| systemd System and Service Manager |
| |
| DETAILS: |
| http://0pointer.de/blog/projects/systemd.html |
| |
| WEB SITE: |
| http://www.freedesktop.org/wiki/Software/systemd |
| |
| GIT: |
| git://anongit.freedesktop.org/systemd/systemd |
| ssh://git.freedesktop.org/git/systemd/systemd |
| |
| GITWEB: |
| http://cgit.freedesktop.org/systemd/systemd |
| |
| MAILING LIST: |
| http://lists.freedesktop.org/mailman/listinfo/systemd-devel |
| http://lists.freedesktop.org/mailman/listinfo/systemd-commits |
| |
| IRC: |
| #systemd on irc.freenode.org |
| |
| BUG REPORTS: |
| https://bugs.freedesktop.org/enter_bug.cgi?product=systemd |
| |
| AUTHOR: |
| Lennart Poettering |
| Kay Sievers |
| ...and many others |
| |
| LICENSE: |
| LGPLv2.1+ for all code |
| - except sd-readahead.[ch] which is MIT |
| - except src/shared/MurmurHash2.c which is Public Domain |
| - except src/shared/siphash24.c which is CC0 Public Domain |
| - except src/journal/lookup3.c which is Public Domain |
| - except src/udev/* which is (currently still) GPLv2, GPLv2+ |
| |
| REQUIREMENTS: |
| Linux kernel >= 3.0 |
| Linux kernel >= 3.3 for loop device partition support features with nspawn |
| Linux kernel >= 3.8 for Smack support |
| |
| Kernel Config Options: |
| CONFIG_DEVTMPFS |
| CONFIG_CGROUPS (it is OK to disable all controllers) |
| CONFIG_INOTIFY_USER |
| CONFIG_SIGNALFD |
| CONFIG_TIMERFD |
| CONFIG_EPOLL |
| CONFIG_NET |
| CONFIG_SYSFS |
| CONFIG_PROC_FS |
| CONFIG_FHANDLE (libudev, mount and bind mount handling) |
| |
| Udev will fail to work with the legacy layout: |
| CONFIG_SYSFS_DEPRECATED=n |
| |
| Legacy hotplug slows down the system and confuses udev: |
| CONFIG_UEVENT_HELPER_PATH="" |
| |
| Userspace firmware loading is deprecated, will go away, and |
| sometimes causes problems: |
| CONFIG_FW_LOADER_USER_HELPER=n |
| |
| Some udev rules and virtualization detection relies on it: |
| CONFIG_DMIID |
| |
| Support for some SCSI devices serial number retrieval, to |
| create additional symlinks in /dev/disk/ and /dev/tape: |
| CONFIG_BLK_DEV_BSG |
| |
| Required for PrivateNetwork in service units: |
| CONFIG_NET_NS |
| |
| Optional but strongly recommended: |
| CONFIG_IPV6 |
| CONFIG_AUTOFS4_FS |
| CONFIG_TMPFS_POSIX_ACL |
| CONFIG_TMPFS_XATTR |
| CONFIG_SECCOMP |
| |
| For systemd-bootchart, several proc debug interfaces are required: |
| CONFIG_SCHEDSTATS |
| CONFIG_SCHED_DEBUG |
| |
| For UEFI systems: |
| CONFIG_EFIVAR_FS |
| CONFIG_EFI_PARTITION |
| |
| Note that kernel auditing is broken when used with systemd's |
| container code. When using systemd in conjunction with |
| containers, please make sure to either turn off auditing at |
| runtime using the kernel command line option "audit=0", or |
| turn it off at kernel compile time using: |
| CONFIG_AUDIT=n |
| If systemd is compiled with libseccomp support on |
| architectures which do not use socketcall() and where seccomp |
| is supported (this effectively means x86-64 and ARM, but |
| excludes 32-bit x86!), then nspawn will now install a |
| work-around seccomp filter that makes containers boot even |
| with audit being enabled. This works correctly only on kernels |
| 3.14 and newer though. TL;DR: turn audit off, still. |
| |
| glibc >= 2.14 |
| libcap |
| libseccomp >= 1.0.0 (optional) |
| libblkid >= 2.20 (from util-linux) (optional) |
| libkmod >= 15 (optional) |
| PAM >= 1.1.2 (optional) |
| libcryptsetup (optional) |
| libaudit (optional) |
| libacl (optional) |
| libattr (optional) |
| libselinux (optional) |
| liblzma (optional) |
| libgcrypt (optional) |
| libqrencode (optional) |
| libmicrohttpd (optional) |
| libpython (optional) |
| make, gcc, and similar tools |
| |
| During runtime, you need the following additional |
| dependencies: |
| |
| util-linux >= v2.19 (requires fsck -l, agetty -s), |
