README revision 1d40ddbfd35fa500dcf4312621c235ffe86d28e5
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsyncsystemd System and Service Manager
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsyncMAILING LIST:
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync http://lists.freedesktop.org/mailman/listinfo/systemd-devel
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync http://lists.freedesktop.org/mailman/listinfo/systemd-commits
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsyncBUG REPORTS:
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync Lennart Poettering
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync Kay Sievers
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync LGPLv2.1+ for all code
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync - except src/basic/MurmurHash2.c which is Public Domain
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync - except src/basic/siphash24.c which is CC0 Public Domain
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync - except src/journal/lookup3.c which is Public Domain
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync - except src/udev/* which is (currently still) GPLv2, GPLv2+
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsyncREQUIREMENTS:
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync Linux kernel >= 3.11
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync Linux kernel >= 4.2 for unified cgroup hierarchy support
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync Kernel Config Options:
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_DEVTMPFS
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_CGROUPS (it is OK to disable all controllers)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_INOTIFY_USER
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_SIGNALFD
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_TIMERFD
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_EPOLL
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_SYSFS
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync CONFIG_PROC_FS
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync CONFIG_FHANDLE (libudev, mount and bind mount handling)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync udev will fail to work with the legacy sysfs layout:
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_SYSFS_DEPRECATED=n
26d39be31f299144a600b23a5298decf5fa3592fvboxsync Legacy hotplug slows down the system and confuses udev:
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_UEVENT_HELPER_PATH=""
26d39be31f299144a600b23a5298decf5fa3592fvboxsync Userspace firmware loading is not supported and should
26d39be31f299144a600b23a5298decf5fa3592fvboxsync be disabled in the kernel:
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_FW_LOADER_USER_HELPER=n
26d39be31f299144a600b23a5298decf5fa3592fvboxsync Some udev rules and virtualization detection relies on it:
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_DMIID
26d39be31f299144a600b23a5298decf5fa3592fvboxsync Support for some SCSI devices serial number retrieval, to
26d39be31f299144a600b23a5298decf5fa3592fvboxsync create additional symlinks in /dev/disk/ and /dev/tape:
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_BLK_DEV_BSG
26d39be31f299144a600b23a5298decf5fa3592fvboxsync Required for PrivateNetwork and PrivateDevices in service units:
91afe8a45492af90be74e8b56d46c8659f827b0bvboxsync CONFIG_NET_NS
91afe8a45492af90be74e8b56d46c8659f827b0bvboxsync CONFIG_DEVPTS_MULTIPLE_INSTANCES
91afe8a45492af90be74e8b56d46c8659f827b0bvboxsync Note that systemd-localed.service and other systemd units use
91afe8a45492af90be74e8b56d46c8659f827b0bvboxsync PrivateNetwork and PrivateDevices so this is effectively required.
26d39be31f299144a600b23a5298decf5fa3592fvboxsync Optional but strongly recommended:
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_IPV6
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_AUTOFS4_FS
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_TMPFS_XATTR
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_SECCOMP
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
26d39be31f299144a600b23a5298decf5fa3592fvboxsync Required for CPUShares= in resource control unit settings
91afe8a45492af90be74e8b56d46c8659f827b0bvboxsync CONFIG_CGROUP_SCHED
91afe8a45492af90be74e8b56d46c8659f827b0bvboxsync CONFIG_FAIR_GROUP_SCHED
26d39be31f299144a600b23a5298decf5fa3592fvboxsync Required for CPUQuota= in resource control unit settings
26d39be31f299144a600b23a5298decf5fa3592fvboxsync CONFIG_CFS_BANDWIDTH
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync For systemd-bootchart, several proc debug interfaces are required:
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync CONFIG_SCHEDSTATS
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync CONFIG_SCHED_DEBUG
91afe8a45492af90be74e8b56d46c8659f827b0bvboxsync For UEFI systems:
aae15a3015041f7ed6043344bf4939736254acf6vboxsync CONFIG_EFIVAR_FS
aae15a3015041f7ed6043344bf4939736254acf6vboxsync CONFIG_EFI_PARTITION
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync We recommend to turn off Real-Time group scheduling in the
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync kernel when using systemd. RT group scheduling effectively
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync makes RT scheduling unavailable for most userspace, since it
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync requires explicit assignment of RT budgets to each unit whose
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync processes making use of RT. As there's no sensible way to
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync assign these budgets automatically this cannot really be
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync fixed, and it's best to disable group scheduling hence.
