README revision 45096d27d338bfcca51b1f051b36f6c623719cd7
d657c51f14601d0235434ffb78cf6ac0f27cc83cLennart Poetteringsystemd System and Service Manager
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering http://0pointer.de/blog/projects/systemd.html
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering http://www.freedesktop.org/wiki/Software/systemd
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering http://lists.freedesktop.org/mailman/listinfo/systemd-devel
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering http://lists.freedesktop.org/mailman/listinfo/systemd-commits
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering https://github.com/systemd/systemd/issues
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Lennart Poettering
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering LGPLv2.1+ for all code
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering - except src/basic/MurmurHash2.c which is Public Domain
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering - except src/basic/siphash24.c which is CC0 Public Domain
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering - except src/journal/lookup3.c which is Public Domain
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering - except src/udev/* which is (currently still) GPLv2, GPLv2+
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Linux kernel >= 3.11
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Linux kernel >= 4.2 for unified cgroup hierarchy support
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Kernel Config Options:
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_DEVTMPFS
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_CGROUPS (it is OK to disable all controllers)
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_INOTIFY_USER
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_SIGNALFD
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_TIMERFD
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_PROC_FS
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_FHANDLE (libudev, mount and bind mount handling)
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering udev will fail to work with the legacy sysfs layout:
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_SYSFS_DEPRECATED=n
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Legacy hotplug slows down the system and confuses udev:
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_UEVENT_HELPER_PATH=""
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Userspace firmware loading is not supported and should
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering be disabled in the kernel:
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering CONFIG_FW_LOADER_USER_HELPER=n
c4f1b86299c4ce2a62ce845bc48f2794f5459762Lennart Poettering Some udev rules and virtualization detection relies on it:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Support for some SCSI devices serial number retrieval, to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering create additional symlinks in /dev/disk/ and /dev/tape:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_BLK_DEV_BSG
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Required for PrivateNetwork and PrivateDevices in service units:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_DEVPTS_MULTIPLE_INSTANCES
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Note that systemd-localed.service and other systemd units use
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering PrivateNetwork and PrivateDevices so this is effectively required.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Optional but strongly recommended:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_AUTOFS4_FS
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_TMPFS_XATTR
d1f9edafe7b832c507931640f32069d001916b0eLennart Poettering CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_SECCOMP
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Required for CPUShares= in resource control unit settings
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_CGROUP_SCHED
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_FAIR_GROUP_SCHED
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Required for CPUQuota= in resource control unit settings
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_CFS_BANDWIDTH
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering For systemd-bootchart, several proc debug interfaces are required:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_SCHEDSTATS
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_SCHED_DEBUG
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering For UEFI systems:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_EFIVAR_FS
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_EFI_PARTITION
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering We recommend to turn off Real-Time group scheduling in the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering kernel when using systemd. RT group scheduling effectively
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering makes RT scheduling unavailable for most userspace, since it
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering requires explicit assignment of RT budgets to each unit whose
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering processes making use of RT. As there's no sensible way to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering assign these budgets automatically this cannot really be
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering fixed, and it's best to disable group scheduling hence.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_RT_GROUP_SCHED=n
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Note that kernel auditing is broken when used with systemd's
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering container code. When using systemd in conjunction with
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering containers, please make sure to either turn off auditing at
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering runtime using the kernel command line option "audit=0", or
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering turn it off at kernel compile time using:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering CONFIG_AUDIT=n
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering If systemd is compiled with libseccomp support on
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering architectures which do not use socketcall() and where seccomp
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering is supported (this effectively means x86-64 and ARM, but
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering excludes 32-bit x86!), then nspawn will now install a
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering work-around seccomp filter that makes containers boot even
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering with audit being enabled. This works correctly only on kernels
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering 3.14 and newer though. TL;DR: turn audit off, still.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libmount >= 2.20 (from util-linux)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libseccomp >= 1.0.0 (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libblkid >= 2.24 (from util-linux) (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libkmod >= 15 (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering PAM >= 1.1.2 (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libcryptsetup (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libaudit (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libacl (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libselinux (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering liblzma (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering liblz4 >= 119 (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libgcrypt (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libqrencode (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libmicrohttpd (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libpython (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering libidn (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering elfutils >= 158 (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering make, gcc, and similar tools
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering During runtime, you need the following additional
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering util-linux >= v2.26 required