| v2.21 required for tests in test/ |
| dbus >= 1.4.0 (strictly speaking optional, but recommended) |
| sulogin (from util-linux >= 2.22 or sysvinit-tools, optional but recommended, |
| required for tests in test/) |
| dracut (optional) |
| PolicyKit (optional) |
| |
| When building from git, you need the following additional |
| dependencies: |
| |
| docbook-xsl |
| xsltproc |
| automake |
| autoconf |
| libtool |
| intltool |
| gperf |
| gtkdocize (optional) |
| python (optional) |
| python-lxml (optional, but required to build the indices) |
| sphinx (optional) |
| |
| When systemd-hostnamed is used, it is strongly recommended to |
| install nss-myhostname to ensure that, in a world of |
| dynamically changing hostnames, the hostname stays resolvable |
| under all circumstances. In fact, systemd-hostnamed will warn |
| if nss-myhostname is not installed. |
| |
| To build HTML documentation for python-systemd using sphinx, |
| please first install systemd (using 'make install'), and then |
| invoke sphinx-build with 'make sphinx-<target>', with <target> |
| being 'html' or 'latexpdf'. If using DESTDIR for installation, |
| pass the same DESTDIR to 'make sphinx-html' invocation. |
| |
| USERS AND GROUPS: |
| Default udev rules use the following standard system group |
| names, which need to be resolvable by getgrnam() at any time, |
| even in the very early boot stages, where no other databases |
| and network are available: |
| |
| tty, dialout, kmem, video, audio, lp, floppy, cdrom, tape, disk |
| |
| During runtime, the journal daemon requires the |
| "systemd-journal" system group to exist. New journal files will |
| be readable by this group (but not writable), which may be used |
| to grant specific users read access. |
| |
| It is also recommended to grant read access to all journal |
| files to the system groups "wheel" and "adm" with a command |
| like the following in the post installation script of the |
| package: |
| |
| # setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ |
| |
| The journal gateway daemon requires the |
| "systemd-journal-gateway" system user and group to |
| exist. During execution this network facing service will drop |
| privileges and assume this uid/gid for security reasons. |
| |
| The NTP daemon requires the "systemd-timesync" system user and |
| group to exist. During execution this network facing service |
| will drop privileges (with the exception of CAP_SYS_TIME) and |
| assume this uid/gid for security reasons. |
| |
| WARNINGS: |
| systemd will warn you during boot if /etc/mtab is not a |
| symlink to /proc/mounts. Please ensure that /etc/mtab is a |
| proper symlink. |
| |
| systemd will warn you during boot if /usr is on a different |
| file system than /. While in systemd itself very little will |
| break if /usr is on a separate partition, many of its |
| dependencies very likely will break sooner or later in one |
| form or another. For example, udev rules tend to refer to |
| binaries in /usr, binaries that link to libraries in /usr or |
| binaries that refer to data files in /usr. Since these |
| breakages are not always directly visible, systemd will warn |
| about this, since this kind of file system setup is not really |
| supported anymore by the basic set of Linux OS components. |
| |
| systemd requires that the /run mount point exists. systemd also |
| requires that /var/run is a a symlink to /run. |
| |
| For more information on this issue consult |
| http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken |
| |
| To run systemd under valgrind, compile with VALGRIND defined |
| (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise, |
| false positives will be triggered by code which violates |
| some rules but is actually safe. |