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_RT_GROUP_SCHED=n
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync Note that kernel auditing is broken when used with systemd's
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync container code. When using systemd in conjunction with
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync containers, please make sure to either turn off auditing at
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync runtime using the kernel command line option "audit=0", or
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync turn it off at kernel compile time using:
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync CONFIG_AUDIT=n
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync If systemd is compiled with libseccomp support on
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync architectures which do not use socketcall() and where seccomp
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync is supported (this effectively means x86-64 and ARM, but
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync excludes 32-bit x86!), then nspawn will now install a
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync work-around seccomp filter that makes containers boot even
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync with audit being enabled. This works correctly only on kernels
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync 3.14 and newer though. TL;DR: turn audit off, still.
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync glibc >= 2.16
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync libmount >= 2.27.1 (from util-linux)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync libseccomp >= 1.0.0 (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync libblkid >= 2.24 (from util-linux) (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync libkmod >= 15 (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync PAM >= 1.1.2 (optional)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync libcryptsetup (optional)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync libaudit (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync libacl (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync libselinux (optional)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync liblzma (optional)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync liblz4 >= 119 (optional)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync libgcrypt (optional)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync libqrencode (optional)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync libmicrohttpd (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync libpython (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync libidn (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync elfutils >= 158 (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync make, gcc, and similar tools
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync During runtime, you need the following additional
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync dependencies:
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync util-linux >= v2.27.1 required
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync dbus >= 1.4.0 (strictly speaking optional, but recommended)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync dracut (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync PolicyKit (optional)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync When building from git, the following tools are needed:
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync docbook-xsl
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync python (optional)
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync python-lxml (optional, but required to build the indices)
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync The build system is initialized with ./autogen.sh. A tar ball
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync can be created with:
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync When systemd-hostnamed is used, it is strongly recommended to
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync install nss-myhostname to ensure that, in a world of
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync dynamically changing hostnames, the hostname stays resolvable
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync under all circumstances. In fact, systemd-hostnamed will warn
aae15a3015041f7ed6043344bf4939736254acf6vboxsync if nss-myhostname is not installed.
aae15a3015041f7ed6043344bf4939736254acf6vboxsyncUSERS AND GROUPS:
aae15a3015041f7ed6043344bf4939736254acf6vboxsync Default udev rules use the following standard system group
aae15a3015041f7ed6043344bf4939736254acf6vboxsync names, which need to be resolvable by getgrnam() at any time,
aae15a3015041f7ed6043344bf4939736254acf6vboxsync even in the very early boot stages, where no other databases
aae15a3015041f7ed6043344bf4939736254acf6vboxsync and network are available:
aae15a3015041f7ed6043344bf4939736254acf6vboxsync audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
aae15a3015041f7ed6043344bf4939736254acf6vboxsync During runtime, the journal daemon requires the
aae15a3015041f7ed6043344bf4939736254acf6vboxsync "systemd-journal" system group to exist. New journal files will
aae15a3015041f7ed6043344bf4939736254acf6vboxsync be readable by this group (but not writable), which may be used
aae15a3015041f7ed6043344bf4939736254acf6vboxsync to grant specific users read access. In addition, system
aae15a3015041f7ed6043344bf4939736254acf6vboxsync groups "wheel" and "adm" will be given read-only access to
aae15a3015041f7ed6043344bf4939736254acf6vboxsync journal files using systemd-tmpfiles.service.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync The journal gateway daemon requires the
aae15a3015041f7ed6043344bf4939736254acf6vboxsync "systemd-journal-gateway" system user and group to
aae15a3015041f7ed6043344bf4939736254acf6vboxsync exist. During execution this network facing service will drop
aae15a3015041f7ed6043344bf4939736254acf6vboxsync privileges and assume this uid/gid for security reasons.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync Similarly, the NTP daemon requires the "systemd-timesync" system
aae15a3015041f7ed6043344bf4939736254acf6vboxsync user and group to exist.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync Similarly, the network management daemon requires the
aae15a3015041f7ed6043344bf4939736254acf6vboxsync "systemd-network" system user and group to exist.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync Similarly, the name resolution daemon requires the
aae15a3015041f7ed6043344bf4939736254acf6vboxsync "systemd-resolve" system user and group to exist.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync Similarly, the kdbus dbus1 proxy daemon requires the
aae15a3015041f7ed6043344bf4939736254acf6vboxsync "systemd-bus-proxy" system user and group to exist.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync systemd ships with three NSS modules:
aae15a3015041f7ed6043344bf4939736254acf6vboxsync nss-myhostname resolves the local hostname to locally
aae15a3015041f7ed6043344bf4939736254acf6vboxsync configured IP addresses, as well as "localhost" to
aae15a3015041f7ed6043344bf4939736254acf6vboxsync 127.0.0.1/::1.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync nss-resolve enables DNS resolution via the systemd-resolved
aae15a3015041f7ed6043344bf4939736254acf6vboxsync DNS/LLMNR caching stub resolver "systemd-resolved".
