X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=README;h=0031facf4625856a7114fb33474688826198d60c;hp=7a227e7327f0bbf12c9c99a330cbf8f1bd5a683e;hb=e55edb22a71e67f01534d28f91c6aa27bba48fc1;hpb=47bc23c18cbc87471dc832534c8565625e4a9d16 diff --git a/README b/README index 7a227e732..0031facf4 100644 --- a/README +++ b/README @@ -38,8 +38,12 @@ LICENSE: REQUIREMENTS: Linux kernel >= 3.0 + Linux kernel >= 3.3 for loop device partition support features with nspawn + Linux kernel >= 3.8 for Smack support + + Kernel Config Options: CONFIG_DEVTMPFS - CONFIG_CGROUPS (it's OK to disable all controllers) + CONFIG_CGROUPS (it is OK to disable all controllers) CONFIG_INOTIFY_USER CONFIG_SIGNALFD CONFIG_TIMERFD @@ -49,8 +53,6 @@ REQUIREMENTS: CONFIG_PROC_FS CONFIG_FHANDLE (libudev, mount and bind mount handling) - Linux kernel >= 3.8 for Smack support - Udev will fail to work with the legacy layout: CONFIG_SYSFS_DEPRECATED=n @@ -68,6 +70,9 @@ REQUIREMENTS: create additional symlinks in /dev/disk/ and /dev/tape: CONFIG_BLK_DEV_BSG + Required for PrivateNetwork in service units: + CONFIG_NET_NS + Optional but strongly recommended: CONFIG_IPV6 CONFIG_AUTOFS4_FS @@ -80,7 +85,7 @@ REQUIREMENTS: CONFIG_SCHED_DEBUG For UEFI systems: - CONFIG_EFI_VARS + CONFIG_EFIVAR_FS CONFIG_EFI_PARTITION Note that kernel auditing is broken when used with systemd's @@ -89,6 +94,13 @@ REQUIREMENTS: runtime using the kernel command line option "audit=0", or turn it off at kernel compile time using: CONFIG_AUDIT=n + If systemd is compiled with libseccomp support on + architectures which do not use socketcall() and where seccomp + is supported (this effectively means x86-64 and ARM, but + excludes 32-bit x86!), then nspawn will now install a + work-around seccomp filter that makes containers boot even + with audit being enabled. This works correctly only on kernels + 3.14 and newer though. TL;DR: turn audit off, still. glibc >= 2.14 libcap @@ -102,15 +114,12 @@ REQUIREMENTS: libattr (optional) libselinux (optional) liblzma (optional) - tcpwrappers (optional) libgcrypt (optional) libqrencode (optional) libmicrohttpd (optional) libpython (optional) make, gcc, and similar tools - To sucessfully use --compat-libs, gcc >= 4.8 seems necessary. - During runtime, you need the following additional dependencies: @@ -174,6 +183,11 @@ USERS AND GROUPS: exist. During execution this network facing service will drop privileges and assume this uid/gid for security reasons. + The NTP daemon requires the "systemd-timesync" system user and + group to exist. During execution this network facing service + will drop privileges (with the exception of CAP_SYS_TIME) and + assume this uid/gid for security reasons. + WARNINGS: systemd will warn you during boot if /etc/mtab is not a symlink to /proc/mounts. Please ensure that /etc/mtab is a @@ -191,7 +205,7 @@ WARNINGS: supported anymore by the basic set of Linux OS components. systemd requires that the /run mount point exists. systemd also - requires that /var/run is a a symlink → /run. + requires that /var/run is a a symlink to /run. For more information on this issue consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken