README revision f4e74be1856b3ac058acbf1be321c31d5299f69f
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poetteringsystemd System and Service Manager
cff452c7e974db5053cdbd0d7bbbab2e3b4c91b9Kay Sievers http://www.freedesktop.org/wiki/Software/systemd
f957632b960a0a42999b38ded7089fa602b41745Kay SieversMAILING LIST:
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers http://lists.freedesktop.org/mailman/listinfo/systemd-devel
9a36607584bbd1d78775353e022a51794b4e27b1Lennart Poettering http://lists.freedesktop.org/mailman/listinfo/systemd-commits
a6f0104a16350a4c2660837da6e0e5c2e50e2389Zbigniew Jędrzejewski-Szmek https://github.com/systemd/systemd/issues
ea92ae33e0fbbf8a98cd2e08ca5a850d83d57faeMaciej Wereski Lennart Poettering
04ac799283f517672a5424e7c5bf066cfa4ca020Zbigniew Jędrzejewski-Szmek LGPLv2.1+ for all code
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers - except src/basic/MurmurHash2.c which is Public Domain
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering - except src/basic/siphash24.c which is CC0 Public Domain
dc7adf202b82fc0054c457ce6ca3bcedb88dde57Lennart Poettering - except src/journal/lookup3.c which is Public Domain
7b4da18c1717f811bae67ea3d39290495857c03eLennart Poettering - except src/udev/* which is (currently still) GPLv2, GPLv2+
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering Linux kernel >= 3.7
55d32caf94d8df547ca763be52b0c35bb6388606Lennart Poettering Linux kernel >= 3.8 for Smack support
55d32caf94d8df547ca763be52b0c35bb6388606Lennart Poettering Kernel Config Options:
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering CONFIG_DEVTMPFS
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering CONFIG_CGROUPS (it is OK to disable all controllers)
94bbc9915a4272a20feda86c5f97b8a587482aa1Lennart Poettering CONFIG_INOTIFY_USER
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering CONFIG_SIGNALFD
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering CONFIG_TIMERFD
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering CONFIG_PROC_FS
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering CONFIG_FHANDLE (libudev, mount and bind mount handling)
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering udev will fail to work with the legacy sysfs layout:
049b4474b35d0b854f87b0795a5113665413f6a4Lennart Poettering CONFIG_SYSFS_DEPRECATED=n
431c72dc3d482732a01d3ab929aa9b2c36422d46Lennart Poettering Legacy hotplug slows down the system and confuses udev:
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering CONFIG_UEVENT_HELPER_PATH=""
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering Userspace firmware loading is not supported and should
0aafd43d235982510d1c40564079f7bcec0c7c19Lennart Poettering be disabled in the kernel:
0aafd43d235982510d1c40564079f7bcec0c7c19Lennart Poettering CONFIG_FW_LOADER_USER_HELPER=n
0aafd43d235982510d1c40564079f7bcec0c7c19Lennart Poettering Some udev rules and virtualization detection relies on it:
0aafd43d235982510d1c40564079f7bcec0c7c19Lennart Poettering Support for some SCSI devices serial number retrieval, to
0aafd43d235982510d1c40564079f7bcec0c7c19Lennart Poettering create additional symlinks in /dev/disk/ and /dev/tape:
0aafd43d235982510d1c40564079f7bcec0c7c19Lennart Poettering CONFIG_BLK_DEV_BSG
719e4e368b8bbe4e2f2ce49ec6f864a90bd6c619Lennart Poettering Required for PrivateNetwork and PrivateDevices in service units:
d2e2c03d87618688eae262a2f2f2d299bf62a4ddDavid Strauss CONFIG_NET_NS
df5f6971e6e15b4632884916c71daa076c8bae96Lennart Poettering CONFIG_DEVPTS_MULTIPLE_INSTANCES
df5f6971e6e15b4632884916c71daa076c8bae96Lennart Poettering Note that systemd-localed.service and other systemd units use
df5f6971e6e15b4632884916c71daa076c8bae96Lennart Poettering PrivateNetwork and PrivateDevices so this is effectively required.
982e44dbc3e70c97e83464a30354b80973d52b41Lennart Poettering Optional but strongly recommended:
982e44dbc3e70c97e83464a30354b80973d52b41Lennart Poettering CONFIG_AUTOFS4_FS
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering CONFIG_TMPFS_XATTR
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering CONFIG_SECCOMP
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering Required for CPUShares= in resource control unit settings
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering CONFIG_CGROUP_SCHED
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering CONFIG_FAIR_GROUP_SCHED
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering Required for CPUQuota= in resource control unit settings
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering CONFIG_CFS_BANDWIDTH
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering For systemd-bootchart, several proc debug interfaces are required:
7b617155b50fdaad5d06359eb03e98f0c7b3087bLennart Poettering CONFIG_SCHEDSTATS
7b617155b50fdaad5d06359eb03e98f0c7b3087bLennart Poettering CONFIG_SCHED_DEBUG
4c3a31668e4f3be9a35177a35d5b9794cdff663eLennart Poettering For UEFI systems:
38563c1947e34b71bf5557f2cd22fb7806c60077Lennart Poettering CONFIG_EFIVAR_FS
38563c1947e34b71bf5557f2cd22fb7806c60077Lennart Poettering CONFIG_EFI_PARTITION
94bbc9915a4272a20feda86c5f97b8a587482aa1Lennart Poettering We recommend to turn off Real-Time group scheduling in the
07beec1244817a0e6e9d79798f7c65bd89b23549Lennart Poettering kernel when using systemd. RT group scheduling effectively
07beec1244817a0e6e9d79798f7c65bd89b23549Lennart Poettering makes RT scheduling unavailable for most userspace, since it
5a4555ba6bc8ea086823fb71cb1cb92d4ec087a2Lennart Poettering requires explicit assignment of RT budgets to each unit whose
5a4555ba6bc8ea086823fb71cb1cb92d4ec087a2Lennart Poettering processes making use of RT. As there's no sensible way to
afaba0234727db6a82e323665d7d86f971f3090cLennart Poettering assign these budgets automatically this cannot really be
afaba0234727db6a82e323665d7d86f971f3090cLennart Poettering fixed, and it's best to disable group scheduling hence.
4c4ae27d4d314d0dc1c42cd6bfc7b9ae31660885Lennart Poettering CONFIG_RT_GROUP_SCHED=n
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering Note that kernel auditing is broken when used with systemd's
408f281bc7d65c86563f46e99e07efd1a1d9e03aLennart Poettering container code. When using systemd in conjunction with
e1b7e7ec9b34ae6ae54a4c8084395cbf2bfe9960Lennart Poettering containers, please make sure to either turn off auditing at
e1b7e7ec9b34ae6ae54a4c8084395cbf2bfe9960Lennart Poettering runtime using the kernel command line option "audit=0", or
e1b7e7ec9b34ae6ae54a4c8084395cbf2bfe9960Lennart Poettering turn it off at kernel compile time using:
c3bb87dbab8b79bb9253407cb5b7f3e6fe8db395Lennart Poettering If systemd is compiled with libseccomp support on
e7256c5c137e58fb3dc1ebca8e5845733a5f733cLennart Poettering architectures which do not use socketcall() and where seccomp
e7256c5c137e58fb3dc1ebca8e5845733a5f733cLennart Poettering is supported (this effectively means x86-64 and ARM, but
042e33ae3a7feb08c8105f1345fd244315109405Lennart Poettering excludes 32-bit x86!), then nspawn will now install a
042e33ae3a7feb08c8105f1345fd244315109405Lennart Poettering work-around seccomp filter that makes containers boot even
e1b7e7ec9b34ae6ae54a4c8084395cbf2bfe9960Lennart Poettering with audit being enabled. This works correctly only on kernels
18d4e7c26e7806ac363d19989df7144d5058ce41Lennart Poettering 3.14 and newer though. TL;DR: turn audit off, still.
