules use the following standard system group
219 names, which need to be resolvable by getgrnam() at any time,
220 even in the very early boot stages, where no other databases
221 and network are available:
222
223 audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
224
225 During runtime, the journal daemon requires the
226 "systemd-journal" system group to exist. New journal files will
227 be readable by this group (but not writable), which may be used
228 to grant specific users read access. In addition, system
229 groups "wheel" and "adm" will be given read-only access to
230 journal files using systemd-tmpfiles.service.
231
232 The journal gateway daemon requires the
233 "systemd-journal-gateway" system user and group to
234 exist. During execution this network facing service will drop
235 privileges and assume this uid/gid for security reasons.
236
237 Similarly, the NTP daemon requires the "systemd-timesync" system
238 user and group to exist.
239
240 Similarly, the network management daemon requires the
241 "systemd-network" system user and group to exist.
242
243 Similarly, the name resolution daemon requires the
244 "systemd-resolve" system user and group to exist.
245
246 Similarly, the coredump support requires the
247 "systemd-coredump" system user and group to exist.
248
249 NSS:
250 systemd ships with four glibc NSS modules:
251
252 nss-myhostname resolves the local hostname to locally
253 configured IP addresses, as well as "localhost" to
254 127.0.0.1/::1.
255
256 nss-resolve enables DNS resolution via the systemd-resolved
257 DNS/LLMNR caching stub resolver "systemd-resolved".
258
259 nss-mymachines enables resolution of all local containers registered
260 with machined to their respective IP addresses. It also maps UID/GIDs
261 ranges used by containers to useful names.
262
263 nss-systemd enables resolution of all dynamically allocated service
264 users. (See the DynamicUser= setting in unit files.)
265
266 To make use of these NSS modules, please add them to the "hosts:",
267 "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
268 module should replace the glibc "dns" module in this file (and don't
269 worry, it chain-loads the "dns" module if it can't talk to resolved).
270
271 The four modules should be used in the following order:
272
273 passwd: compat mymachines systemd
274 group: compat mymachines systemd
275 hosts: files mymachines resolve myhostname
276
277 SYSV INIT.D SCRIPTS:
278 When calling "systemctl enable/disable/is-enabled" on a unit which is a
279 SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
280 this needs to translate the action into the distribution specific
281 mechanism such as chkconfig or update-rc.d. Packagers need to provide
282 this script if you need this functionality (you don't if you disabled
283 SysV init support).
284
285 Please see src/systemctl/systemd-sysv-install.SKELETON for how this
286 needs to look like, and provide an implementation at the marked places.
287
288 WARNINGS:
289 systemd will warn you during boot if /usr is on a different
290 file system than /. While in systemd itself very little will
291 break if /usr is on a separate partition, many of its
292 dependencies very likely will break sooner or later in one
293 form or another. For example, udev rules tend to refer to
294 binaries in /usr, binaries that link to libraries in /usr or
295 binaries that refer to data files in /usr. Since these
296 breakages are not always directly visible, systemd will warn
297 about this, since this kind of file system setup is not really
298 supported anymore by the basic set of Linux OS components.
299
300 systemd requires that the /run mount point exists. systemd also
301 requires that /var/run is a symlink to /run.
302
303 For more information on this issue consult
304 https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
305
306 To run systemd under valgrind, compile with VALGRIND defined
307 (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
308 false positives will be triggered by code which violates
309 some rules but is actually safe.
310
311 ENGINEERING AND CONSULTING SERVICES:
312 Kinvolk (https://kinvolk.io) offers professional engineering
313 and consulting services for systemd. Please contact Chris Kühl
314 <chris@kinvolk.io> for more information.
Unnamed repository; edit this file 'description' to name the repository.