README

   1 systemd System and Service Manager
   2
   3 DETAILS:
   4         http://0pointer.de/blog/projects/systemd.html
   5
   6 WEB SITE:
   7         https://www.freedesktop.org/wiki/Software/systemd
   8
   9 GIT:
  10         git@github.com:systemd/systemd.git
  11         https://github.com/systemd/systemd
  12
  13 MAILING LIST:
  14         https://lists.freedesktop.org/mailman/listinfo/systemd-devel
  15
  16 IRC:
  17         #systemd on irc.freenode.org
  18
  19 BUG REPORTS:
  20         https://github.com/systemd/systemd/issues
  21
  22 AUTHOR:
  23         Lennart Poettering
  24         Kay Sievers
  25         ...and many others
  26
  27 LICENSE:
  28         LGPLv2.1+ for all code
  29         - except src/basic/MurmurHash2.c which is Public Domain
  30         - except src/basic/siphash24.c which is CC0 Public Domain
  31         - except src/journal/lookup3.c which is Public Domain
  32         - except src/udev/* which is (currently still) GPLv2, GPLv2+
  33
  34 REQUIREMENTS:
  35         Linux kernel >= 3.13
  36         Linux kernel >= 4.2 for unified cgroup hierarchy support
  37
  38         Kernel Config Options:
  39           CONFIG_DEVTMPFS
  40           CONFIG_CGROUPS (it is OK to disable all controllers)
  41           CONFIG_INOTIFY_USER
  42           CONFIG_SIGNALFD
  43           CONFIG_TIMERFD
  44           CONFIG_EPOLL
  45           CONFIG_NET
  46           CONFIG_SYSFS
  47           CONFIG_PROC_FS
  48           CONFIG_FHANDLE (libudev, mount and bind mount handling)
  49
  50         Kernel crypto/hash API
  51           CONFIG_CRYPTO_USER_API_HASH
  52           CONFIG_CRYPTO_HMAC
  53           CONFIG_CRYPTO_SHA256
  54
  55         udev will fail to work with the legacy sysfs layout:
  56           CONFIG_SYSFS_DEPRECATED=n
  57
  58         Legacy hotplug slows down the system and confuses udev:
  59           CONFIG_UEVENT_HELPER_PATH=""
  60
  61         Userspace firmware loading is not supported and should
  62         be disabled in the kernel:
  63           CONFIG_FW_LOADER_USER_HELPER=n
  64
  65         Some udev rules and virtualization detection relies on it:
  66           CONFIG_DMIID
  67
  68         Support for some SCSI devices serial number retrieval, to
  69         create additional symlinks in /dev/disk/ and /dev/tape:
  70           CONFIG_BLK_DEV_BSG
  71
  72         Required for PrivateNetwork= and PrivateDevices= in service units:
  73           CONFIG_NET_NS
  74           CONFIG_DEVPTS_MULTIPLE_INSTANCES
  75         Note that systemd-localed.service and other systemd units use
  76         PrivateNetwork and PrivateDevices so this is effectively required.
  77
  78         Required for PrivateUsers= in service units:
  79           CONFIG_USER_NS
  80
  81         Optional but strongly recommended:
  82           CONFIG_IPV6
  83           CONFIG_AUTOFS4_FS
  84           CONFIG_TMPFS_XATTR
  85           CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
  86           CONFIG_SECCOMP
  87           CONFIG_SECCOMP_FILTER (required for seccomp support)
  88           CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
  89
  90         Required for CPUShares= in resource control unit settings
  91           CONFIG_CGROUP_SCHED
  92           CONFIG_FAIR_GROUP_SCHED
  93
  94         Required for CPUQuota= in resource control unit settings
  95           CONFIG_CFS_BANDWIDTH
  96
  97         For UEFI systems:
  98           CONFIG_EFIVAR_FS
  99           CONFIG_EFI_PARTITION
 100
 101         We recommend to turn off Real-Time group scheduling in the
 102         kernel when using systemd. RT group scheduling effectively
 103         makes RT scheduling unavailable for most userspace, since it
 104         requires explicit assignment of RT budgets to each unit whose
 105         processes making use of RT. As there's no sensible way to
 106         assign these budgets automatically this cannot really be
 107         fixed, and it's best to disable group scheduling hence.