fa7deadb074dfbe473cf3bd942768dbd94cbf7c3Lennart Poettering libmount >= 2.20 (from util-linux)
c5757cc8dbcddb3e8b13ebba4ea4b36589bfd3dbLennart Poettering libseccomp >= 1.0.0 (optional)
69af45035913e7119cffd94c542bd3039600e45dZbigniew Jędrzejewski-Szmek libblkid >= 2.24 (from util-linux) (optional)
c5757cc8dbcddb3e8b13ebba4ea4b36589bfd3dbLennart Poettering libkmod >= 15 (optional)
c5757cc8dbcddb3e8b13ebba4ea4b36589bfd3dbLennart Poettering PAM >= 1.1.2 (optional)
c5757cc8dbcddb3e8b13ebba4ea4b36589bfd3dbLennart Poettering libcryptsetup (optional)
c5757cc8dbcddb3e8b13ebba4ea4b36589bfd3dbLennart Poettering libaudit (optional)
d907c2086716681936755f28ac80b3445c6d0196Lennart Poettering libacl (optional)
d907c2086716681936755f28ac80b3445c6d0196Lennart Poettering libselinux (optional)
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering liblzma (optional)
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering liblz4 >= 119 (optional)
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering libgcrypt (optional)
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering libqrencode (optional)
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering libmicrohttpd (optional)
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering libpython (optional)
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering libidn (optional)
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering elfutils >= 158 (optional)
fb6becb4436ae4078337011b2017ce294e7361cfLennart Poettering make, gcc, and similar tools
6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering During runtime, you need the following additional
11ddb6f48e367ae4b51c31d199b28f5be041a301Lennart Poettering util-linux >= v2.26 required
7041efe9600e569da6089c36d00fa3ff58e33178Lennart Poettering dbus >= 1.4.0 (strictly speaking optional, but recommended)
7041efe9600e569da6089c36d00fa3ff58e33178Lennart Poettering dracut (optional)
b42defe3b8ed3947d85db654a6cdb1b9999f394dLennart Poettering PolicyKit (optional)
4ad490007b70e6ac18d3cb04fa2ed92eba1451faLennart Poettering When building from git, the following tools are needed:
a016b9228f338cb9b380ce7e00826ef462767d98Lennart Poettering python (optional)
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering python-lxml (optional, but required to build the indices)
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering sphinx (optional)
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering The build system is initialized with ./autogen.sh. A tar ball
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering can be created with:
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering When systemd-hostnamed is used, it is strongly recommended to
a65f06bb27688a6738f2f94b7f055f4c66768d63Zbigniew Jędrzejewski-Szmek install nss-myhostname to ensure that, in a world of
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering dynamically changing hostnames, the hostname stays resolvable
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering under all circumstances. In fact, systemd-hostnamed will warn
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering if nss-myhostname is not installed.
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering To build HTML documentation for python-systemd using sphinx,
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering please first install systemd (using 'make install'), and then
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering invoke sphinx-build with 'make sphinx-<target>', with <target>
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering being 'html' or 'latexpdf'. If using DESTDIR for installation,
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering pass the same DESTDIR to 'make sphinx-html' invocation.
eb01ba5de14859d7a94835ab9299de40132d549aLennart PoetteringUSERS AND GROUPS:
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering Default udev rules use the following standard system group
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering names, which need to be resolvable by getgrnam() at any time,
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering even in the very early boot stages, where no other databases
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering and network are available:
e4ee6e5cc3e8e23e1ecc0d9fa756d9cc2534d218Lennart Poettering audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering During runtime, the journal daemon requires the
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering "systemd-journal" system group to exist. New journal files will
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering be readable by this group (but not writable), which may be used
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering to grant specific users read access. In addition, system
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering groups "wheel" and "adm" will be given read-only access to
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering journal files using systemd-tmpfiles.service.
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering The journal gateway daemon requires the
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering "systemd-journal-gateway" system user and group to
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering exist. During execution this network facing service will drop
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering privileges and assume this uid/gid for security reasons.
7e853a9b9a858edbc24e6c85d134478cec840173Lennart Poettering Similarly, the NTP daemon requires the "systemd-timesync" system
7e853a9b9a858edbc24e6c85d134478cec840173Lennart Poettering user and group to exist.
