daemon.xml revision 12f25b6e741bc8394f63778598fc203e3f6d4ae6
0066eddda7203f6345b56f77d146a759298dc635gryzor<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
fd9abdda70912b99b24e3bf1a38f26fde908a74cnd "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
0066eddda7203f6345b56f77d146a759298dc635gryzor This file is part of systemd.
0066eddda7203f6345b56f77d146a759298dc635gryzor Copyright 2010 Lennart Poettering
96ad5d81ee4a2cc66a4ae19893efc8aa6d06fae7jailletc systemd is free software; you can redistribute it and/or modify it
0066eddda7203f6345b56f77d146a759298dc635gryzor under the terms of the GNU Lesser General Public License as published by
0066eddda7203f6345b56f77d146a759298dc635gryzor the Free Software Foundation; either version 2.1 of the License, or
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen (at your option) any later version.
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen systemd is distributed in the hope that it will be useful, but
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen WITHOUT ANY WARRANTY; without even the implied warranty of
0066eddda7203f6345b56f77d146a759298dc635gryzor MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0066eddda7203f6345b56f77d146a759298dc635gryzor Lesser General Public License for more details.
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen You should have received a copy of the GNU Lesser General Public License
3f08db06526d6901aa08c110b5bc7dde6bc39905nd along with systemd; If not, see <http://www.gnu.org/licenses/>.
0066eddda7203f6345b56f77d146a759298dc635gryzor <refentryinfo>
0066eddda7203f6345b56f77d146a759298dc635gryzor <authorgroup>
0066eddda7203f6345b56f77d146a759298dc635gryzor </authorgroup>
0066eddda7203f6345b56f77d146a759298dc635gryzor </refentryinfo>
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh <refnamediv>
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh <refpurpose>Writing and packaging system daemons</refpurpose>
0066eddda7203f6345b56f77d146a759298dc635gryzor </refnamediv>
853ab6827637acc5cdd976cd2ea20a18f82ae184lgentis <para>A daemon is a service process that runs in the
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh background and supervises the system or provides
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh functionality to other processes. Traditionally,
4aa603e6448b99f9371397d439795c91a93637eand daemons are implemented following a scheme originating
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh in SysV Unix. Modern daemons should follow a simpler
0066eddda7203f6345b56f77d146a759298dc635gryzor yet more powerful scheme (here called "new-style"
0066eddda7203f6345b56f77d146a759298dc635gryzor daemons), as implemented by
0066eddda7203f6345b56f77d146a759298dc635gryzor <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>. This
0066eddda7203f6345b56f77d146a759298dc635gryzor manual page covers both schemes, and in
0066eddda7203f6345b56f77d146a759298dc635gryzor particular includes recommendations for daemons that
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar shall be included in the systemd init system.</para>
0066eddda7203f6345b56f77d146a759298dc635gryzor <para>When a traditional SysV daemon
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar starts, it should execute the following steps
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar as part of the initialization. Note that these
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar steps are unnecessary for new-style daemons (see below),
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar and should only be implemented if compatibility
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar with SysV is essential.</para>
0066eddda7203f6345b56f77d146a759298dc635gryzor <orderedlist>
0066eddda7203f6345b56f77d146a759298dc635gryzor descriptors except STDIN, STDOUT,
0066eddda7203f6345b56f77d146a759298dc635gryzor STDERR (i.e. the first three file
0066eddda7203f6345b56f77d146a759298dc635gryzor descriptors 0, 1, 2). This ensures
0066eddda7203f6345b56f77d146a759298dc635gryzor that no accidentally passed file
0066eddda7203f6345b56f77d146a759298dc635gryzor descriptor stays around in the daemon
0066eddda7203f6345b56f77d146a759298dc635gryzor process. On Linux this is best
0066eddda7203f6345b56f77d146a759298dc635gryzor implemented by iterating through
0066eddda7203f6345b56f77d146a759298dc635gryzor with a fallback of iterating from file
0066eddda7203f6345b56f77d146a759298dc635gryzor descriptor 3 to the value returned by
0066eddda7203f6345b56f77d146a759298dc635gryzor handlers to their default. This is
0066eddda7203f6345b56f77d146a759298dc635gryzor best done by iterating through the
0066eddda7203f6345b56f77d146a759298dc635gryzor available signals up to the limit of
0066eddda7203f6345b56f77d146a759298dc635gryzor _NSIG and resetting them to
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh <function>sigprocmask()</function>.</para></listitem>
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh environment block, removing or
4aa603e6448b99f9371397d439795c91a93637eand resetting environment variables that
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh might negatively impact daemon
0066eddda7203f6345b56f77d146a759298dc635gryzor to create a background
0066eddda7203f6345b56f77d146a759298dc635gryzor detach from any terminal and create an
0066eddda7203f6345b56f77d146a759298dc635gryzor ensure the daemon can never re-acquire
0066eddda7203f6345b56f77d146a759298dc635gryzor <listitem><para>Call <function>exit()</function> in the
0066eddda7203f6345b56f77d146a759298dc635gryzor first child, so that only the second
0066eddda7203f6345b56f77d146a759298dc635gryzor child (the actual daemon process)
0066eddda7203f6345b56f77d146a759298dc635gryzor stays around. This ensures that the
0066eddda7203f6345b56f77d146a759298dc635gryzor daemon process is re-parented to
0066eddda7203f6345b56f77d146a759298dc635gryzor to STDIN, STDOUT,
0066eddda7203f6345b56f77d146a759298dc635gryzor reset the umask to 0, so that the file
764f77465841302c4fb205a035754fc8398dcf1frbowen modes passed to <function>open()</function>, <function>mkdir()</function> and
764f77465841302c4fb205a035754fc8398dcf1frbowen suchlike directly control the access
e609ac39f206eb484d7d609a6a50369b1abbe112sf mode of the created files and
e609ac39f206eb484d7d609a6a50369b1abbe112sf change the current directory to the
e609ac39f206eb484d7d609a6a50369b1abbe112sf root directory (/), in order to avoid
e609ac39f206eb484d7d609a6a50369b1abbe112sf that the daemon involuntarily
e609ac39f206eb484d7d609a6a50369b1abbe112sf blocks mount points from being
e609ac39f206eb484d7d609a6a50369b1abbe112sf write the daemon PID (as returned by
764f77465841302c4fb205a035754fc8398dcf1frbowen PID file, for example
0066eddda7203f6345b56f77d146a759298dc635gryzor (for a hypothetical daemon "foobar"),
0066eddda7203f6345b56f77d146a759298dc635gryzor to ensure that the daemon cannot be
0066eddda7203f6345b56f77d146a759298dc635gryzor started more than once. This must be
0066eddda7203f6345b56f77d146a759298dc635gryzor implemented in race-free fashion so
0066eddda7203f6345b56f77d146a759298dc635gryzor that the PID file is only updated when
0066eddda7203f6345b56f77d146a759298dc635gryzor at the same time it is verified that
0066eddda7203f6345b56f77d146a759298dc635gryzor the PID previously stored in the PID
0066eddda7203f6345b56f77d146a759298dc635gryzor file no longer exists or belongs to a
0066eddda7203f6345b56f77d146a759298dc635gryzor foreign process. Commonly some kind of
0066eddda7203f6345b56f77d146a759298dc635gryzor file locking is employed to implement
d5f93073383d85ebb0e4b77ae5bff13551a45dd9nd drop privileges, if possible and
0066eddda7203f6345b56f77d146a759298dc635gryzor process notify the original process
0066eddda7203f6345b56f77d146a759298dc635gryzor started that initialization is
d5f93073383d85ebb0e4b77ae5bff13551a45dd9nd complete. This can be implemented via
0066eddda7203f6345b56f77d146a759298dc635gryzor an unnamed pipe or similar
d5f93073383d85ebb0e4b77ae5bff13551a45dd9nd communication channel that is created
d5f93073383d85ebb0e4b77ae5bff13551a45dd9nd before the first
0066eddda7203f6345b56f77d146a759298dc635gryzor available in both the original and the
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar original process. The process that
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar invoked the daemon must be able to
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar rely on that this
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar after initialization is complete and
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar all external communication channels
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar are established and
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar </orderedlist>
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar <para>The BSD <function>daemon()</function> function should not be
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar used, as it implements only a subset of these steps.</para>
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar <para>A daemon that needs to provide
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar compatibility with SysV systems should
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar implement the scheme pointed out
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar above. However, it is recommended to make this
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar behavior optional and configurable via a
0066eddda7203f6345b56f77d146a759298dc635gryzor command line argument, to ease debugging as
0066eddda7203f6345b56f77d146a759298dc635gryzor well as to simplify integration into systems
0066eddda7203f6345b56f77d146a759298dc635gryzor using systemd.</para>
0066eddda7203f6345b56f77d146a759298dc635gryzor </refsect2>
0d0ba3a410038e179b695446bb149cce6264e0abnd <para>Modern services for Linux should be
727872d18412fc021f03969b8641810d8896820bhumbedooh implemented as new-style daemons. This makes it
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh easier to supervise and control them at
0d0ba3a410038e179b695446bb149cce6264e0abnd runtime and simplifies their
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh implementation.</para>
0d0ba3a410038e179b695446bb149cce6264e0abnd <para>For developing a new-style daemon none
0d0ba3a410038e179b695446bb149cce6264e0abnd of the initialization steps recommended for
0d0ba3a410038e179b695446bb149cce6264e0abnd SysV daemons need to be implemented. New-style
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh init systems such as systemd make all of them
0d0ba3a410038e179b695446bb149cce6264e0abnd redundant. Moreover, since some of these steps
0d0ba3a410038e179b695446bb149cce6264e0abnd interfere with process monitoring, file
0d0ba3a410038e179b695446bb149cce6264e0abnd descriptor passing and other functionality of
727872d18412fc021f03969b8641810d8896820bhumbedooh the init system it is recommended not to
0d0ba3a410038e179b695446bb149cce6264e0abnd execute them when run as new-style
0d0ba3a410038e179b695446bb149cce6264e0abnd service.</para>
205f749042ed530040a4f0080dbcb47ceae8a374rjung <para>Note that new-style init systems
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen guarantee execution of daemon processes in
0d0ba3a410038e179b695446bb149cce6264e0abnd clean process contexts: it is guaranteed that
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd the environment block is sanitized, that the
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd signal handlers and mask is reset and that no
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd left-over file descriptors are passed. Daemons
0066eddda7203f6345b56f77d146a759298dc635gryzor will be executed in their own session, and
url="http://refspecs.freestandards.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
other resources. i.e. in the case of
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
url="http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/LaunchOnDemandDaemons.html#//apple_ref/doc/uid/TP40001762-104738">Apple
url="http://refspecs.freestandards.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>. When
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>. It
service. e.g.: for a D-Bus service whose D-Bus
when activated (i.e. Plugged in) and thus
bluetooth.target from them and
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ])</programlisting>
<para>Finally, unit files should be installed in the system with an automake excerpt like the following:</para>
first. If sockets are passed (i.e. when