 108            CONFIG_RT_GROUP_SCHED=n
 109
 110         It's a good idea to disable the implicit creation of networking bonding
 111         devices by the kernel networking bonding module, so that the
 112         automatically created "bond0" interface doesn't conflict with any such
 113         device created by systemd-networkd (or other tools). Ideally there
 114         would be a kernel compile-time option for this, but there currently
 115         isn't. The next best thing is to make this change through a modprobe.d
 116         drop-in. This is shipped by default, see modprobe.d/systemd.conf.
 117
 118         Note that kernel auditing is broken when used with systemd's
 119         container code. When using systemd in conjunction with
 120         containers, please make sure to either turn off auditing at
 121         runtime using the kernel command line option "audit=0", or
 122         turn it off at kernel compile time using:
 123           CONFIG_AUDIT=n
 124         If systemd is compiled with libseccomp support on
 125         architectures which do not use socketcall() and where seccomp
 126         is supported (this effectively means x86-64 and ARM, but
 127         excludes 32-bit x86!), then nspawn will now install a
 128         work-around seccomp filter that makes containers boot even
 129         with audit being enabled. This works correctly only on kernels
 130         3.14 and newer though. TL;DR: turn audit off, still.
 131
 132         glibc >= 2.16
 133         libcap
 134         libmount >= 2.30 (from util-linux)
 135                 (util-linux *must* be built without --enable-libmount-support-mtab)
 136         libseccomp >= 2.3.1 (optional)
 137         libblkid >= 2.24 (from util-linux) (optional)
 138         libkmod >= 15 (optional)
 139         PAM >= 1.1.2 (optional)
 140         libcryptsetup (optional)
 141         libaudit (optional)
 142         libacl (optional)
 143         libselinux (optional)
 144         liblzma (optional)
 145         liblz4 >= 119 (optional)
 146         libgcrypt (optional)
 147         libqrencode (optional)
 148         libmicrohttpd (optional)
 149         libpython (optional)
 150         libidn2 or libidn (optional)
 151         elfutils >= 158 (optional)
 152         polkit (optional)
 153         pkg-config
 154         gperf
 155         docbook-xsl (optional, required for documentation)
 156         xsltproc    (optional, required for documentation)
 157         python-lxml (optional, required to build the indices)
 158         python, meson, ninja
 159         gcc, awk, sed, grep, m4, and similar tools
 160
 161         During runtime, you need the following additional
 162         dependencies:
 163
 164         util-linux >= v2.27.1 required
 165         dbus >= 1.4.0 (strictly speaking optional, but recommended)
 166                 NOTE: If using dbus < 1.9.18, you should override the default
 167                 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
 168         dracut (optional)
 169         PolicyKit (optional)
 170
 171         To build in directory build/:
 172           meson build/ && ninja -C build
 173
 174         Any configuration options can be specfied as -Darg=value... arguments
 175         to meson. After the build directory is initially configured, meson will
 176         refuse to run again, and options must be changed with:
 177           mesonconf -Darg=value...
 178         mesonconf without any arguments will print out available options and
 179         their current values.
 180
 181         Useful commands:
 182           ninja -v some/target
 183           ninja test
 184           sudo ninja install
 185           DESTDIR=... ninja install
 186
 187         A tarball can be created with:
 188           git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
 189
 190         When systemd-hostnamed is used, it is strongly recommended to
 191         install nss-myhostname to ensure that, in a world of
 192         dynamically changing hostnames, the hostname stays resolvable
 193         under all circumstances. In fact, systemd-hostnamed will warn
 194         if nss-myhostname is not installed.
 195
 196         Additional packages are necessary to run some tests:
 197         - busybox            (used by test/TEST-13-NSPAWN-SMOKE)
 198         - nc                 (used by test/TEST-12-ISSUE-3171)
 199         - python3-pyparsing
 200         - python3-evdev      (used by hwdb parsing tests)
 201         - strace             (used by test/test-functions)
 202         - capsh              (optional, used by test-execute)
 203
 204 USERS AND GROUPS:
 205         Default udev rules use the following standard system group
 206         names, which need to be resolvable by getgrnam() at any time,
 207         even in the very early boot stages, where no other databases
 208         and network are available:
 209
 210         audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
 211
 212         During runtime, the journal daemon requires the
 213         "systemd-journal" system group to exist. New journal files will
 214         be readable by this group (but not writable), which may be used
 215         to grant specific users read access. In addition, system
 216         groups "wheel" and "adm" will be given read-only access to
 217         journal files using systemd-tmpfiles.service.