7e853a9b9a858edbc24e6c85d134478cec840173Lennart Poettering Similarly, the network management daemon requires the
d686f034c3b9021e07faefe172ee660abd952871Lennart Poettering "systemd-network" system user and group to exist.
d686f034c3b9021e07faefe172ee660abd952871Lennart Poettering Similarly, the name resolution daemon requires the
69af45035913e7119cffd94c542bd3039600e45dZbigniew Jędrzejewski-Szmek "systemd-resolve" system user and group to exist.
69af45035913e7119cffd94c542bd3039600e45dZbigniew Jędrzejewski-Szmek Similarly, the kdbus dbus1 proxy daemon requires the
e8a7a315391a6a07897122725cd707f4e9ce63d7Lennart Poettering "systemd-bus-proxy" system user and group to exist.
461bd8e47cafacfcd38389e7558330bfb6e902adLennart Poettering systemd ships with three NSS modules:
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering nss-myhostname resolves the local hostname to locally
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering configured IP addresses, as well as "localhost" to
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering 127.0.0.1/::1.
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering nss-resolve enables DNS resolution via the systemd-resolved
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering DNS/LLMNR caching stub resolver "systemd-resolved".
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering nss-mymachines enables resolution of all local containers
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering registered with machined to their respective IP addresses.
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering To make use of these NSS modules, please add them to the
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering "hosts: " line in /etc/nsswitch.conf. The "resolve" module
4a449ed73d2c1cfb91a1c773b70231b3457b3046Lennart Poettering should replace the glibc "dns" module in this file.
4a449ed73d2c1cfb91a1c773b70231b3457b3046Lennart Poettering The three modules should be used in the following order:
4ff49cb63075aba646b578f2516b37a8dfd5a65bLennart Poettering hosts: files mymachines resolve myhostname
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek When calling "systemctl enable/disable/is-enabled" on a unit which is a
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install;
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek this needs to translate the action into the distribution specific
b8b4d3dddc7611dce3bf28004b0375d661120c62Lennart Poettering mechanism such as chkconfig or update-rc.d. Packagers need to provide
b8b4d3dddc7611dce3bf28004b0375d661120c62Lennart Poettering this script if you need this functionality (you don't if you disabled
b8b4d3dddc7611dce3bf28004b0375d661120c62Lennart Poettering SysV init support).
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering Please see src/systemctl/systemd-sysv-install.SKELETON for how this
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering needs to look like, and provide an implementation at the marked places.
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering systemd will warn you during boot if /etc/mtab is not a
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering symlink to /proc/mounts. Please ensure that /etc/mtab is a
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering proper symlink.
eece8c6fb5f4d354dcef6fd369e876c4f3a3f163Lennart Poettering systemd will warn you during boot if /usr is on a different
eece8c6fb5f4d354dcef6fd369e876c4f3a3f163Lennart Poettering file system than /. While in systemd itself very little will
eece8c6fb5f4d354dcef6fd369e876c4f3a3f163Lennart Poettering break if /usr is on a separate partition, many of its
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering dependencies very likely will break sooner or later in one
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering form or another. For example, udev rules tend to refer to
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering binaries in /usr, binaries that link to libraries in /usr or
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering binaries that refer to data files in /usr. Since these
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett breakages are not always directly visible, systemd will warn
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett about this, since this kind of file system setup is not really
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett supported anymore by the basic set of Linux OS components.
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett systemd requires that the /run mount point exists. systemd also
09f727eebd87661f263d3c2c1e0de7b7771acd40Lennart Poettering requires that /var/run is a symlink to /run.
09f727eebd87661f263d3c2c1e0de7b7771acd40Lennart Poettering For more information on this issue consult
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering To run systemd under valgrind, compile with VALGRIND defined
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering false positives will be triggered by code which violates
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering some rules but is actually safe.
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart PoetteringENGINEERING AND CONSULTING SERVICES:
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering ENDOCODE <https://endocode.com/> offers professional
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering engineering and consulting services for systemd. Please
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering contact Chris Kühl <chris@endocode.com> for more information.