91ac74250149a29122b2291c5393dec4592430d4Kay Sievers dbus >= 1.4.0 (strictly speaking optional, but recommended)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering dracut (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering PolicyKit (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering When building from git, the following tools are needed:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering python (optional)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering python-lxml (optional, but required to build the indices)
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering The build system is initialized with ./autogen.sh. A tar ball
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering can be created with:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering When systemd-hostnamed is used, it is strongly recommended to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering install nss-myhostname to ensure that, in a world of
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering dynamically changing hostnames, the hostname stays resolvable
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering under all circumstances. In fact, systemd-hostnamed will warn
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering if nss-myhostname is not installed.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart PoetteringUSERS AND GROUPS:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Default udev rules use the following standard system group
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering names, which need to be resolvable by getgrnam() at any time,
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering even in the very early boot stages, where no other databases
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering and network are available:
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering During runtime, the journal daemon requires the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "systemd-journal" system group to exist. New journal files will
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering be readable by this group (but not writable), which may be used
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering to grant specific users read access. In addition, system
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering groups "wheel" and "adm" will be given read-only access to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering journal files using systemd-tmpfiles.service.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering The journal gateway daemon requires the
5b00c0168be6e7b11db7b26fc1712cd6cda3c2e3Lennart Poettering "systemd-journal-gateway" system user and group to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering exist. During execution this network facing service will drop
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering privileges and assume this uid/gid for security reasons.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Similarly, the NTP daemon requires the "systemd-timesync" system
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering user and group to exist.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Similarly, the network management daemon requires the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "systemd-network" system user and group to exist.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Similarly, the name resolution daemon requires the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "systemd-resolve" system user and group to exist.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering Similarly, the kdbus dbus1 proxy daemon requires the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "systemd-bus-proxy" system user and group to exist.
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering systemd ships with three NSS modules:
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering nss-myhostname resolves the local hostname to locally
2d938ac75d013f713c1225def78a53583af6a596Lennart Poettering configured IP addresses, as well as "localhost" to
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering 127.0.0.1/::1.
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers nss-resolve enables DNS resolution via the systemd-resolved
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers DNS/LLMNR caching stub resolver "systemd-resolved".
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers nss-mymachines enables resolution of all local containers
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers registered with machined to their respective IP addresses.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering To make use of these NSS modules, please add them to the
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering "hosts: " line in /etc/nsswitch.conf. The "resolve" module
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering should replace the glibc "dns" module in this file.
b5b4c94a67d90891a0225af0e08cf45dbc329377Lennart Poettering The three modules should be used in the following order:
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers hosts: files mymachines resolve myhostname
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers When calling "systemctl enable/disable/is-enabled" on a unit which is a
2d1972857b7bd19b4a74a8f80865749a8082f32aKay Sievers SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering this needs to translate the action into the distribution specific
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering mechanism such as chkconfig or update-rc.d. Packagers need to provide
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering this script if you need this functionality (you don't if you disabled
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering SysV init support).
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering Please see src/systemctl/systemd-sysv-install.SKELETON for how this
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering needs to look like, and provide an implementation at the marked places.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering systemd will freeze execution during boot if /etc/mtab exists
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering but is not a symlink to /proc/mounts. Please ensure that
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering /etc/mtab is a proper symlink.
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering systemd will warn you during boot if /usr is on a different
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering file system than /. While in systemd itself very little will
4c8cd173305697f59adcebf980ad7babe751d38cLennart Poettering break if /usr is on a separate partition, many of its
ea5943d3862cc690daa76e2ad336737407ec711cLennart Poettering dependencies very likely will break sooner or later in one
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering form or another. For example, udev rules tend to refer to
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering binaries in /usr, binaries that link to libraries in /usr or
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering binaries that refer to data files in /usr. Since these
187076d47907f7b3fcd61b2ef5eef9820915946aLennart Poettering breakages are not always directly visible, systemd will warn
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers about this, since this kind of file system setup is not really
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers supported anymore by the basic set of Linux OS components.
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers systemd requires that the /run mount point exists. systemd also
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers requires that /var/run is a symlink to /run.
07cd4fc16806783d3b6b3008db222ac6a024805cKay Sievers For more information on this issue consult
91cf7e5c37f97c6eb29966fac0afcbaa6662e05dTollef Fog Heen http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
f13b388f97bc3ba8db844bd3413d510e2466a0b6Kay Sievers To run systemd under valgrind, compile with VALGRIND defined
64661ee70d5a10c6208a1cb66ecd8b158e2d8bc5Kay Sievers (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
2d13da8821b8197e62f819b5b996750800e910abKay Sievers false positives will be triggered by code which violates
2d13da8821b8197e62f819b5b996750800e910abKay Sievers some rules but is actually safe.
2d13da8821b8197e62f819b5b996750800e910abKay Sievers Currently, systemd-timesyncd defaults to use the Google NTP
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers servers if not specified otherwise at configure time. You
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers really should not ship an OS or device with this default
194bbe33382f5365be3865ed1779147cb680f1d3Kay Sievers setting. See DISTRO_PORTING for details.