REQUIREMENTS:
Linux kernel >= 3.0
+ Linux kernel >= 3.3 for loop device partition support features with nspawn
+ Linux kernel >= 3.8 for Smack support
+
+ Kernel Config Options:
CONFIG_DEVTMPFS
CONFIG_CGROUPS (it's OK to disable all controllers)
CONFIG_INOTIFY_USER
CONFIG_PROC_FS
CONFIG_FHANDLE (libudev, mount and bind mount handling)
- Linux kernel >= 3.8 for Smack support
-
Udev will fail to work with the legacy layout:
CONFIG_SYSFS_DEPRECATED=n
create additional symlinks in /dev/disk/ and /dev/tape:
CONFIG_BLK_DEV_BSG
+ Required for PrivateNetwork in service units:
+ CONFIG_NET_NS
+
Optional but strongly recommended:
CONFIG_IPV6
CONFIG_AUTOFS4_FS
CONFIG_SCHED_DEBUG
For UEFI systems:
- CONFIG_EFI_VARS
+ CONFIG_EFIVAR_FS
CONFIG_EFI_PARTITION
Note that kernel auditing is broken when used with systemd's
runtime using the kernel command line option "audit=0", or
turn it off at kernel compile time using:
CONFIG_AUDIT=n
+ If systemd is compiled with libseccomp support on
+ architectures which do not use socketcall() and where seccomp
+ is supported (this effectively means x86-64 and ARM, but
+ excludes 32bit x86!), then nspawn will now install a
+ work-around seccomp filter that makes containers boot even
+ with audit being enabled. This works correctly only on kernels
+ 3.14 and newer though. TL;DR: turn audit off, still.
glibc >= 2.14
libcap
libattr (optional)
libselinux (optional)
liblzma (optional)
- tcpwrappers (optional)
libgcrypt (optional)
libqrencode (optional)
libmicrohttpd (optional)
libpython (optional)
make, gcc, and similar tools
- To sucessfully use --compat-libs, gcc >= 4.8 seems necessary.
-
During runtime, you need the following additional
dependencies: