X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=README;h=27cc9a01681829af75365e8c06272be4ffbe7dc9;hp=e08b1ddd0a74a313e9f7ba6dfd1e20b85d09c745;hb=faf2e887be42215c1999950d16d1975e70bbdfe9;hpb=ae695cb23d75f9b43f0a302285bfae6a7565d6cc diff --git a/README b/README index e08b1ddd0..27cc9a016 100644 --- a/README +++ b/README @@ -1,157 +1,276 @@ -Elogind User, Seat and Session Manager - -Introduction ------------- - -Elogind is the systemd project's "logind", extracted out to be a -standalone daemon. It integrates with PAM to know the set of users -that are logged in to a system and whether they are logged in -graphically, on the console, or remotely. Elogind exposes this -information via the standard org.freedesktop.login1 D-Bus interface, -as well as through the file system using systemd's standard -/run/systemd layout. Elogind also provides "libelogind", which is a -subset of the facilities offered by "libsystemd". There is a -"libelogind.pc" pkg-config file as well. - -All of the credit for elogind should go to the systemd developers. -For more on systemd, see -http://www.freedesktop.org/wiki/Software/systemd. All of the blame -should go to Andy Wingo, who extracted elogind from systemd. - -Contributing ------------- - -Elogind was branched from systemd version 219, and preserves the git -history of the systemd project. The version of elogind is the -upstream systemd version, followed by the patchlevel of elogind. For -example version 219.12 is the twelfth elogind release, which aims to -provide a subset of the interfaces of systemd 219. - -To contribute to elogind, fork the current source code from github: - - https://github.com/elogind/elogind - -Send a pull request for the changes you like. - -To chat about elogind: - - #guix on irc.freenode.org - -Finally, bug reports: - - https://github.com/elogind/elogind/issues - -Why bother? ------------ - -Elogind has been developed for use in GuixSD, the OS distribution of -GNU Guix. See http://gnu.org/s/guix for more on Guix. GuixSD uses a -specific init manager (DMD), for reasons that are not relevant here, -but still aims to eventually be a full-featured distribution that can -run GNOME and other desktop environments. However, to run GNOME these -days means that you need to have support for the login1 D-Bus -interface, which is currently only provided by systemd. That is the -origin of this project: to take the excellent logind functionality -from systemd and provide it as a standalone package. - -We like systemd. We realize that there are people out there that hate -it. You're welcome to use elogind for whatever purpose you like -- -as-is, or as a jumping-off point for other things -- but please don't -use it as part of some anti-systemd vendetta. Systemd hackers are -smart folks that are trying to solve interesting problems on the free -desktop, and their large adoption is largely because they solve -problems that users and developers of user-focused applications care -about. We are appreciative of their logind effort and think that -everyone deserves to run it if they like, even if they use a different -PID 1. - -Differences relative to systemd -------------------------------- - -The pkg-config file is called libelogind, not libsystemd or -libsystemd-logind. - -The headers are in , so like instead -of . - -Libelogind just implements login-related functionality. It also -provides the sd-bus API. - -Unlike systemd, whose logind arranges to manage resources for user -sessions via RPC calls to systemd, in elogind there is no systemd so -there is no global cgroup-based resource management. This has a few -implications: - - * Elogind does not create "slices" for users. Elogind will not - record that users are associated with slices. - - * The /run/systemd/slices directory will always be empty. - - * Elogind does not have the concept of a "scope", internally, as - it's the same as a session. Any API that refers to scopes will - always return an error code. - -On the other hand, elogind does use a similar strategy to systemd in -that it places processes in a private cgroup for organizational -purposes, without installing any controllers (see -http://0pointer.de/blog/projects/cgroups-vs-cgroups.html). This -allows elogind to map arbitrary processes to sessions, even if the -process does the usual double-fork to be reparented to PID 1. - -Elogind does not manage virtual terminals. - -Elogind does monitor power button and the lid switch, like systemd, -but instead of doing RPC to systemd to suspend, poweroff, or restart -the machine, elogind just does this directly. For suspend, hybernate, -and hybrid-sleep, elogind uses the same code as systemd-sleep. -Instead of using a separate sleep.conf file to configure the sleep -behavior, this is included in the [Sleep] section of -/etc/elogind/login.conf. See the example login.conf for more. For -shutdown, reboot, and kexec, elogind shells out to "halt", "reboot", -and "kexec" binaries. - -The loginctl command has the poweroff, reboot, sleep, hibernate, and -hybrid-sleep commands from systemd, as well as the --ignore-inhibitors -flag. - -The PAM module is called pam_elogind.so, not