aae15a3015041f7ed6043344bf4939736254acf6vboxsync nss-mymachines enables resolution of all local containers
aae15a3015041f7ed6043344bf4939736254acf6vboxsync registered with machined to their respective IP addresses.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync To make use of these NSS modules, please add them to the
aae15a3015041f7ed6043344bf4939736254acf6vboxsync "hosts: " line in /etc/nsswitch.conf. The "resolve" module
aae15a3015041f7ed6043344bf4939736254acf6vboxsync should replace the glibc "dns" module in this file.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync The three modules should be used in the following order:
aae15a3015041f7ed6043344bf4939736254acf6vboxsync hosts: files mymachines resolve myhostname
aae15a3015041f7ed6043344bf4939736254acf6vboxsyncSYSV INIT.D SCRIPTS:
aae15a3015041f7ed6043344bf4939736254acf6vboxsync When calling "systemctl enable/disable/is-enabled" on a unit which is a
aae15a3015041f7ed6043344bf4939736254acf6vboxsync SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
aae15a3015041f7ed6043344bf4939736254acf6vboxsync this needs to translate the action into the distribution specific
aae15a3015041f7ed6043344bf4939736254acf6vboxsync mechanism such as chkconfig or update-rc.d. Packagers need to provide
aae15a3015041f7ed6043344bf4939736254acf6vboxsync this script if you need this functionality (you don't if you disabled
aae15a3015041f7ed6043344bf4939736254acf6vboxsync SysV init support).
aae15a3015041f7ed6043344bf4939736254acf6vboxsync Please see src/systemctl/systemd-sysv-install.SKELETON for how this
aae15a3015041f7ed6043344bf4939736254acf6vboxsync needs to look like, and provide an implementation at the marked places.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync systemd will freeze execution during boot if /etc/mtab exists
aae15a3015041f7ed6043344bf4939736254acf6vboxsync but is not a symlink to /proc/mounts. Please ensure that
aae15a3015041f7ed6043344bf4939736254acf6vboxsync /etc/mtab is a proper symlink.
aae15a3015041f7ed6043344bf4939736254acf6vboxsync systemd will warn you during boot if /usr is on a different
b3f6d0c73da7aa2a12f85cf9bbf81014d1cec574vboxsync file system than /. While in systemd itself very little will
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync break if /usr is on a separate partition, many of its
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync dependencies very likely will break sooner or later in one
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync form or another. For example, udev rules tend to refer to
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync binaries in /usr, binaries that link to libraries in /usr or
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync binaries that refer to data files in /usr. Since these
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync breakages are not always directly visible, systemd will warn
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync about this, since this kind of file system setup is not really
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync supported anymore by the basic set of Linux OS components.
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync systemd requires that the /run mount point exists. systemd also
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync requires that /var/run is a symlink to /run.
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync For more information on this issue consult
b3f6d0c73da7aa2a12f85cf9bbf81014d1cec574vboxsync http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync To run systemd under valgrind, compile with VALGRIND defined
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync false positives will be triggered by code which violates
cbb0f4da6089c4359e31e8028d94850b833cab17vboxsync some rules but is actually safe.
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync Currently, systemd-timesyncd defaults to use the Google NTP
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync servers if not specified otherwise at configure time. You
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync really should not ship an OS or device with this default
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync setting. See DISTRO_PORTING for details.