LICENSE:
LGPLv2.1+ for all code
- - except sd-readahead.[ch] which is MIT
- except src/shared/MurmurHash2.c which is Public Domain
- except src/shared/siphash24.c which is CC0 Public Domain
- except src/journal/lookup3.c which is Public Domain
- except src/udev/* which is (currently still) GPLv2, GPLv2+
REQUIREMENTS:
- Linux kernel >= 3.0
- Linux kernel >= 3.3 for loop device partition support features with nspawn
+ Linux kernel >= 3.7
Linux kernel >= 3.8 for Smack support
Kernel Config Options:
CONFIG_PROC_FS
CONFIG_FHANDLE (libudev, mount and bind mount handling)
- Udev will fail to work with the legacy layout:
+ udev will fail to work with the legacy sysfs layout:
CONFIG_SYSFS_DEPRECATED=n
Legacy hotplug slows down the system and confuses udev:
CONFIG_UEVENT_HELPER_PATH=""
- Userspace firmware loading is deprecated, will go away, and
- sometimes causes problems:
+ Userspace firmware loading is not supported and should
+ be disabled in the kernel:
CONFIG_FW_LOADER_USER_HELPER=n
Some udev rules and virtualization detection relies on it:
create additional symlinks in /dev/disk/ and /dev/tape:
CONFIG_BLK_DEV_BSG
- Required for PrivateNetwork in service units:
+ Required for PrivateNetwork and PrivateDevices in service units:
CONFIG_NET_NS
+ CONFIG_DEVPTS_MULTIPLE_INSTANCES
+ Note that systemd-localed.service and other systemd units use
+ PrivateNetwork and PrivateDevices so this is effectively required.
Optional but strongly recommended:
CONFIG_IPV6
CONFIG_AUTOFS4_FS
- CONFIG_TMPFS_POSIX_ACL
CONFIG_TMPFS_XATTR
+ CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
CONFIG_SECCOMP
+ Required for CPUShares in resource control unit settings
+ CONFIG_CGROUP_SCHED
+ CONFIG_FAIR_GROUP_SCHED
+
+ Required for CPUQuota in resource control unit settings
+ CONFIG_CFS_BANDWIDTH
+
For systemd-bootchart, several proc debug interfaces are required:
CONFIG_SCHEDSTATS
CONFIG_SCHED_DEBUG
glibc >= 2.14
libcap
+ libmount >= 2.20 (from util-linux)
libseccomp >= 1.0.0 (optional)
- libblkid >= 2.20 (from util-linux) (optional)
+ libblkid >= 2.24 (from util-linux) (optional)
libkmod >= 15 (optional)
PAM >= 1.1.2 (optional)
libcryptsetup (optional)
libaudit (optional)
libacl (optional)
- libattr (optional)
libselinux (optional)
liblzma (optional)
+ liblz4 >= 119 (optional)
libgcrypt (optional)
libqrencode (optional)
libmicrohttpd (optional)
libpython (optional)
+ libidn (optional)
+ gobject-introspection > 1.40.0 (optional)
+ elfutils >= 158 (optional)
make, gcc, and similar tools
During runtime, you need the following additional
dependencies:
- util-linux >= v2.19 (requires fsck -l, agetty -s),
- v2.21 required for tests in test/
+ util-linux >= v2.25 required
dbus >= 1.4.0 (strictly speaking optional, but recommended)
- sulogin (from util-linux >= 2.22 or sysvinit-tools, optional but recommended,
- required for tests in test/)
dracut (optional)
PolicyKit (optional)
When building from git, you need the following additional
dependencies:
+ pkg-config
docbook-xsl
xsltproc
automake
even in the very early boot stages, where no other databases
and network are available:
- tty, dialout, kmem, video, audio, lp, cdrom, tape, disk
+ audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video
During runtime, the journal daemon requires the
"systemd-journal" system group to exist. New journal files will
be readable by this group (but not writable), which may be used
- to grant specific users read access.
-
- It is also recommended to grant read access to all journal
- files to the system groups "wheel" and "adm" with a command
- like the following in the post installation script of the
- package:
-
- # setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
+ to grant specific users read access. In addition, system
+ groups "wheel" and "adm" will be given read-only access to
+ journal files using systemd-tmpfiles.service.
The journal gateway daemon requires the
"systemd-journal-gateway" system user and group to
exist. During execution this network facing service will drop
privileges and assume this uid/gid for security reasons.
- Similar, the NTP daemon requires the "systemd-timesync" system
+ Similarly, the NTP daemon requires the "systemd-timesync" system
user and group to exist.
- Similar, the network management daemon requires the
+ Similarly, the network management daemon requires the
"systemd-network" system user and group to exist.
- Similar, the name resolution daemon requires the
+ Similarly, the name resolution daemon requires the
"systemd-resolve" system user and group to exist.
- Similar, the kdbus dbus1 proxy daemon requires the
+ Similarly, the kdbus dbus1 proxy daemon requires the
"systemd-bus-proxy" system user and group to exist.
+NSS:
+ systemd ships with three NSS modules:
+
+ nss-myhostname resolves the local hostname to locally
+ configured IP addresses, as well as "localhost" to
+ 127.0.0.1/::1.
+
+ nss-resolve enables DNS resolution via the systemd-resolved
+ DNS/LLMNR caching stub resolver "systemd-resolved".
+
+ nss-mymachines enables resolution of all local containers
+ registered with machined to their respective IP addresses.
+
+ To make use of these NSS modules, please add them to the
+ "hosts: " line in /etc/nsswitch.conf. The "resolve" module
+ should replace the glibc "dns" module in this file.
+
+ The three modules should be used in the following order:
+
+ hosts: files mymachines resolve myhostname
+
WARNINGS:
systemd will warn you during boot if /etc/mtab is not a
symlink to /proc/mounts. Please ensure that /etc/mtab is a
(e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
false positives will be triggered by code which violates
some rules but is actually safe.
+
+ENGINEERING AND CONSULTING SERVICES:
+ ENDOCODE <https://endocode.com/> offers professional
+ engineering and consulting services for systemd. Please
+ contact Chris Kühl <chris@endocode.com> for more information.