pam_systemd.so. - -License -------- - -LGPLv2.1+ for all code - - - except src/shared/MurmurHash2.c which is Public Domain - - except src/shared/siphash24.c which is CC0 Public Domain - - except src/journal/lookup3.c which is Public Domain - -Dependencies ------------- - - glibc >= 2.14 - libcap - libmount >= 2.20 (from util-linux) - libseccomp >= 1.0.0 (optional) - libblkid >= 2.24 (from util-linux) (optional) - PAM >= 1.1.2 (optional) - libacl (optional) - libselinux (optional) - make, gcc, and similar tools - -During runtime, you need the following additional dependencies: - - dbus >= 1.4.0 (strictly speaking optional, but recommended) - PolicyKit (optional) - -When building from git, you need the following additional -dependencies: - - pkg-config - docbook-xsl - xsltproc - automake - autoconf - libtool - intltool - gperf - gtkdocize (optional) +systemd System and Service Manager + +DETAILS: + http://0pointer.de/blog/projects/systemd.html + +WEB SITE: + http://www.freedesktop.org/wiki/Software/systemd + +GIT: + git@github.com:systemd/systemd.git + https://github.com/systemd/systemd.git + +GITWEB: + https://github.com/systemd/systemd + +MAILING LIST: + http://lists.freedesktop.org/mailman/listinfo/systemd-devel + http://lists.freedesktop.org/mailman/listinfo/systemd-commits + +IRC: + #systemd on irc.freenode.org + +BUG REPORTS: + https://github.com/systemd/systemd/issues + +AUTHOR: + Lennart Poettering + Kay Sievers + ...and many others + +LICENSE: + LGPLv2.1+ for all code + - except src/basic/MurmurHash2.c which is Public Domain + - except src/basic/siphash24.c which is CC0 Public Domain + - except src/journal/lookup3.c which is Public Domain + - except src/udev/* which is (currently still) GPLv2, GPLv2+ + +REQUIREMENTS: + Linux kernel >= 3.11 + Linux kernel >= 4.2 for unified cgroup hierarchy support + + Kernel Config Options: + CONFIG_DEVTMPFS + CONFIG_CGROUPS (it is OK to disable all controllers) + CONFIG_INOTIFY_USER + CONFIG_SIGNALFD + CONFIG_TIMERFD + CONFIG_EPOLL + CONFIG_NET + CONFIG_SYSFS + CONFIG_PROC_FS + CONFIG_FHANDLE (libudev, mount and bind mount handling) + + udev will fail to work with the legacy sysfs layout: + CONFIG_SYSFS_DEPRECATED=n + + Legacy hotplug slows down the system and confuses udev: + CONFIG_UEVENT_HELPER_PATH="" + + Userspace firmware loading is not supported and should + be disabled in the kernel: + CONFIG_FW_LOADER_USER_HELPER=n + + Some udev rules and virtualization detection relies on it: + CONFIG_DMIID + + Support for some SCSI devices serial number retrieval, to + create additional symlinks in /dev/disk/ and /dev/tape: + CONFIG_BLK_DEV_BSG + + Required for PrivateNetwork and PrivateDevices in service units: + CONFIG_NET_NS + CONFIG_DEVPTS_MULTIPLE_INSTANCES + Note that systemd-localed.service and other systemd units use + PrivateNetwork and PrivateDevices so this is effectively required. + + Optional but strongly recommended: + CONFIG_IPV6 + CONFIG_AUTOFS4_FS + CONFIG_TMPFS_XATTR + CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL + CONFIG_SECCOMP + CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall) + + Required for CPUShares= in resource control unit settings + CONFIG_CGROUP_SCHED + CONFIG_FAIR_GROUP_SCHED + + Required for CPUQuota= in resource control unit settings + CONFIG_CFS_BANDWIDTH + + For systemd-bootchart, several proc debug interfaces are required: + CONFIG_SCHEDSTATS + CONFIG_SCHED_DEBUG + + For UEFI systems: + CONFIG_EFIVAR_FS + CONFIG_EFI_PARTITION + + We recommend to turn off Real-Time group scheduling in the + kernel when using systemd. RT group scheduling effectively + makes RT scheduling unavailable for most userspace, since it + requires explicit assignment of RT budgets to each unit whose + processes making use of RT. As there's no sensible way to + assign these budgets automatically this cannot really be + fixed, and it's best to disable group scheduling hence. + CONFIG_RT_GROUP_SCHED=n + + Note that kernel auditing is broken when used with systemd's + container code. When using systemd in conjunction with + containers, please make sure to either turn off auditing at + runtime using the kernel command line option "audit=0", or + turn it off at kernel compile time using: + CONFIG_AUDIT=n + If systemd is compiled with libseccomp support on + architectures which do not use socketcall() and where seccomp + is supported (this effectively means x86-64 and ARM, but + excludes 32-bit x86!), then nspawn will now install a + work-around seccomp filter that makes containers boot even + with audit being enabled. This works correctly only on kernels + 3.14 and newer though. TL;DR: turn audit off, still. + + glibc >= 2.16 + libcap + libmount >= 2.20 (from util-linux) + libseccomp >= 1.0.0 (optional) + libblkid >= 2.24 (from util-linux) (optional) + libkmod >= 15 (optional) + PAM >= 1.1.2 (optional) + libcryptsetup (optional) + libaudit (optional) + libacl (optional) + libselinux (optional) + liblzma (optional) + liblz4 >= 119 (optional) + libgcrypt (optional) + libqrencode (optional) + libmicrohttpd (optional) + libpython (optional) + libidn (optional) + elfutils >= 158 (optional) + make, gcc, and similar tools + + During runtime, you need the following additional + dependencies: + + util-linux >= v2.26 required + dbus >= 1.4.0 (strictly speaking optional, but recommended) + dracut (optional) + PolicyKit (optional) + + When building from git, the following tools are needed: + + pkg-config + docbook-xsl + xsltproc + automake + autoconf + libtool + intltool + gperf + python (optional) + python-lxml (optional, but required to build the indices) + sphinx (optional) + + The build system is initialized with ./autogen.sh. A tar ball + can be created with: + git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz + + When systemd-hostnamed is used, it is strongly recommended to + install nss-myhostname to ensure that, in a world of + dynamically changing hostnames, the hostname stays resolvable + under all circumstances. In fact, systemd-hostnamed will warn + if nss-myhostname is not installed. + + To build HTML documentation for python-systemd using sphinx, + please first install systemd (using 'make install'), and then + invoke sphinx-build with 'make sphinx-', with + being 'html' or 'latexpdf'. If using DESTDIR for installation, + pass the same DESTDIR to 'make sphinx-html' invocation. + +USERS AND GROUPS: + Default udev rules use the following standard system group + names, which need to be resolvable by getgrnam() at any time, + even in the very early boot stages, where no other databases + and network are available: + + audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video + + During runtime, the journal daemon requires the + "systemd-journal" system group to exist. New journal files will + be readable by this group (but not writable), which may be used + to grant specific users read access. In addition, system + groups "wheel" and "adm" will be given read-only access to + journal files using systemd-tmpfiles.service. + + The journal gateway daemon requires the + "systemd-journal-gateway" system user and group to + exist. During execution this network facing service will drop + privileges and assume this uid/gid for security reasons. + + Similarly, the NTP daemon requires the "systemd-timesync" system + user and group to exist. + + Similarly, the network management daemon requires the + "systemd-network" system user and group to exist. + + Similarly, the name resolution daemon requires the + "systemd-resolve" system user and group to exist. + + Similarly, the kdbus dbus1 proxy daemon requires the + "systemd-bus-proxy" system user and group to exist. + +NSS: + systemd ships with three NSS modules: + + nss-myhostname resolves the local hostname to locally + configured IP addresses, as well as "localhost" to + 127.0.0.1/::1. + + nss-resolve enables DNS resolution via the systemd-resolved + DNS/LLMNR caching stub resolver "systemd-resolved". + + nss-mymachines enables resolution of all local containers + registered with machined to their respective IP addresses. + + To make use of these NSS modules, please add them to the + "hosts: " line in /etc/nsswitch.conf. The "resolve" module + should replace the glibc "dns" module in this file. + + The three modules should be used in the following order: + + hosts: files mymachines resolve myhostname + +SYSV INIT.D SCRIPTS: + When calling "systemctl enable/disable/is-enabled" on a unit which is a + SysV init.d script, it calls /usr/lib/systemd/systemd-sysv-install; + this needs to translate the action into the distribution specific + mechanism such as chkconfig or update-rc.d. Packagers need to provide + this script if you need this functionality (you don't if you disabled + SysV init support). + + Please see src/systemctl/systemd-sysv-install.SKELETON for how this + needs to look like, and provide an implementation at the marked places. + +WARNINGS: + systemd will warn you during boot if /etc/mtab is not a + symlink to /proc/mounts. Please ensure that /etc/mtab is a + proper symlink. + + systemd will warn you during boot if /usr is on a different + file system than /. While in systemd itself very little will + break if /usr is on a separate partition, many of its + dependencies very likely will break sooner or later in one + form or another. For example, udev rules tend to refer to + binaries in /usr, binaries that link to libraries in /usr or + binaries that refer to data files in /usr. Since these + breakages are not always directly visible, systemd will warn + about this, since this kind of file system setup is not really + supported anymore by the basic set of Linux OS components. + + systemd requires that the /run mount point exists. systemd also + requires that /var/run is a symlink to /run. + + For more information on this issue consult + http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken + + To run systemd under valgrind, compile with VALGRIND defined + (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise, + false positives will be triggered by code which violates + some rules but is actually safe. + + Currently, systemd-timesyncd defaults to use the Google NTP + servers if not specified otherwise at configure time. You + really should not ship an OS or device with this default + setting. See DISTRO_PORTING for details.