 218
 219         The journal gateway daemon requires the
 220         "systemd-journal-gateway" system user and group to
 221         exist. During execution this network facing service will drop
 222         privileges and assume this uid/gid for security reasons.
 223
 224         Similarly, the NTP daemon requires the "systemd-timesync" system
 225         user and group to exist.
 226
 227         Similarly, the network management daemon requires the
 228         "systemd-network" system user and group to exist.
 229
 230         Similarly, the name resolution daemon requires the
 231         "systemd-resolve" system user and group to exist.
 232
 233         Similarly, the coredump support requires the
 234         "systemd-coredump" system user and group to exist.
 235
 236 NSS:
 237         systemd ships with four glibc NSS modules:
 238
 239         nss-myhostname resolves the local hostname to locally
 240         configured IP addresses, as well as "localhost" to
 241         127.0.0.1/::1.
 242
 243         nss-resolve enables DNS resolution via the systemd-resolved
 244         DNS/LLMNR caching stub resolver "systemd-resolved".
 245
 246         nss-mymachines enables resolution of all local containers registered
 247         with machined to their respective IP addresses. It also maps UID/GIDs
 248         ranges used by containers to useful names.
 249
 250         nss-systemd enables resolution of all dynamically allocated service
 251         users. (See the DynamicUser= setting in unit files.)
 252
 253         To make use of these NSS modules, please add them to the "hosts:",
 254         "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
 255         module should replace the glibc "dns" module in this file (and don't
 256         worry, it chain-loads the "dns" module if it can't talk to resolved).
 257
 258         The four modules should be used in the following order:
 259
 260                 passwd: compat mymachines systemd
 261                 group: compat mymachines systemd
 262                 hosts: files mymachines resolve myhostname
 263
 264 SYSV INIT.D SCRIPTS:
 265         When calling "systemctl enable/disable/is-enabled" on a unit which is a
 266         SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
 267         this needs to translate the action into the distribution specific
 268         mechanism such as chkconfig or update-rc.d. Packagers need to provide
 269         this script if you need this functionality (you don't if you disabled
 270         SysV init support).
 271
 272         Please see src/systemctl/systemd-sysv-install.SKELETON for how this
 273         needs to look like, and provide an implementation at the marked places.
 274
 275 WARNINGS:
 276         systemd will warn you during boot if /usr is on a different
 277         file system than /. While in systemd itself very little will
 278         break if /usr is on a separate partition, many of its
 279         dependencies very likely will break sooner or later in one
 280         form or another. For example, udev rules tend to refer to
 281         binaries in /usr, binaries that link to libraries in /usr or
 282         binaries that refer to data files in /usr. Since these
 283         breakages are not always directly visible, systemd will warn
 284         about this, since this kind of file system setup is not really
 285         supported anymore by the basic set of Linux OS components.
 286
 287         systemd requires that the /run mount point exists. systemd also
 288         requires that /var/run is a symlink to /run.
 289
 290         For more information on this issue consult
 291         https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
 292
 293         To run systemd under valgrind, compile with VALGRIND defined
 294         (e.g. CPPFLAGS='... -DVALGRIND=1' meson <options>) and have valgrind
 295         development headers installed (i.e. valgrind-devel or
 296         equivalent). Otherwise, false positives will be triggered by code which
 297         violates some rules but is actually safe. Note that valgrind generates
 298         nice output only on exit(), hence on shutdown we don't execve()
 299         systemd-shutdown.
 300
 301 ENGINEERING AND CONSULTING SERVICES:
 302         Kinvolk (https://kinvolk.io) offers professional engineering
 303         and consulting services for systemd. Please contact Chris Kühl
 304         <chris@kinvolk.io> for more information.