X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=README;h=adc5b081d26266cee5ecc8a691427bd464e7157e;hp=cecbcbf0cd548a5b4e6c936b321a63783706781a;hb=682265d5e2157882861b0091c6b81fa92699b72a;hpb=13468826f2457cae45a79649e122deadb9dc9774 diff --git a/README b/README index cecbcbf0c..adc5b081d 100644 --- a/README +++ b/README @@ -43,7 +43,7 @@ REQUIREMENTS: Kernel Config Options: CONFIG_DEVTMPFS - CONFIG_CGROUPS (it's OK to disable all controllers) + CONFIG_CGROUPS (it is OK to disable all controllers) CONFIG_INOTIFY_USER CONFIG_SIGNALFD CONFIG_TIMERFD @@ -97,7 +97,7 @@ REQUIREMENTS: If systemd is compiled with libseccomp support on architectures which do not use socketcall() and where seccomp is supported (this effectively means x86-64 and ARM, but - excludes 32bit x86!), then nspawn will now install a + excludes 32-bit x86!), then nspawn will now install a work-around seccomp filter that makes containers boot even with audit being enabled. This works correctly only on kernels 3.14 and newer though. TL;DR: turn audit off, still. @@ -183,6 +183,21 @@ USERS AND GROUPS: exist. During execution this network facing service will drop privileges and assume this uid/gid for security reasons. + The NTP daemon requires the "systemd-timesync" system user and + group to exist. During execution this network facing service + will drop privileges (with the exception of CAP_SYS_TIME) and + assume this uid/gid for security reasons. + + The network management daemon requires the "systemd-network" + system user and group to exist. During execution this network + facing service will drop privileges (with the exception of + CAP_NET_*) and assumed this uid/gid for security reasons. + + The name resolution daemon requires the "systemd-resolve" + system user and group to exist. During execution this network + facing service will drop privileges and assume this uid/gid + for security reasons. + WARNINGS: systemd will warn you during boot if /etc/mtab is not a symlink to /proc/mounts. Please ensure that /etc/mtab is a @@ -200,7 +215,7 @@ WARNINGS: supported anymore by the basic set of Linux OS components. systemd requires that the /run mount point exists. systemd also - requires that /var/run is a a symlink → /run. + requires that /var/run is a a symlink to /run. For more information on this issue consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken