A System and Service Manager
CentOS Sources
2017-08-01 a19bc6b592308f092559d52b78d48f006437e4c6
import systemd-219-42.el7
75 files added
10 files modified
9 files renamed
14965 ■■■■■ changed files
.gitignore 2 ●●● patch | view | raw | blame | history
.systemd.metadata 2 ●●● patch | view | raw | blame | history
SOURCES/0408-If-the-notification-message-length-is-0-ignore-the-m.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/0412-pid1-process-zero-length-notification-messages-again.patch 7 ●●●● patch | view | raw | blame | history
SOURCES/0413-pid1-more-informative-error-message-for-ignored-noti.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/0414-manager-219-needs-u-id-in-log_unit_debug.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/0415-virt-add-possibility-to-skip-the-check-for-chroot.patch 2 ●●● patch | view | raw | blame | history
SOURCES/0416-load-fragment-fix-parsing-values-in-bytes-and-preven.patch 2 ●●● patch | view | raw | blame | history
SOURCES/0417-core-fix-assertion-check.patch 2 ●●● patch | view | raw | blame | history
SOURCES/0418-tmp.mount.hm4-After-swap.target-3087.patch 2 ●●● patch | view | raw | blame | history
SOURCES/0419-make-sure-all-swap-units-are-ordered-before-the-swap.patch 2 ●●● patch | view | raw | blame | history
SOURCES/0420-Recognise-Lustre-as-a-remote-file-system-4530.patch 30 ●●●●● patch | view | raw | blame | history
SOURCES/0421-unit-don-t-add-Requires-for-tmp.mount.patch 24 ●●●●● patch | view | raw | blame | history
SOURCES/0422-core-return-0-from-device_serialize.patch 32 ●●●●● patch | view | raw | blame | history
SOURCES/0423-mtd_probe-include-stdint.patch 12 ●●●●● patch | view | raw | blame | history
SOURCES/0424-tests-fix-failure-of-test-execute-if-dev-mem-is-not-.patch 41 ●●●●● patch | view | raw | blame | history
SOURCES/0425-sd-journal-properly-export-has_-persistent-runtime-_.patch 28 ●●●●● patch | view | raw | blame | history
SOURCES/0426-core-add-possibility-to-set-action-for-ctrl-alt-del-.patch 201 ●●●●● patch | view | raw | blame | history
SOURCES/0427-failure-action-generalize-failure-action-to-emergenc.patch 461 ●●●●● patch | view | raw | blame | history
SOURCES/0428-core-use-emergency_action-for-ctr-alt-del-burst.patch 157 ●●●●● patch | view | raw | blame | history
SOURCES/0429-udev-path_id-introduce-support-for-NVMe-devices-4169.patch 40 ●●●●● patch | view | raw | blame | history
SOURCES/0430-core-fix-CapabilityBoundingSet-merging.patch 40 ●●●●● patch | view | raw | blame | history
SOURCES/0431-core-fix-capability-bounding-set-parsing.patch 26 ●●●●● patch | view | raw | blame | history
SOURCES/0432-core-make-parsing-of-RLIMIT_NICE-aware-of-actual-nic.patch 163 ●●●●● patch | view | raw | blame | history
SOURCES/0433-shared-fix-double-free-in-unmask-5005.patch 42 ●●●●● patch | view | raw | blame | history
SOURCES/0434-shared-fix-double-free-in-link.patch 118 ●●●●● patch | view | raw | blame | history
SOURCES/0435-shared-check-strdup-NULL.patch 30 ●●●●● patch | view | raw | blame | history
SOURCES/0436-core-improve-error-message-when-RefuseManualStart-St.patch 39 ●●●●● patch | view | raw | blame | history
SOURCES/0437-systemctl-fix-is-enabled-exit-status-on-failure-when.patch 25 ●●●●● patch | view | raw | blame | history
SOURCES/0438-man-document-that-the-automatic-journal-limits-are-c.patch 26 ●●●●● patch | view | raw | blame | history
SOURCES/0439-random-seed-raise-POOL_SIZE_MIN-to-1024.patch 23 ●●●●● patch | view | raw | blame | history
SOURCES/0440-bash-completion-add-support-for-now-5155.patch 24 ●●●●● patch | view | raw | blame | history
SOURCES/0441-basic-fix-touch-creating-files-with-07777-mode.patch 30 ●●●●● patch | view | raw | blame | history
SOURCES/0442-udev-net_id-add-support-for-phys_port_name-attribute.patch 97 ●●●●● patch | view | raw | blame | history
SOURCES/0443-install-introduce-UnitFileFlags.patch 988 ●●●●● patch | view | raw | blame | history
SOURCES/0444-shared-systemctl-teach-is-enabled-to-show-installati.patch 363 ●●●●● patch | view | raw | blame | history
SOURCES/0445-udev-fix-crash-with-invalid-udev.log-priority.patch 32 ●●●●● patch | view | raw | blame | history
SOURCES/0446-core-make-exec-code-a-bit-more-readable.patch 73 ●●●●● patch | view | raw | blame | history
SOURCES/0447-core-Private-Protect-options-with-RootDirectory.patch 295 ●●●●● patch | view | raw | blame | history
SOURCES/0448-core-if-the-start-command-vanishes-during-runtime-do.patch 38 ●●●●● patch | view | raw | blame | history
SOURCES/0449-systemctl-make-sure-that-now-is-carried-out-5209.patch 46 ●●●●● patch | view | raw | blame | history
SOURCES/0450-udev-inform-systemd-how-many-workers-we-can-potentia.patch 47 ●●●●● patch | view | raw | blame | history
SOURCES/0451-service-log_unit-consumes-id-of-unit-not-a-unit.patch 24 ●●●●● patch | view | raw | blame | history
SOURCES/0452-automount-add-expire-support.patch 578 ●●●●● patch | view | raw | blame | history
SOURCES/0453-fstab-generator-fix-memleak.patch 45 ●●●●● patch | view | raw | blame | history
SOURCES/0454-remove-bus-proxyd.patch 5066 ●●●●● patch | view | raw | blame | history
SOURCES/0455-execute-Add-new-PassEnvironment-directive.patch 391 ●●●●● patch | view | raw | blame | history
SOURCES/0456-test-execute-Add-tests-for-new-PassEnvironment-direc.patch 130 ●●●●● patch | view | raw | blame | history
SOURCES/0457-test-execute-Clarify-interaction-of-PassEnvironment-.patch 69 ●●●●● patch | view | raw | blame | history
SOURCES/0458-load-fragment-resolve-specifiers-in-RuntimeDirectory.patch 46 ●●●●● patch | view | raw | blame | history
SOURCES/0459-Add-microphone-mute-keymap-for-Dell-Precision.patch 25 ●●●●● patch | view | raw | blame | history
SOURCES/0460-hwdb-update-micmute-YCODE-on-device-node-at-DELL-LAT.patch 26 ●●●●● patch | view | raw | blame | history
SOURCES/0461-udev-path_id-improve-and-enhance-bus-detection-for-L.patch 163 ●●●●● patch | view | raw | blame | history
SOURCES/0462-core-port-config_parse_bounding_set-to-extract_first.patch 70 ●●●●● patch | view | raw | blame | history
SOURCES/0463-core-simplify-parsing-of-capability-bounding-set-set.patch 100 ●●●●● patch | view | raw | blame | history
SOURCES/0464-test-add-test-for-capability-bounding-set-parsing.patch 88 ●●●●● patch | view | raw | blame | history
SOURCES/0465-capabilities-keep-bounding-set-in-non-inverted-forma.patch 473 ●●●●● patch | view | raw | blame | history
SOURCES/0466-capabilities-added-support-for-ambient-capabilities.patch 397 ●●●●● patch | view | raw | blame | history
SOURCES/0467-man-add-AmbientCapabilities-entry.patch 51 ●●●●● patch | view | raw | blame | history
SOURCES/0468-test-capability-rebase-to-upstream-version.patch 353 ●●●●● patch | view | raw | blame | history
SOURCES/0469-namespace-don-t-fail-on-masked-mounts.patch 54 ●●●●● patch | view | raw | blame | history
SOURCES/0470-sysv-generator-Provides-network-should-also-pull-net.patch 30 ●●●●● patch | view | raw | blame | history
SOURCES/0471-Install-correctly-report-symlink-creations.patch 45 ●●●●● patch | view | raw | blame | history
SOURCES/0472-rules-40-redhat.rules-rules-should-be-on-one-line.patch 32 ●●●●● patch | view | raw | blame | history
SOURCES/0473-tmpfiles-add-new-e-action-which-cleans-up-a-dir-with.patch 173 ●●●●● patch | view | raw | blame | history
SOURCES/0474-util-bind_remount_recursive-handle-return-0-of-set_c.patch 28 ●●●●● patch | view | raw | blame | history
SOURCES/0475-core-add-support-for-the-pids-cgroup-controller.patch 622 ●●●●● patch | view | raw | blame | history
SOURCES/0476-core-add-new-DefaultTasksMax-setting-for-system.conf.patch 201 ●●●●● patch | view | raw | blame | history
SOURCES/0477-logind-add-a-new-UserTasksMax-setting-to-logind.conf.patch 373 ●●●●● patch | view | raw | blame | history
SOURCES/0478-core-support-percentage-specifications-on-TasksMax.patch 313 ●●●●● patch | view | raw | blame | history
SOURCES/0479-core-reinstate-propagation-of-stop-restart-jobs-via-.patch 2 ●●● patch | view | raw | blame | history
SOURCES/0480-core-when-propagating-restart-requests-due-to-deps-d.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/0481-core-properly-handle-jobs-that-are-suppressed-to-JOB.patch 2 ●●● patch | view | raw | blame | history
SOURCES/0482-tests-set-tasks_max-to-infinity.patch 52 ●●●●● patch | view | raw | blame | history
SOURCES/0483-Avoid-forever-loop-for-journalctl-list-boots-command.patch 49 ●●●●● patch | view | raw | blame | history
SOURCES/0484-sd-journal-return-SD_JOURNAL_INVALIDATE-only-if-jour.patch 40 ●●●●● patch | view | raw | blame | history
SOURCES/0485-load-fragment-don-t-print-error-about-incorrect-synt.patch 29 ●●●●● patch | view | raw | blame | history
SOURCES/0486-core-manager-add-some-missing-dbus-properties.patch 36 ●●●●● patch | view | raw | blame | history
SOURCES/0487-core-manager-expose-DefaultLimit-as-properties-on-db.patch 100 ●●●●● patch | view | raw | blame | history
SOURCES/0488-fstab-generator-remove-bogus-condition.patch 30 ●●●●● patch | view | raw | blame | history
SOURCES/0489-readahead-collect-don-t-print-warning-message-when-h.patch 29 ●●●●● patch | view | raw | blame | history
SOURCES/0490-tmpfiles-don-t-recursively-descend-into-journal-dire.patch 38 ●●●●● patch | view | raw | blame | history
SOURCES/0491-tmpfiles-also-set-acls-on-var-log-journal.patch 29 ●●●●● patch | view | raw | blame | history
SOURCES/0492-tmpfiles-set-acls-on-system.journal-explicitly.patch 30 ●●●●● patch | view | raw | blame | history
SOURCES/0493-sysctl-configure-kernel-parameters-in-the-order-they.patch 126 ●●●●● patch | view | raw | blame | history
SOURCES/0494-units-drop-explicit-NotifyAccess-setting-from-journa.patch 31 ●●●●● patch | view | raw | blame | history
SOURCES/0495-systemd-notify-Always-pass-a-valid-pid-to-sd_pid_not.patch 32 ●●●●● patch | view | raw | blame | history
SOURCES/0496-sd_pid_notify_with_fds-fix-computing-msg_controllen.patch 30 ●●●●● patch | view | raw | blame | history
SOURCES/0497-rules-move-cpu-hotplug-rule-to-separate-file.patch 58 ●●●●● patch | view | raw | blame | history
SOURCES/0498-Revert-rules-move-cpu-hotplug-rule-to-separate-file.patch 49 ●●●●● patch | view | raw | blame | history
SPECS/systemd.spec 565 ●●●●● patch | view | raw | blame | history
.gitignore
@@ -1 +1 @@
SOURCES/systemd-219.tar.xz
SOURCES/systemd-219.tar.gz
.systemd.metadata
@@ -1 +1 @@
307d1c3e48b3bca1039cb66df2d7def074efe2ef SOURCES/systemd-219.tar.xz
7568c7d785970e7b5a5872ab69570dddd6a2312e SOURCES/systemd-219.tar.gz
SOURCES/0408-If-the-notification-message-length-is-0-ignore-the-m.patch
@@ -1,4 +1,4 @@
From 3ee0d3abc55571bdc13f1897688443a1538db367 Mon Sep 17 00:00:00 2001
From cd238111a7980917e04cfdc5dae144d1fb4c0a49 Mon Sep 17 00:00:00 2001
From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
Date: Wed, 28 Sep 2016 18:25:50 -0300
Subject: [PATCH] If the notification message length is 0, ignore the message
@@ -9,7 +9,7 @@
Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
Cherry-picked from: 531ac2b2349da02acc9c382849758e07eb92b020
Resolves: #1381573
Resolves: #1380175
---
 src/core/manager.c | 4 ++++
 1 file changed, 4 insertions(+)
SOURCES/0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch
@@ -1,4 +1,4 @@
From aa23eb11cab247e713a19957eaaa80f7b5454ddc Mon Sep 17 00:00:00 2001
From 6d590cc99d696e9b0bf5b6edf7582b824f5177ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 24 Sep 2016 20:58:04 -0400
Subject: [PATCH] systemctl: suppress errors with "show" for nonexistent units
@@ -20,7 +20,7 @@
--ensure-exists --property=foobar.
Cherry-picked from: bd5b9f0a12dd9c1947b11534e99c395ddf44caa9
Resolves: #1380686
Resolves: #1380259
---
 src/systemctl/systemctl.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
SOURCES/0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch
@@ -1,10 +1,10 @@
From 48e2af5667e67a7a7f58eb17aaf5349379b2484a Mon Sep 17 00:00:00 2001
From 2cd738ce220e0dd11d3b19cf593e159a7e31ddc4 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 16 Sep 2016 14:45:01 +0200
Subject: [PATCH] 40-redhat.rules: disable auto-online of hot-plugged memory on
 IBM z Systems
Resolves: #1381123
Related: #1375603
---
 rules/40-redhat.rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
SOURCES/0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
@@ -1,4 +1,4 @@
From 7b00eff77b5606ff5563e374020d554a40bca833 Mon Sep 17 00:00:00 2001
From 93c5087eed9abf8012dc5b0ccd2dd7ead1323899 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 29 Sep 2016 19:44:34 +0200
Subject: [PATCH] pid1: don't return any error in manager_dispatch_notify_fd()
@@ -10,7 +10,7 @@
For example pid1 won't be able to receive the WATCHDOG messages anymore and
will kill all services supposed to send such messages.
Cherry-picked from: 9987750e7a4c62e0eb8473603150596ba7c3a015
Resolves: #1381573
Resolves: #1380259
---
 src/core/manager.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)
SOURCES/0412-pid1-process-zero-length-notification-messages-again.patch
@@ -1,4 +1,4 @@
From 79e0852a6a3f20cba92ac18aa6ac61d24d04d3c7 Mon Sep 17 00:00:00 2001
From c7bcd6cf1967e401225c3d6057e0ee62cdc29f8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 29 Sep 2016 16:06:02 +0200
Subject: [PATCH] pid1: process zero-length notification messages again
@@ -9,8 +9,11 @@
- in principle empty notification messages are valid, and we should
  process them as usual, including logging using log_unit_debug().
Cherry-picked from: 8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4
Resolves: #1380259
Cherry-picked from: a86b767
Resolves: #1381573
Resolves: #1380259
---
 src/core/manager.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)
SOURCES/0413-pid1-more-informative-error-message-for-ignored-noti.patch
@@ -1,4 +1,4 @@
From 339ce6209591d0c6b240f6d94c1d2997405352a2 Mon Sep 17 00:00:00 2001
From f441ddae6363a10b1e8d8764bc906866f6ee6f48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 29 Sep 2016 16:07:41 +0200
Subject: [PATCH] pid1: more informative error message for ignored
@@ -11,7 +11,7 @@
    src/core/manager.c
Cherry-picked from: a86b76753d7868c2d05f046f601bc7dc89fc2203
Resolves: #1381573
Resolves: #1380259
---
 src/core/manager.c | 8 ++++++++
 1 file changed, 8 insertions(+)
SOURCES/0414-manager-219-needs-u-id-in-log_unit_debug.patch
@@ -1,10 +1,10 @@
From f5bf6f4c0d1857ce3c8a68e862e29ab7fb6684ee Mon Sep 17 00:00:00 2001
From 7dbaab7b61fb25d91178f097cf7474d855d0ae29 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Fri, 7 Oct 2016 14:05:40 +0200
Subject: [PATCH] manager: 219 needs u->id in log_unit_debug
RHEL-only
Related: #1381573
Related: #1380259
---
 src/core/manager.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
SOURCES/0415-virt-add-possibility-to-skip-the-check-for-chroot.patch
File was renamed from SOURCES/0416-virt-add-possibility-to-skip-the-check-for-chroot.patch
@@ -1,4 +1,4 @@
From c13f7b8e88f12f1a7e01e2094d7c648aaffc8c6c Mon Sep 17 00:00:00 2001
From f3750cbfd21b2e5f6f46077082f60e3a74ee4807 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 17 Oct 2016 08:09:58 +0200
Subject: [PATCH] virt: add possibility to skip the check for chroot
SOURCES/0416-load-fragment-fix-parsing-values-in-bytes-and-preven.patch
File was renamed from SOURCES/0417-load-fragment-fix-parsing-values-in-bytes-and-preven.patch
@@ -1,4 +1,4 @@
From d8edaa8a9e542a8bcd92a6a2b2ce9103dc8b9074 Mon Sep 17 00:00:00 2001
From 38d00b8a0453d38aecb725342ddd89a7c3dcb134 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 18 Nov 2016 14:00:57 +0100
Subject: [PATCH] load-fragment: fix parsing values in bytes and prevent
SOURCES/0417-core-fix-assertion-check.patch
File was renamed from SOURCES/0418-core-fix-assertion-check.patch
@@ -1,4 +1,4 @@
From 5e5f05f7f8ea6beb1f9fd7ac7586798c33e8ba6f Mon Sep 17 00:00:00 2001
From efd1250249494b7501578da7de7830659b65c98b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 16 Feb 2016 13:18:36 +0100
Subject: [PATCH] core: fix assertion check
SOURCES/0418-tmp.mount.hm4-After-swap.target-3087.patch
File was renamed from SOURCES/0419-tmp.mount.hm4-After-swap.target-3087.patch
@@ -1,4 +1,4 @@
From b52366a2098f7bcef31ef8ad912096949a2d40dd Mon Sep 17 00:00:00 2001
From 81c1781b3d148fb3853af8cc72bb403846a2b7ed Mon Sep 17 00:00:00 2001
From: frankheckenbach <fjf@gmx.de>
Date: Fri, 22 Apr 2016 14:21:30 +0200
Subject: [PATCH] tmp.mount.hm4: After swap.target (#3087)
SOURCES/0419-make-sure-all-swap-units-are-ordered-before-the-swap.patch
File was renamed from SOURCES/0420-make-sure-all-swap-units-are-ordered-before-the-swap.patch
@@ -1,4 +1,4 @@
From fb85550c9fafacbd8c07b611d6f129dc341f9e28 Mon Sep 17 00:00:00 2001
From 4fec67c88f7ddd02fecf711996f42ed4c9d24da6 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Mon, 23 Nov 2015 11:14:10 +0100
Subject: [PATCH] make sure all swap units are ordered before the swap target
SOURCES/0420-Recognise-Lustre-as-a-remote-file-system-4530.patch
New file
@@ -0,0 +1,30 @@
From f1cb9320c6aca21b17c9a120eb70a788df8ac6d5 Mon Sep 17 00:00:00 2001
From: "Brian J. Murrell" <brian@interlinx.bc.ca>
Date: Mon, 31 Oct 2016 23:48:00 -0400
Subject: [PATCH] Recognise Lustre as a remote file system (#4530)
Lustre is also a remote file system that wants the network to be up before it is mounted.
Cherry-picked from: 67ae43665e7e03becba197e98df5b3ce40269567
Resolves: #1390542
---
 src/shared/util.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/shared/util.c b/src/shared/util.c
index eab5ab8..66729f7 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -1924,7 +1924,11 @@ bool fstype_is_network(const char *fstype) {
                 "nfs4\0"
                 "gfs\0"
                 "gfs2\0"
-                "glusterfs\0";
+                "glusterfs\0"
+                "pvfs2\0" /* OrangeFS */
+                "ocfs2\0"
+                "lustre\0"
+                ;
         const char *x;
SOURCES/0421-unit-don-t-add-Requires-for-tmp.mount.patch
New file
@@ -0,0 +1,24 @@
From a0adbe08c612f1330221c1a8bcad3cb5aedcb71b Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 5 Sep 2016 12:47:09 +0200
Subject: [PATCH] unit: don't add Requires for tmp.mount
rhel-only
Resolves: #1372249
---
 src/core/unit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 0e90d13..a7d6d2f 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1155,7 +1155,7 @@ static int unit_add_mount_dependencies(Unit *u) {
                         if (r < 0)
                                 return r;
-                        if (m->fragment_path) {
+                        if (m->fragment_path && !streq(m->id, "tmp.mount")) {
                                 r = unit_add_dependency(u, UNIT_REQUIRES, m, true);
                                 if (r < 0)
                                         return r;
SOURCES/0422-core-return-0-from-device_serialize.patch
New file
@@ -0,0 +1,32 @@
From 16ea84cf76e69975336fc347226ee3f58be25bc2 Mon Sep 17 00:00:00 2001
From: Daniel Mack <daniel@zonque.org>
Date: Fri, 24 Apr 2015 16:14:48 +0200
Subject: [PATCH] core: return 0 from device_serialize()
Fixes:
  CC       src/core/libsystemd_core_la-device.lo
src/core/device.c: In function 'device_serialize':
src/core/device.c:169:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^
Cherry-picked from: 0108f6ecc85eccc0177579f575d7bc3d56d43bc6
Resolves: #1403249
---
 src/core/device.c | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/src/core/device.c b/src/core/device.c
index bdc8466..befbae8 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -168,6 +168,8 @@ static int device_serialize(Unit *u, FILE *f, FDSet *fds) {
         assert(fds);
         unit_serialize_item(u, f, "state", device_state_to_string(d->state));
+
+        return 0;
 }
 static int device_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
SOURCES/0423-mtd_probe-include-stdint.patch
File was renamed from SOURCES/0415-mtd_probe-add-include-for-stdint.patch
@@ -1,12 +1,10 @@
From 7d78e4a96b47b16330b2d28ff0cc5a51936e9fe9 Mon Sep 17 00:00:00 2001
From 5c1473ccbbcdf4f1ec3b18609adb351946ed74b5 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Fri, 7 Oct 2016 15:17:12 +0200
Subject: [PATCH] mtd_probe: add include for stdint
Date: Tue, 13 Dec 2016 14:25:38 +0100
Subject: [PATCH] mtd_probe: include stdint
The missing include is causing troubles on arm
RHEL-only
Related: #1381573
rhel-only
Resolves: #1404251
---
 src/udev/mtd_probe/mtd_probe.h | 1 +
 1 file changed, 1 insertion(+)
SOURCES/0424-tests-fix-failure-of-test-execute-if-dev-mem-is-not-.patch
New file
@@ -0,0 +1,41 @@
From 0f3a67a0e4d243952e9ae4965a30e704885f03ef Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Fri, 6 Jan 2017 10:27:35 +0100
Subject: [PATCH] tests: fix failure of test-execute if /dev/mem is not
 available (#5028)
/dev/mem isn't necessarily available. Recently, I've encountered arm64
systems that didn't provide raw memory access via /dev/mem. Instead,
let's use /dev/kmsg since we don't support systems w/o it anyway.
Cherry-picked from: 01349f5d01e0b59168722403b0c1c2325b15512c
Resolves: #1410056
---
 test/exec-privatedevices-no.service  | 2 +-
 test/exec-privatedevices-yes.service | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/exec-privatedevices-no.service b/test/exec-privatedevices-no.service
index cf4f275..af1daf7 100644
--- a/test/exec-privatedevices-no.service
+++ b/test/exec-privatedevices-no.service
@@ -2,6 +2,6 @@
 Description=Test for PrivateDev=no
 [Service]
-ExecStart=/bin/sh -c 'exit $(test -c /dev/mem)'
+ExecStart=/bin/sh -c 'exit $(test -c /dev/kmsg)'
 Type=oneshot
 PrivateDevices=no
diff --git a/test/exec-privatedevices-yes.service b/test/exec-privatedevices-yes.service
index 85b3f4f..384a7b0 100644
--- a/test/exec-privatedevices-yes.service
+++ b/test/exec-privatedevices-yes.service
@@ -2,6 +2,6 @@
 Description=Test for PrivateDev=yes
 [Service]
-ExecStart=/bin/sh -c 'exit $(test ! -c /dev/mem)'
+ExecStart=/bin/sh -c 'exit $(test ! -c /dev/kmsg)'
 Type=oneshot
 PrivateDevices=yes
SOURCES/0425-sd-journal-properly-export-has_-persistent-runtime-_.patch
New file
@@ -0,0 +1,28 @@
From 0bf93125d4833bcdb7d187543581e4a6c14de159 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 21 Dec 2016 18:04:57 +0100
Subject: [PATCH] sd-journal: properly export has_{persistent|runtime}_files()
Cherry-picked from: 9a07f779bbeacc3358d405f6cf583506aaf655ae
Resolves: #1409527
---
 src/libsystemd/libsystemd.sym.m4 | 6 ++++++
 1 file changed, 6 insertions(+)
diff --git a/src/libsystemd/libsystemd.sym.m4 b/src/libsystemd/libsystemd.sym.m4
index 76a8c92..b1c2b43 100644
--- a/src/libsystemd/libsystemd.sym.m4
+++ b/src/libsystemd/libsystemd.sym.m4
@@ -163,6 +163,12 @@ global:
         sd_pid_notify_with_fds;
 } LIBSYSTEMD_217;
+LIBSYSTEMD_229 {
+global:
+        sd_journal_has_runtime_files;
+        sd_journal_has_persistent_files;
+} LIBSYSTEMD_219;
+
 m4_ifdef(`ENABLE_KDBUS',
 LIBSYSTEMD_FUTURE {
 global:
SOURCES/0426-core-add-possibility-to-set-action-for-ctrl-alt-del-.patch
New file
@@ -0,0 +1,201 @@
From be9fad86ae9ab721cd295210962da85706b839e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Nykr=C3=BDn?= <lnykryn@redhat.com>
Date: Fri, 7 Oct 2016 03:08:21 +0200
Subject: [PATCH] core: add possibility to set action for ctrl-alt-del burst
 (#4105)
For some certification, it should not be possible to reboot the machine through ctrl-alt-delete. Currently we suggest our customers to mask the ctrl-alt-delete target, but that is obviously not enough.
Patching the keymaps to disable that is really not a way to go for them, because the settings need to be easily checked by some SCAP tools.
Cherry-picked from: 24dd31c19ede505143833346ff850af942694aa6
Resolves: #1353028
---
 man/systemd-system.conf.xml | 11 ++++++++++
 src/core/main.c             |  5 +++++
 src/core/manager.c          | 51 +++++++++++++++++++++++++++++++++------------
 src/core/manager.h          | 14 ++++++++++++-
 src/core/system.conf        |  1 +
 5 files changed, 68 insertions(+), 14 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 39d19bc..236c20d 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -102,6 +102,17 @@
       </varlistentry>
       <varlistentry>
+        <term><varname>CtrlAltDelBurstAction=</varname></term>
+
+        <listitem><para>Defines what action will be performed
+        if user presses Ctr-Alt-Delete more than 7 times in 2s.
+        Can be set to <literal>reboot-force</literal>, <literal>poweroff-force</literal>
+        or disabled with <literal>ignore</literal>. Defaults to
+        <literal>reboot-force</literal>.
+        </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><varname>CPUAffinity=</varname></term>
         <listitem><para>Configures the initial CPU affinity for the
diff --git a/src/core/main.c b/src/core/main.c
index c9d8ce4..6ac9c9d 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -115,6 +115,7 @@ static FILE* arg_serialization = NULL;
 static bool arg_default_cpu_accounting = false;
 static bool arg_default_blockio_accounting = false;
 static bool arg_default_memory_accounting = false;
+static CADBurstAction arg_cad_burst_action = CAD_BURST_ACTION_REBOOT;
 static void nop_handler(int sig) {}
@@ -625,6 +626,8 @@ static int config_parse_join_controllers(const char *unit,
         return 0;
 }
+static DEFINE_CONFIG_PARSE_ENUM(config_parse_cad_burst_action, cad_burst_action, CADBurstAction, "Failed to parse service restart specifier");
+
 static int parse_config_file(void) {
         const ConfigTableItem items[] = {
@@ -673,6 +676,7 @@ static int parse_config_file(void) {
                 { "Manager", "DefaultCPUAccounting",      config_parse_bool,             0, &arg_default_cpu_accounting            },
                 { "Manager", "DefaultBlockIOAccounting",  config_parse_bool,             0, &arg_default_blockio_accounting        },
                 { "Manager", "DefaultMemoryAccounting",   config_parse_bool,             0, &arg_default_memory_accounting         },
+                { "Manager", "CtrlAltDelBurstAction",     config_parse_cad_burst_action, 0, &arg_cad_burst_action},
                 {}
         };
@@ -1690,6 +1694,7 @@ int main(int argc, char *argv[]) {
         m->initrd_timestamp = initrd_timestamp;
         m->security_start_timestamp = security_start_timestamp;
         m->security_finish_timestamp = security_finish_timestamp;
+        m->cad_burst_action = arg_cad_burst_action;
         manager_set_default_rlimits(m, arg_default_rlimit);
         manager_environment_add(m, NULL, arg_default_environment);
diff --git a/src/core/manager.c b/src/core/manager.c
index 6d045fd..9048dde 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1859,6 +1859,35 @@ static int manager_start_target(Manager *m, const char *name, JobMode mode) {
         return r;
 }
+static void manager_handle_ctrl_alt_del(Manager *m) {
+        /* If the user presses C-A-D more than
+         * 7 times within 2s, we reboot/shutdown immediately,
+         * unless it was disabled in system.conf */
+
+        if (ratelimit_test(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == CAD_BURST_ACTION_IGNORE)
+                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
+        else {
+                switch (m->cad_burst_action) {
+
+                case CAD_BURST_ACTION_REBOOT:
+                        m->exit_code = MANAGER_REBOOT;
+                        break;
+
+                case CAD_BURST_ACTION_POWEROFF:
+                        m->exit_code = MANAGER_POWEROFF;
+                        break;
+
+                default:
+                        assert_not_reached("Unknown action.");
+                }
+
+                log_notice("Ctrl-Alt-Del was pressed more than 7 times within 2s, performing immediate %s.",
+                                cad_burst_action_to_string(m->cad_burst_action));
+                status_printf(NULL, true, false, "Ctrl-Alt-Del was pressed more than 7 times within 2s, performing immediate %s.",
+                                cad_burst_action_to_string(m->cad_burst_action));
+        }
+}
+
 static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
         Manager *m = userdata;
         ssize_t n;
@@ -1909,19 +1938,7 @@ static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t
                 case SIGINT:
                         if (m->running_as == SYSTEMD_SYSTEM) {
-
-                                /* If the user presses C-A-D more than
-                                 * 7 times within 2s, we reboot
-                                 * immediately. */
-
-                                if (ratelimit_test(&m->ctrl_alt_del_ratelimit))
-                                        manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
-                                else {
-                                        log_notice("Ctrl-Alt-Del was pressed more than 7 times within 2s, rebooting immediately.");
-                                        status_printf(NULL, true, false, "Ctrl-Alt-Del was pressed more than 7 times within 2s, rebooting immediately.");
-                                        m->exit_code = MANAGER_REBOOT;
-                                }
-
+                                manager_handle_ctrl_alt_del(m);
                                 break;
                         }
@@ -3319,3 +3336,11 @@ static const char *const manager_state_table[_MANAGER_STATE_MAX] = {
 };
 DEFINE_STRING_TABLE_LOOKUP(manager_state, ManagerState);
+
+static const char *const cad_burst_action_table[_CAD_BURST_ACTION_MAX] = {
+        [CAD_BURST_ACTION_IGNORE] = "ignore",
+        [CAD_BURST_ACTION_REBOOT] = "reboot-force",
+        [CAD_BURST_ACTION_POWEROFF] = "poweroff-force",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(cad_burst_action, CADBurstAction);
diff --git a/src/core/manager.h b/src/core/manager.h
index 3e855db..42be1fc 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -64,6 +64,14 @@ typedef enum ManagerExitCode {
         _MANAGER_EXIT_CODE_INVALID = -1
 } ManagerExitCode;
+typedef enum CADBurstAction {
+        CAD_BURST_ACTION_IGNORE,
+        CAD_BURST_ACTION_REBOOT,
+        CAD_BURST_ACTION_POWEROFF,
+        _CAD_BURST_ACTION_MAX,
+        _CAD_BURST_ACTION_INVALID = -1
+} CADBurstAction;
+
 typedef enum StatusType {
         STATUS_TYPE_EPHEMERAL,
         STATUS_TYPE_NORMAL,
@@ -300,8 +308,9 @@ struct Manager {
         /* Used for processing polkit authorization responses */
         Hashmap *polkit_registry;
-        /* When the user hits C-A-D more than 7 times per 2s, reboot immediately... */
+        /* When the user hits C-A-D more than 7 times per 2s, do something immediately... */
         RateLimit ctrl_alt_del_ratelimit;
+        CADBurstAction cad_burst_action;
 };
 int manager_new(SystemdRunningAs running_as, bool test_run, Manager **m);
@@ -372,3 +381,6 @@ ManagerState manager_state(Manager *m);
 const char *manager_state_to_string(ManagerState m) _const_;
 ManagerState manager_state_from_string(const char *s) _pure_;
+
+const char *cad_burst_action_to_string(CADBurstAction a) _const_;
+CADBurstAction cad_burst_action_from_string(const char *s) _pure_;
diff --git a/src/core/system.conf b/src/core/system.conf
index 2316090..a11f599 100644
--- a/src/core/system.conf
+++ b/src/core/system.conf
@@ -20,6 +20,7 @@
 #CrashShell=no
 #ShowStatus=yes
 #CrashChVT=1
+#CtrlAltDelBurstAction=reboot-force
 #CPUAffinity=1 2
 #JoinControllers=cpu,cpuacct net_cls,net_prio
 #RuntimeWatchdogSec=0
SOURCES/0427-failure-action-generalize-failure-action-to-emergenc.patch
New file
@@ -0,0 +1,461 @@
From 2b787d523662b91334da24f1c77a7d803e53fab9 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 3 Jan 2017 16:05:42 +0100
Subject: [PATCH] failure-action: generalize failure action to emergency action
Cherry-picked from: 87a47f99bc8e576a63581ad2593c62eb10a53814
Resolves: #1353028
---
 Makefile.am                                       |  4 +-
 src/core/dbus-service.c                           |  6 +--
 src/core/dbus-unit.c                              |  4 +-
 src/core/{failure-action.c => emergency-action.c} | 65 ++++++++++++-----------
 src/core/{failure-action.h => emergency-action.h} | 28 +++++-----
 src/core/job.c                                    |  2 +-
 src/core/load-fragment-gperf.gperf.m4             |  6 +--
 src/core/load-fragment.c                          |  4 +-
 src/core/load-fragment.h                          |  2 +-
 src/core/manager.h                                |  2 +-
 src/core/service.c                                |  4 +-
 src/core/service.h                                |  6 +--
 src/core/unit.c                                   |  4 +-
 src/core/unit.h                                   |  4 +-
 src/test/test-tables.c                            |  2 +-
 15 files changed, 72 insertions(+), 71 deletions(-)
 rename src/core/{failure-action.c => emergency-action.c} (63%)
 rename src/core/{failure-action.h => emergency-action.h} (58%)
diff --git a/Makefile.am b/Makefile.am
index 3848338..b347aed 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1182,8 +1182,8 @@ libsystemd_core_la_SOURCES = \
     src/core/audit-fd.h \
     src/core/show-status.c \
     src/core/show-status.h \
-    src/core/failure-action.c \
-    src/core/failure-action.h
+    src/core/emergency-action.c \
+    src/core/emergency-action.h
 nodist_libsystemd_core_la_SOURCES = \
     src/core/load-fragment-gperf.c \
diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c
index 6d4713b..325ed13 100644
--- a/src/core/dbus-service.c
+++ b/src/core/dbus-service.c
@@ -34,7 +34,7 @@ static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, service_type, ServiceType
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_result, service_result, ServiceResult);
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_restart, service_restart, ServiceRestart);
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_notify_access, notify_access, NotifyAccess);
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_failure_action, failure_action, FailureAction);
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_emergency_action, emergency_action, EmergencyAction);
 const sd_bus_vtable bus_service_vtable[] = {
         SD_BUS_VTABLE_START(0),
@@ -49,9 +49,9 @@ const sd_bus_vtable bus_service_vtable[] = {
         BUS_PROPERTY_DUAL_TIMESTAMP("WatchdogTimestamp", offsetof(Service, watchdog_timestamp), 0),
         SD_BUS_PROPERTY("StartLimitInterval", "t", bus_property_get_usec, offsetof(Service, start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("StartLimitBurst", "u", bus_property_get_unsigned, offsetof(Service, start_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("StartLimitAction", "s", property_get_failure_action, offsetof(Service, start_limit_action), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("StartLimitAction", "s", property_get_emergency_action, offsetof(Service, start_limit_action), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("RebootArgument", "s", NULL, offsetof(Service, reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("FailureAction", "s", property_get_failure_action, offsetof(Service, failure_action), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("FailureAction", "s", property_get_emergency_action, offsetof(Service, emergency_action), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PermissionsStartOnly", "b", bus_property_get_bool, offsetof(Service, permissions_start_only), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("RootDirectoryStartOnly", "b", bus_property_get_bool, offsetof(Service, root_directory_start_only), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("RemainAfterExit", "b", bus_property_get_bool, offsetof(Service, remain_after_exit), SD_BUS_VTABLE_PROPERTY_CONST),
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index c3654db..89b00e9 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -33,7 +33,7 @@
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_load_state, unit_load_state, UnitLoadState);
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_job_mode, job_mode, JobMode);
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_failure_action, failure_action, FailureAction);
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_emergency_action, emergency_action, EmergencyAction);
 static int property_get_names(
                 sd_bus *bus,
@@ -595,7 +595,7 @@ const sd_bus_vtable bus_unit_vtable[] = {
         SD_BUS_PROPERTY("IgnoreOnSnapshot", "b", bus_property_get_bool, offsetof(Unit, ignore_on_snapshot), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("NeedDaemonReload", "b", property_get_need_daemon_reload, 0, SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("JobTimeoutUSec", "t", bus_property_get_usec, offsetof(Unit, job_timeout), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("JobTimeoutAction", "s", property_get_failure_action, offsetof(Unit, job_timeout_action), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("JobTimeoutAction", "s", property_get_emergency_action, offsetof(Unit, job_timeout_action), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("JobTimeoutRebootArgument", "s", NULL, offsetof(Unit, job_timeout_reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("ConditionResult", "b", bus_property_get_bool, offsetof(Unit, condition_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
         SD_BUS_PROPERTY("AssertResult", "b", bus_property_get_bool, offsetof(Unit, assert_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
diff --git a/src/core/failure-action.c b/src/core/emergency-action.c
similarity index 63%
rename from src/core/failure-action.c
rename to src/core/emergency-action.c
index ce522a4..f07b125 100644
--- a/src/core/failure-action.c
+++ b/src/core/emergency-action.c
@@ -27,44 +27,45 @@
 #include "bus-util.h"
 #include "bus-error.h"
 #include "special.h"
-#include "failure-action.h"
+#include "emergency-action.h"
-static void log_and_status(Manager *m, const char *message) {
-        log_warning("%s", message);
+static void log_and_status(Manager *m, const char *message, const char *reason) {
+        log_warning("%s: %s", message, reason);
         manager_status_printf(m, STATUS_TYPE_EMERGENCY,
                               ANSI_HIGHLIGHT_RED_ON " !!  " ANSI_HIGHLIGHT_OFF,
-                              "%s", message);
+                              "%s: %s", message, reason);
 }
-int failure_action(
+int emergency_action(
                 Manager *m,
-                FailureAction action,
-                const char *reboot_arg) {
+                EmergencyAction action,
+                const char *reboot_arg,
+                const char *reason) {
         int r;
         assert(m);
         assert(action >= 0);
-        assert(action < _FAILURE_ACTION_MAX);
+        assert(action < _EMERGENCY_ACTION_MAX);
-        if (action == FAILURE_ACTION_NONE)
+        if (action == EMERGENCY_ACTION_NONE)
                 return -ECANCELED;
         if (m->running_as == SYSTEMD_USER) {
                 /* Downgrade all options to simply exiting if we run
                  * in user mode */
-                log_warning("Exiting as result of failure.");
+                log_warning("Exiting: %s", reason);
                 m->exit_code = MANAGER_EXIT;
                 return -ECANCELED;
         }
         switch (action) {
-        case FAILURE_ACTION_REBOOT: {
+        case EMERGENCY_ACTION_REBOOT: {
                 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
-                log_and_status(m, "Rebooting as result of failure.");
+                log_and_status(m, "Rebooting", reason);
                 update_reboot_param_file(reboot_arg);
                 r = manager_add_job_by_name(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE, true, &error, NULL);
@@ -74,15 +75,15 @@ int failure_action(
                 break;
         }
-        case FAILURE_ACTION_REBOOT_FORCE:
-                log_and_status(m, "Forcibly rebooting as result of failure.");
+        case EMERGENCY_ACTION_REBOOT_FORCE:
+                log_and_status(m, "Forcibly rebooting", reason);
                 update_reboot_param_file(reboot_arg);
                 m->exit_code = MANAGER_REBOOT;
                 break;
-        case FAILURE_ACTION_REBOOT_IMMEDIATE:
-                log_and_status(m, "Rebooting immediately as result of failure.");
+        case EMERGENCY_ACTION_REBOOT_IMMEDIATE:
+                log_and_status(m, "Rebooting immediately", reason);
                 sync();
@@ -95,10 +96,10 @@ int failure_action(
                 reboot(RB_AUTOBOOT);
                 break;
-        case FAILURE_ACTION_POWEROFF: {
+        case EMERGENCY_ACTION_POWEROFF: {
                 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
-                log_and_status(m, "Powering off as result of failure.");
+                log_and_status(m, "Powering off", reason);
                 r = manager_add_job_by_name(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE, true, &error, NULL);
                 if (r < 0)
@@ -107,13 +108,13 @@ int failure_action(
                 break;
         }
-        case FAILURE_ACTION_POWEROFF_FORCE:
-                log_and_status(m, "Forcibly powering off as result of failure.");
+        case EMERGENCY_ACTION_POWEROFF_FORCE:
+                log_and_status(m, "Forcibly powering off", reason);
                 m->exit_code = MANAGER_POWEROFF;
                 break;
-        case FAILURE_ACTION_POWEROFF_IMMEDIATE:
-                log_and_status(m, "Powering off immediately as result of failure.");
+        case EMERGENCY_ACTION_POWEROFF_IMMEDIATE:
+                log_and_status(m, "Powering off immediately", reason);
                 sync();
@@ -122,19 +123,19 @@ int failure_action(
                 break;
         default:
-                assert_not_reached("Unknown failure action");
+                assert_not_reached("Unknown emergency action");
         }
         return -ECANCELED;
 }
-static const char* const failure_action_table[_FAILURE_ACTION_MAX] = {
-        [FAILURE_ACTION_NONE] = "none",
-        [FAILURE_ACTION_REBOOT] = "reboot",
-        [FAILURE_ACTION_REBOOT_FORCE] = "reboot-force",
-        [FAILURE_ACTION_REBOOT_IMMEDIATE] = "reboot-immediate",
-        [FAILURE_ACTION_POWEROFF] = "poweroff",
-        [FAILURE_ACTION_POWEROFF_FORCE] = "poweroff-force",
-        [FAILURE_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate"
+static const char* const emergency_action_table[_EMERGENCY_ACTION_MAX] = {
+        [EMERGENCY_ACTION_NONE] = "none",
+        [EMERGENCY_ACTION_REBOOT] = "reboot",
+        [EMERGENCY_ACTION_REBOOT_FORCE] = "reboot-force",
+        [EMERGENCY_ACTION_REBOOT_IMMEDIATE] = "reboot-immediate",
+        [EMERGENCY_ACTION_POWEROFF] = "poweroff",
+        [EMERGENCY_ACTION_POWEROFF_FORCE] = "poweroff-force",
+        [EMERGENCY_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate"
 };
-DEFINE_STRING_TABLE_LOOKUP(failure_action, FailureAction);
+DEFINE_STRING_TABLE_LOOKUP(emergency_action, EmergencyAction);
diff --git a/src/core/failure-action.h b/src/core/emergency-action.h
similarity index 58%
rename from src/core/failure-action.h
rename to src/core/emergency-action.h
index 1af4dd9..d3ac0f3 100644
--- a/src/core/failure-action.h
+++ b/src/core/emergency-action.h
@@ -22,22 +22,22 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
-typedef enum FailureAction {
-        FAILURE_ACTION_NONE,
-        FAILURE_ACTION_REBOOT,
-        FAILURE_ACTION_REBOOT_FORCE,
-        FAILURE_ACTION_REBOOT_IMMEDIATE,
-        FAILURE_ACTION_POWEROFF,
-        FAILURE_ACTION_POWEROFF_FORCE,
-        FAILURE_ACTION_POWEROFF_IMMEDIATE,
-        _FAILURE_ACTION_MAX,
-        _FAILURE_ACTION_INVALID = -1
-} FailureAction;
+typedef enum EmergencyAction {
+        EMERGENCY_ACTION_NONE,
+        EMERGENCY_ACTION_REBOOT,
+        EMERGENCY_ACTION_REBOOT_FORCE,
+        EMERGENCY_ACTION_REBOOT_IMMEDIATE,
+        EMERGENCY_ACTION_POWEROFF,
+        EMERGENCY_ACTION_POWEROFF_FORCE,
+        EMERGENCY_ACTION_POWEROFF_IMMEDIATE,
+        _EMERGENCY_ACTION_MAX,
+        _EMERGENCY_ACTION_INVALID = -1
+} EmergencyAction;
 #include "macro.h"
 #include "manager.h"
-int failure_action(Manager *m, FailureAction action, const char *reboot_arg);
+int emergency_action(Manager *m, EmergencyAction action, const char *reboot_arg, const char *reason);
-const char* failure_action_to_string(FailureAction i) _const_;
-FailureAction failure_action_from_string(const char *s) _pure_;
+const char* emergency_action_to_string(EmergencyAction i) _const_;
+EmergencyAction emergency_action_from_string(const char *s) _pure_;
diff --git a/src/core/job.c b/src/core/job.c
index c2876de..7032864 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -916,7 +916,7 @@ static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *user
         u = j->unit;
         job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
-        failure_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg);
+        emergency_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg, "job timed out");
         return 0;
 }
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index ce1397c..45d1ead 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -156,7 +156,7 @@ Unit.OnFailureIsolate,           config_parse_job_mode_isolate,      0,
 Unit.IgnoreOnIsolate,            config_parse_bool,                  0,                             offsetof(Unit, ignore_on_isolate)
 Unit.IgnoreOnSnapshot,           config_parse_bool,                  0,                             offsetof(Unit, ignore_on_snapshot)
 Unit.JobTimeoutSec,              config_parse_sec,                   0,                             offsetof(Unit, job_timeout)
-Unit.JobTimeoutAction,           config_parse_failure_action,        0,                             offsetof(Unit, job_timeout_action)
+Unit.JobTimeoutAction,           config_parse_emergency_action,        0,                             offsetof(Unit, job_timeout_action)
 Unit.JobTimeoutRebootArgument,   config_parse_string,                0,                             offsetof(Unit, job_timeout_reboot_arg)
 Unit.ConditionPathExists,        config_parse_unit_condition_path,   CONDITION_PATH_EXISTS,         offsetof(Unit, conditions)
 Unit.ConditionPathExistsGlob,    config_parse_unit_condition_path,   CONDITION_PATH_EXISTS_GLOB,    offsetof(Unit, conditions)
@@ -211,9 +211,9 @@ Service.TimeoutStopSec,          config_parse_service_timeout,       0,
 Service.WatchdogSec,             config_parse_sec,                   0,                             offsetof(Service, watchdog_usec)
 Service.StartLimitInterval,      config_parse_sec,                   0,                             offsetof(Service, start_limit.interval)
 Service.StartLimitBurst,         config_parse_unsigned,              0,                             offsetof(Service, start_limit.burst)
-Service.StartLimitAction,        config_parse_failure_action,        0,                             offsetof(Service, start_limit_action)
+Service.StartLimitAction,        config_parse_emergency_action,      0,                             offsetof(Service, start_limit_action)
 Service.RebootArgument,          config_parse_string,                0,                             offsetof(Service, reboot_arg)
-Service.FailureAction,           config_parse_failure_action,        0,                             offsetof(Service, failure_action)
+Service.FailureAction,           config_parse_emergency_action,      0,                             offsetof(Service, emergency_action)
 Service.Type,                    config_parse_service_type,          0,                             offsetof(Service, type)
 Service.Restart,                 config_parse_service_restart,       0,                             offsetof(Service, restart)
 Service.PermissionsStartOnly,    config_parse_bool,                  0,                             offsetof(Service, permissions_start_only)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 83b6e7e..4fecb83 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -2382,7 +2382,7 @@ int config_parse_unit_condition_null(
 }
 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
-DEFINE_CONFIG_PARSE_ENUM(config_parse_failure_action, failure_action, FailureAction, "Failed to parse failure action specifier");
+DEFINE_CONFIG_PARSE_ENUM(config_parse_emergency_action, emergency_action, EmergencyAction, "Failed to parse failure action specifier");
 int config_parse_unit_requires_mounts_for(
                 const char *unit,
@@ -3931,7 +3931,7 @@ void unit_dump_config_items(FILE *f) {
                 { config_parse_unit_slice,            "SLICE" },
                 { config_parse_documentation,         "URL" },
                 { config_parse_service_timeout,       "SECONDS" },
-                { config_parse_failure_action,        "ACTION" },
+                { config_parse_emergency_action,      "ACTION" },
                 { config_parse_set_status,            "STATUS" },
                 { config_parse_service_sockets,       "SOCKETS" },
                 { config_parse_environ,               "ENVIRON" },
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index 359794d..6114796 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -78,7 +78,7 @@ int config_parse_unit_condition_string(const char *unit, const char *filename, u
 int config_parse_unit_condition_null(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_kill_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_notify_access(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_failure_action(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_emergency_action(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_unit_requires_mounts_for(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_syscall_filter(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_syscall_archs(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
diff --git a/src/core/manager.h b/src/core/manager.h
index 42be1fc..59913f4 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -85,7 +85,7 @@ typedef enum StatusType {
 #include "unit-name.h"
 #include "exit-status.h"
 #include "show-status.h"
-#include "failure-action.h"
+#include "emergency-action.h"
 struct Manager {
         /* Note that the set of units we know of is allowed to be
diff --git a/src/core/service.c b/src/core/service.c
index babd3c5..6e7baa7 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1280,7 +1280,7 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart)
         if (s->result != SERVICE_SUCCESS) {
                 log_unit_warning(UNIT(s)->id, "%s failed.", UNIT(s)->id);
-                failure_action(UNIT(s)->manager, s->failure_action, s->reboot_arg);
+                emergency_action(UNIT(s)->manager, s->emergency_action, s->reboot_arg, "service failed");
         }
         if (allow_restart &&
@@ -1821,7 +1821,7 @@ static int service_start_limit_test(Service *s) {
         log_unit_warning(UNIT(s)->id, "start request repeated too quickly for %s", UNIT(s)->id);
-        return failure_action(UNIT(s)->manager, s->start_limit_action, s->reboot_arg);
+        return emergency_action(UNIT(s)->manager, s->start_limit_action, s->reboot_arg, "service failed");
 }
 static int service_start(Unit *u) {
diff --git a/src/core/service.h b/src/core/service.h
index dfeee6a..1f937df 100644
--- a/src/core/service.h
+++ b/src/core/service.h
@@ -29,7 +29,7 @@ typedef struct ServiceFDStore ServiceFDStore;
 #include "ratelimit.h"
 #include "kill.h"
 #include "exit-status.h"
-#include "failure-action.h"
+#include "emergency-action.h"
 typedef enum ServiceState {
         SERVICE_DEAD,
@@ -197,8 +197,8 @@ struct Service {
         int status_errno;
         RateLimit start_limit;
-        FailureAction start_limit_action;
-        FailureAction failure_action;
+        EmergencyAction start_limit_action;
+        EmergencyAction emergency_action;
         char *reboot_arg;
         UnitRef accept_socket;
diff --git a/src/core/unit.c b/src/core/unit.c
index a7d6d2f..4eb0d78 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -937,8 +937,8 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
         if (u->job_timeout > 0)
                 fprintf(f, "%s\tJob Timeout: %s\n", prefix, format_timespan(timespan, sizeof(timespan), u->job_timeout, 0));
-        if (u->job_timeout_action != FAILURE_ACTION_NONE)
-                fprintf(f, "%s\tJob Timeout Action: %s\n", prefix, failure_action_to_string(u->job_timeout_action));
+        if (u->job_timeout_action != EMERGENCY_ACTION_NONE)
+                fprintf(f, "%s\tJob Timeout Action: %s\n", prefix, emergency_action_to_string(u->job_timeout_action));
         if (u->job_timeout_reboot_arg)
                 fprintf(f, "%s\tJob Timeout Reboot Argument: %s\n", prefix, u->job_timeout_reboot_arg);
diff --git a/src/core/unit.h b/src/core/unit.h
index 35287a5..85f52df 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -41,7 +41,7 @@ typedef struct UnitStatusMessageFormats UnitStatusMessageFormats;
 #include "condition.h"
 #include "install.h"
 #include "unit-name.h"
-#include "failure-action.h"
+#include "emergency-action.h"
 enum UnitActiveState {
         UNIT_ACTIVE,
@@ -121,7 +121,7 @@ struct Unit {
         /* Job timeout and action to take */
         usec_t job_timeout;
-        FailureAction job_timeout_action;
+        EmergencyAction job_timeout_action;
         char *job_timeout_reboot_arg;
         /* References to this */
diff --git a/src/test/test-tables.c b/src/test/test-tables.c
index bda224b..e409790 100644
--- a/src/test/test-tables.c
+++ b/src/test/test-tables.c
@@ -67,7 +67,7 @@ int main(int argc, char **argv) {
         test_table(device_state, DEVICE_STATE);
         test_table(exec_input, EXEC_INPUT);
         test_table(exec_output, EXEC_OUTPUT);
-        test_table(failure_action, FAILURE_ACTION);
+        test_table(emergency_action, EMERGENCY_ACTION);
         test_table(job_mode, JOB_MODE);
         test_table(job_result, JOB_RESULT);
         test_table(job_state, JOB_STATE);
SOURCES/0428-core-use-emergency_action-for-ctr-alt-del-burst.patch
New file
@@ -0,0 +1,157 @@
From 2170d1e510a9c30e71bc642b54d8b71fb01b47bc Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 18 Oct 2016 12:16:32 +0200
Subject: [PATCH] core: use emergency_action for ctr+alt+del burst
Fixes #4306
Cherry-picked from: ae8c7939df962cbf660b2b9517fe46be272f58b9
Resolves: #1353028
---
 man/systemd-system.conf.xml |  7 ++++---
 src/core/main.c             |  7 +++----
 src/core/manager.c          | 33 ++++-----------------------------
 src/core/manager.h          | 13 +------------
 4 files changed, 12 insertions(+), 48 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 236c20d..57b3b90 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -105,9 +105,10 @@
         <term><varname>CtrlAltDelBurstAction=</varname></term>
         <listitem><para>Defines what action will be performed
-        if user presses Ctr-Alt-Delete more than 7 times in 2s.
-        Can be set to <literal>reboot-force</literal>, <literal>poweroff-force</literal>
-        or disabled with <literal>ignore</literal>. Defaults to
+        if user presses Ctrl-Alt-Delete more than 7 times in 2s.
+        Can be set to <literal>reboot-force</literal>, <literal>poweroff-force</literal>,
+        <literal>reboot-immediate</literal>, <literal>poweroff-immediate</literal>
+        or disabled with <literal>none</literal>. Defaults to
         <literal>reboot-force</literal>.
         </para></listitem>
       </varlistentry>
diff --git a/src/core/main.c b/src/core/main.c
index 6ac9c9d..6f83676 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -77,6 +77,7 @@
 #include "ima-setup.h"
 #include "smack-setup.h"
 #include "kmod-setup.h"
+#include "emergency-action.h"
 static enum {
         ACTION_RUN,
@@ -115,7 +116,7 @@ static FILE* arg_serialization = NULL;
 static bool arg_default_cpu_accounting = false;
 static bool arg_default_blockio_accounting = false;
 static bool arg_default_memory_accounting = false;
-static CADBurstAction arg_cad_burst_action = CAD_BURST_ACTION_REBOOT;
+static EmergencyAction arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
 static void nop_handler(int sig) {}
@@ -626,8 +627,6 @@ static int config_parse_join_controllers(const char *unit,
         return 0;
 }
-static DEFINE_CONFIG_PARSE_ENUM(config_parse_cad_burst_action, cad_burst_action, CADBurstAction, "Failed to parse service restart specifier");
-
 static int parse_config_file(void) {
         const ConfigTableItem items[] = {
@@ -676,7 +675,7 @@ static int parse_config_file(void) {
                 { "Manager", "DefaultCPUAccounting",      config_parse_bool,             0, &arg_default_cpu_accounting            },
                 { "Manager", "DefaultBlockIOAccounting",  config_parse_bool,             0, &arg_default_blockio_accounting        },
                 { "Manager", "DefaultMemoryAccounting",   config_parse_bool,             0, &arg_default_memory_accounting         },
-                { "Manager", "CtrlAltDelBurstAction",     config_parse_cad_burst_action, 0, &arg_cad_burst_action},
+                { "Manager", "CtrlAltDelBurstAction",     config_parse_emergency_action, 0, &arg_cad_burst_action                  },
                 {}
         };
diff --git a/src/core/manager.c b/src/core/manager.c
index 9048dde..8bd80e6 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1864,28 +1864,11 @@ static void manager_handle_ctrl_alt_del(Manager *m) {
          * 7 times within 2s, we reboot/shutdown immediately,
          * unless it was disabled in system.conf */
-        if (ratelimit_test(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == CAD_BURST_ACTION_IGNORE)
+        if (ratelimit_test(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
                 manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
-        else {
-                switch (m->cad_burst_action) {
-
-                case CAD_BURST_ACTION_REBOOT:
-                        m->exit_code = MANAGER_REBOOT;
-                        break;
-
-                case CAD_BURST_ACTION_POWEROFF:
-                        m->exit_code = MANAGER_POWEROFF;
-                        break;
-
-                default:
-                        assert_not_reached("Unknown action.");
-                }
-
-                log_notice("Ctrl-Alt-Del was pressed more than 7 times within 2s, performing immediate %s.",
-                                cad_burst_action_to_string(m->cad_burst_action));
-                status_printf(NULL, true, false, "Ctrl-Alt-Del was pressed more than 7 times within 2s, performing immediate %s.",
-                                cad_burst_action_to_string(m->cad_burst_action));
-        }
+        else
+                emergency_action(m, m->cad_burst_action, NULL,
+                                "Ctrl-Alt-Del was pressed more than 7 times within 2s");
 }
 static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
@@ -3336,11 +3319,3 @@ static const char *const manager_state_table[_MANAGER_STATE_MAX] = {
 };
 DEFINE_STRING_TABLE_LOOKUP(manager_state, ManagerState);
-
-static const char *const cad_burst_action_table[_CAD_BURST_ACTION_MAX] = {
-        [CAD_BURST_ACTION_IGNORE] = "ignore",
-        [CAD_BURST_ACTION_REBOOT] = "reboot-force",
-        [CAD_BURST_ACTION_POWEROFF] = "poweroff-force",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(cad_burst_action, CADBurstAction);
diff --git a/src/core/manager.h b/src/core/manager.h
index 59913f4..231c076 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -64,14 +64,6 @@ typedef enum ManagerExitCode {
         _MANAGER_EXIT_CODE_INVALID = -1
 } ManagerExitCode;
-typedef enum CADBurstAction {
-        CAD_BURST_ACTION_IGNORE,
-        CAD_BURST_ACTION_REBOOT,
-        CAD_BURST_ACTION_POWEROFF,
-        _CAD_BURST_ACTION_MAX,
-        _CAD_BURST_ACTION_INVALID = -1
-} CADBurstAction;
-
 typedef enum StatusType {
         STATUS_TYPE_EPHEMERAL,
         STATUS_TYPE_NORMAL,
@@ -310,7 +302,7 @@ struct Manager {
         /* When the user hits C-A-D more than 7 times per 2s, do something immediately... */
         RateLimit ctrl_alt_del_ratelimit;
-        CADBurstAction cad_burst_action;
+        EmergencyAction cad_burst_action;
 };
 int manager_new(SystemdRunningAs running_as, bool test_run, Manager **m);
@@ -381,6 +373,3 @@ ManagerState manager_state(Manager *m);
 const char *manager_state_to_string(ManagerState m) _const_;
 ManagerState manager_state_from_string(const char *s) _pure_;
-
-const char *cad_burst_action_to_string(CADBurstAction a) _const_;
-CADBurstAction cad_burst_action_from_string(const char *s) _pure_;
SOURCES/0429-udev-path_id-introduce-support-for-NVMe-devices-4169.patch
New file
@@ -0,0 +1,40 @@
From ee5aadde983315e72a82241dee95c0e041af15f4 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 6 Jan 2017 17:30:53 +0100
Subject: [PATCH] udev/path_id: introduce support for NVMe devices (#4169)
This appends the nvme name and namespace identifier attribute the the
PCI path for by-path links. Symlinks like the following are now present:
lrwxrwxrwx. 1 root root 13 Sep 16 12:12 pci-0000:01:00.0-nvme-1 -> ../../nvme0n1
lrwxrwxrwx. 1 root root 15 Sep 16 12:12 pci-0000:01:00.0-nvme-1-part1 -> ../../nvme0n1p1
Cc: Michal Sekletar <sekletar.m@gmail.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Cherry-picked from: b4c6f71b827d41a4af8007b735edf21ef7609f99
Resolves: #1373150
---
 src/udev/udev-builtin-path_id.c | 9 +++++++++
 1 file changed, 9 insertions(+)
diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c
index a3b019b..88a812f 100644
--- a/src/udev/udev-builtin-path_id.c
+++ b/src/udev/udev-builtin-path_id.c
@@ -709,6 +709,15 @@ restart:
                         parent = skip_subsystem(parent, "scm");
                         supported_transport = true;
                         supported_parent = true;
+                } else if (streq(subsys, "nvme")) {
+                        const char *nsid = udev_device_get_sysattr_value(dev, "nsid");
+
+                        if (nsid) {
+                                path_prepend(&path, "nvme-%s", nsid);
+                                parent = skip_subsystem(parent, "nvme");
+                                supported_parent = true;
+                                supported_transport = true;
+                        }
                 }
                 parent = udev_device_get_parent(parent);
SOURCES/0430-core-fix-CapabilityBoundingSet-merging.patch
New file
@@ -0,0 +1,40 @@
From 5c7d92d36bd1b608ccba0adc3fdc5446e6575623 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 27 Oct 2015 14:40:28 +0300
Subject: [PATCH] core: fix CapabilityBoundingSet merging
Fixes: #1221
Cherry-picked from: b9d345b
Resolves: #1409586
---
 src/core/load-fragment.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 4fecb83..90d42b0 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1027,6 +1027,7 @@ int config_parse_bounding_set(const char *unit,
                               void *userdata) {
         uint64_t *capability_bounding_set_drop = data;
+        uint64_t capability_bounding_set;
         const char *word, *state;
         size_t l;
         bool invert = false;
@@ -1067,10 +1068,11 @@ int config_parse_bounding_set(const char *unit,
                 log_syntax(unit, LOG_ERR, filename, line, EINVAL,
                            "Trailing garbage, ignoring.");
-        if (invert)
-                *capability_bounding_set_drop |= sum;
+        capability_bounding_set = invert ? ~sum : sum;
+        if (*capability_bounding_set_drop)
+                *capability_bounding_set_drop = ~(~*capability_bounding_set_drop | capability_bounding_set);
         else
-                *capability_bounding_set_drop |= ~sum;
+                *capability_bounding_set_drop = ~capability_bounding_set;
         return 0;
 }
SOURCES/0431-core-fix-capability-bounding-set-parsing.patch
New file
@@ -0,0 +1,26 @@
From 13b70c13553c94c444f149bd086bd3e8d9cc39b6 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 29 Oct 2015 14:13:04 +0300
Subject: [PATCH] core: fix capability bounding set parsing
bug: CapabilityBoundingSet= doesn't reset all caps
Cherry-picked from: 661b37b
Resolves: #1409586
---
 src/core/load-fragment.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 90d42b0..7056419 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1069,7 +1069,7 @@ int config_parse_bounding_set(const char *unit,
                            "Trailing garbage, ignoring.");
         capability_bounding_set = invert ? ~sum : sum;
-        if (*capability_bounding_set_drop)
+        if (*capability_bounding_set_drop && capability_bounding_set)
                 *capability_bounding_set_drop = ~(~*capability_bounding_set_drop | capability_bounding_set);
         else
                 *capability_bounding_set_drop = ~capability_bounding_set;
SOURCES/0432-core-make-parsing-of-RLIMIT_NICE-aware-of-actual-nic.patch
New file
@@ -0,0 +1,163 @@
From c56c1f6c2b683d6f20a7e8caeecec6c3cb76798f Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 3 Jan 2017 14:21:25 +0100
Subject: [PATCH] core: make parsing of RLIMIT_NICE aware of actual nice levels
RHEL-only
(most of code taken from 29857001854a02c292f1f3b324e7a66831e859c8)
Resolves: #1409588
---
 man/systemd.exec.xml                  |  7 +++-
 src/core/load-fragment-gperf.gperf.m4 |  2 +-
 src/core/load-fragment.c              | 72 +++++++++++++++++++++++++++++++++++
 src/core/load-fragment.h              |  1 +
 src/core/main.c                       |  2 +-
 5 files changed, 81 insertions(+), 3 deletions(-)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 0cd469c..c5199d3 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -575,7 +575,12 @@
         granularity of the limits might influence their
         enforcement. For example, time limits specified for
         <varname>LimitCPU=</varname> will be rounded up implicitly to
-        multiples of 1s.</para>
+        multiples of 1s. For <varname>LimitNICE=</varname> the value
+        may be specified in two syntaxes: if prefixed with <literal>+</literal>
+        or <literal>-</literal>, the value is understood as regular Linux
+        nice value in the range -20..19. If not prefixed like this the value
+        is understood as raw resource limit parameter in the range 0..40 (with 0 being
+        equivalent to 1).</para>
         <para>Note that most process resource limits configured with
         these options are per-process, and processes may fork in order
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 45d1ead..f3a6e13 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -71,7 +71,7 @@ $1.LimitMEMLOCK,                 config_parse_bytes_limit,           RLIMIT_MEML
 $1.LimitLOCKS,                   config_parse_limit,                 RLIMIT_LOCKS,                  offsetof($1, exec_context.rlimit)
 $1.LimitSIGPENDING,              config_parse_limit,                 RLIMIT_SIGPENDING,             offsetof($1, exec_context.rlimit)
 $1.LimitMSGQUEUE,                config_parse_bytes_limit,           RLIMIT_MSGQUEUE,               offsetof($1, exec_context.rlimit)
-$1.LimitNICE,                    config_parse_limit,                 RLIMIT_NICE,                   offsetof($1, exec_context.rlimit)
+$1.LimitNICE,                    config_parse_nice_limit,            RLIMIT_NICE,                   offsetof($1, exec_context.rlimit)
 $1.LimitRTPRIO,                  config_parse_limit,                 RLIMIT_RTPRIO,                 offsetof($1, exec_context.rlimit)
 $1.LimitRTTIME,                  config_parse_usec_limit,            RLIMIT_RTTIME,                 offsetof($1, exec_context.rlimit)
 $1.ReadWriteDirectories,         config_parse_namespace_path_strv,   0,                             offsetof($1, exec_context.read_write_dirs)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 7056419..3a3c456 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1154,6 +1154,56 @@ static int rlim_parse_usec(const char *val, rlim_t *res) {
         return r;
 }
+static int rlim_parse_nice(const char *val, rlim_t *ret) {
+        uint64_t rl;
+        int r;
+
+        /* So, Linux is weird. The range for RLIMIT_NICE is 40..1, mapping to the nice levels -20..19. However, the
+         * RLIMIT_NICE limit defaults to 0 by the kernel, i.e. a value that maps to nice level 20, which of course is
+         * bogus and does not exist. In order to permit parsing the RLIMIT_NICE of 0 here we hence implement a slight
+         * asymmetry: when parsing as positive nice level we permit 0..19. When parsing as negative nice level, we
+         * permit -20..0. But when parsing as raw resource limit value then we also allow the special value 0.
+         *
+         * Yeah, Linux is quality engineering sometimes... */
+
+        if (val[0] == '+') {
+
+                /* Prefixed with "+": Parse as positive user-friendly nice value */
+                r = safe_atou64(val + 1, &rl);
+                if (r < 0)
+                        return r;
+
+                if (rl >= PRIO_MAX)
+                        return -ERANGE;
+
+                rl = 20 - rl;
+
+        } else if (val[0] == '-') {
+
+                /* Prefixed with "-": Parse as negative user-friendly nice value */
+                r = safe_atou64(val + 1, &rl);
+                if (r < 0)
+                        return r;
+
+                if (rl > (uint64_t) (-PRIO_MIN))
+                        return -ERANGE;
+
+                rl = 20 + rl;
+        } else {
+
+                /* Not prefixed: parse as raw resource limit value */
+                r = safe_atou64(val, &rl);
+                if (r < 0)
+                        return r;
+
+                if (rl > (uint64_t) (20 - PRIO_MIN))
+                        return -ERANGE;
+        }
+
+        *ret = (rlim_t) rl;
+        return 0;
+}
+
 static int parse_rlimit_range(
                 const char *unit,
                 const char *filename,
@@ -1286,6 +1336,28 @@ int config_parse_usec_limit(
         return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_usec);
 }
+int config_parse_nice_limit(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        struct rlimit **rl = data;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        rl += ltype;
+        return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_nice);
+}
 #ifdef HAVE_SYSV_COMPAT
 int config_parse_sysv_priority(const char *unit,
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index 6114796..7c69e53 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -59,6 +59,7 @@ int config_parse_limit(const char *unit, const char *filename, unsigned line, co
 int config_parse_bytes_limit(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_sec_limit(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_usec_limit(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_nice_limit(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_sysv_priority(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_kill_signal(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_exec_mount_flags(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
diff --git a/src/core/main.c b/src/core/main.c
index 6f83676..820cbc3 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -669,7 +669,7 @@ static int parse_config_file(void) {
                 { "Manager", "DefaultLimitLOCKS",         config_parse_limit,            0, &arg_default_rlimit[RLIMIT_LOCKS]      },
                 { "Manager", "DefaultLimitSIGPENDING",    config_parse_limit,            0, &arg_default_rlimit[RLIMIT_SIGPENDING] },
                 { "Manager", "DefaultLimitMSGQUEUE",      config_parse_bytes_limit,      0, &arg_default_rlimit[RLIMIT_MSGQUEUE]   },
-                { "Manager", "DefaultLimitNICE",          config_parse_limit,            0, &arg_default_rlimit[RLIMIT_NICE]       },
+                { "Manager", "DefaultLimitNICE",          config_parse_nice_limit,       0, &arg_default_rlimit[RLIMIT_NICE]       },
                 { "Manager", "DefaultLimitRTPRIO",        config_parse_limit,            0, &arg_default_rlimit[RLIMIT_RTPRIO]     },
                 { "Manager", "DefaultLimitRTTIME",        config_parse_limit,            0, &arg_default_rlimit[RLIMIT_RTTIME]     },
                 { "Manager", "DefaultCPUAccounting",      config_parse_bool,             0, &arg_default_cpu_accounting            },
SOURCES/0433-shared-fix-double-free-in-unmask-5005.patch
New file
@@ -0,0 +1,42 @@
From 45f3c8e04093a1ed871eb67aa4c1c28b11d3346c Mon Sep 17 00:00:00 2001
From: Jan Synacek <jan.synacek@gmail.com>
Date: Tue, 3 Jan 2017 21:34:36 +0100
Subject: [PATCH] shared: fix double free in unmask (#5005)
Easily reproducible:
1) systemctl mask foo
2) systemctl unmask foo foo
The problem here is that the *i that is put into todo[] is later freed
in strv_uniq(), which is not directly visible from this patch. Somewhere
further in the code, the string that *i pointed to is freed again. That
happens only when multiple services with the same name/path are specified.
(cherry picked from commit dc7dd61de610e9330abe7014860acfa733887d5e)
Resolves: #1409997
---
 src/shared/install.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index f01a212..1b59a96 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1602,7 +1602,7 @@ int unit_file_unmask(
         _cleanup_set_free_free_ Set *remove_symlinks_to = NULL;
         _cleanup_free_ char *config_path = NULL;
-        _cleanup_free_ char **todo = NULL;
+        _cleanup_strv_free_ char **todo = NULL;
         size_t n_todo = 0, n_allocated = 0;
         char **i;
         int r, q;
@@ -1639,7 +1639,7 @@ int unit_file_unmask(
                 if (!GREEDY_REALLOC0(todo, n_allocated, n_todo + 2))
                         return -ENOMEM;
-                todo[n_todo++] = *i;
+                todo[n_todo++] = strdup(*i);
         }
         strv_uniq(todo);
SOURCES/0434-shared-fix-double-free-in-link.patch
New file
@@ -0,0 +1,118 @@
From 7ac4fc60181cfc7ff06e696da78e1b2819580745 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 9 Jan 2017 04:46:11 +0000
Subject: [PATCH] shared: fix double free in link
Fixes:
```
touch hola.service
systemctl link $(pwd)/hola.service $(pwd)/hola.service
```
```
==1==ERROR: AddressSanitizer: attempting double-free on 0x60300002c560 in thread T0 (systemd):
    #0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
    #1 0x7fc8c90ebd3b in strv_clear src/basic/strv.c:83
    #2 0x7fc8c90ebdb6 in strv_free src/basic/strv.c:89
    #3 0x55637c758c77 in strv_freep src/basic/strv.h:37
    #4 0x55637c763ba9 in method_enable_unit_files_generic src/core/dbus-manager.c:1960
    #5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
    #6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
    #7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
    #8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
    #9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
    #10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
    #11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
    #12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
    #13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
    #14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
    #15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
    #16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
    #17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
    #18 0x55637c6a2194 in main src/core/main.c:1920
    #19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
    #20 0x55637c697339 in _start (/usr/lib/systemd/systemd+0xcd339)
0x60300002c560 is located 0 bytes inside of 19-byte region [0x60300002c560,0x60300002c573)
freed by thread T0 (systemd) here:
    #0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
    #1 0x7fc8c90ee320 in strv_remove src/basic/strv.c:630
    #2 0x7fc8c90ee190 in strv_uniq src/basic/strv.c:602
    #3 0x7fc8c9180533 in unit_file_link src/shared/install.c:1996
    #4 0x55637c763b25 in method_enable_unit_files_generic src/core/dbus-manager.c:1985
    #5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
    #6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
    #7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
    #8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
    #9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
    #10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
    #11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
    #12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
    #13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
    #14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
    #15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
    #16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
    #17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
    #18 0x55637c6a2194 in main src/core/main.c:1920
        #19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
previously allocated by thread T0 (systemd) here:
    #0 0x7fc8c95b0160 in strdup (/lib64/libasan.so.3+0x5a160)
    #1 0x7fc8c90edf32 in strv_extend src/basic/strv.c:552
    #2 0x7fc8c923ae41 in bus_message_read_strv_extend src/libsystemd/sd-bus/bus-message.c:5578
    #3 0x7fc8c923b0de in sd_bus_message_read_strv src/libsystemd/sd-bus/bus-message.c:5600
    #4 0x55637c7639d1 in method_enable_unit_files_generic src/core/dbus-manager.c:1969
    #5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
    #6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
    #7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
    #8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
    #9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
    #10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
    #11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
    #12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
    #13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
    #14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
    #15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
    #16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
    #17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
    #18 0x55637c6a2194 in main src/core/main.c:1920
    #19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.3+0xc6b00) in free
==1==ABORTING
```
Closes #5015
(cherry picked from commit 8af35ba681116eb79a46e3dbd65b166c1efd6164)
Related: #1409997
---
 src/shared/install.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 1b59a96..87d805c 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1682,7 +1682,7 @@ int unit_file_link(
         _cleanup_lookup_paths_free_ LookupPaths paths = {};
         _cleanup_free_ char *config_path = NULL;
-        _cleanup_free_ char **todo = NULL;
+        _cleanup_strv_free_ char **todo = NULL;
         size_t n_todo = 0, n_allocated = 0;
         char **i;
         int r,q;
@@ -1736,7 +1736,11 @@ int unit_file_link(
                 if (!GREEDY_REALLOC0(todo, n_allocated, n_todo + 2))
                         return -ENOMEM;
-                todo[n_todo++] = *i;
+                todo[n_todo] = strdup(*i);
+                if (!todo[n_todo])
+                        return -ENOMEM;
+
+                n_todo++;
         }
         strv_uniq(todo);
SOURCES/0435-shared-check-strdup-NULL.patch
New file
@@ -0,0 +1,30 @@
From eb591ab12405209edb498c9c57ddf76862c237c5 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 9 Jan 2017 22:45:41 +0000
Subject: [PATCH] shared: check strdup != NULL
This is a follow-up for dc7dd61de610e9330
(cherry picked from commit d054eae6c954baa857170bb60072c8a2ecea0d6b)
Related: #1409997
---
 src/shared/install.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 87d805c..62bdf67 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1639,7 +1639,11 @@ int unit_file_unmask(
                 if (!GREEDY_REALLOC0(todo, n_allocated, n_todo + 2))
                         return -ENOMEM;
-                todo[n_todo++] = strdup(*i);
+                todo[n_todo] = strdup(*i);
+                if (!todo[n_todo])
+                        return -ENOMEM;
+
+                n_todo++;
         }
         strv_uniq(todo);
SOURCES/0436-core-improve-error-message-when-RefuseManualStart-St.patch
New file
@@ -0,0 +1,39 @@
From 92ff0ade63ae85c6b6170af7b1209aaf37298ab1 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jan.synacek@gmail.com>
Date: Tue, 24 Jan 2017 04:06:05 +0100
Subject: [PATCH] core: improve error message when RefuseManualStart(Stop) is
 hit (#5132)
(cherry picked from commit 7e974e8530e3605db8186bd0c33bf36087e24e22)
Resolves: #1026648
---
 src/core/dbus-unit.c | 2 +-
 src/core/dbus.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 89b00e9..056a17a 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -843,7 +843,7 @@ int bus_unit_queue_job(
         if ((type == JOB_START && u->refuse_manual_start) ||
             (type == JOB_STOP && u->refuse_manual_stop) ||
             ((type == JOB_RESTART || type == JOB_TRY_RESTART) && (u->refuse_manual_start || u->refuse_manual_stop)))
-                return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only.", u->id);
+                return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id);
         r = manager_add_job(u->manager, type, u, mode, true, error, &j);
         if (r < 0)
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 29524d4..0061211 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -187,7 +187,7 @@ static int signal_activation_request(sd_bus *bus, sd_bus_message *message, void
                 goto failed;
         if (u->refuse_manual_start) {
-                r = sd_bus_error_setf(&error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, %s may be requested by dependency only.", u->id);
+                r = sd_bus_error_setf(&error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id);
                 goto failed;
         }
SOURCES/0437-systemctl-fix-is-enabled-exit-status-on-failure-when.patch
New file
@@ -0,0 +1,25 @@
From e8507d683bce9dd61adc3fa5d19ec35e3caadff9 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 30 Nov 2016 18:27:42 +0100
Subject: [PATCH] systemctl: fix 'is-enabled' exit status on failure when
 executed in chroot (#4773)
(cherry picked from commit c5024cd05c194b93ae960bf38e567d3d998f2a03)
Resolves: #1413964
---
 src/systemctl/systemctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index a578897..1e1009f 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5739,7 +5739,7 @@ static int unit_is_enabled(sd_bus *bus, char **args) {
                         r = unit_file_get_state(arg_scope, arg_root, *name, &state);
                         if (r < 0)
-                                return log_error_errno(state, "Failed to get unit file state for %s: %m", *name);
+                                return log_error_errno(r, "Failed to get unit file state for %s: %m", *name);
                         if (state == UNIT_FILE_ENABLED ||
                             state == UNIT_FILE_ENABLED_RUNTIME ||
SOURCES/0438-man-document-that-the-automatic-journal-limits-are-c.patch
New file
@@ -0,0 +1,26 @@
From 4464cd08f503af0459d779d92fb943aa3ef3f9a5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sat, 3 Oct 2015 11:34:11 +0200
Subject: [PATCH] man: document that the automatic journal limits are capped to
 4G by default
(cherry picked from commit 32252660954804747ae6b64c3921d5cb9a1c09c9)
Resolves: #1418547
---
 man/journald.conf.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index c4f71e8..46a498b 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -210,7 +210,8 @@
         and use the smaller of the two values.</para>
         <para>The first pair defaults to 10% and the second to 15% of
-        the size of the respective file system. If the file system is
+        the size of the respective file system, but each value
+        is capped to 4G. If the file system is
         nearly full and either <varname>SystemKeepFree=</varname> or
         <varname>RuntimeKeepFree=</varname> is violated when
         systemd-journald is started, the value will be raised to
SOURCES/0439-random-seed-raise-POOL_SIZE_MIN-to-1024.patch
New file
@@ -0,0 +1,23 @@
From 6a4ea99f07b32659362c9a1a38be8bec2bb0964c Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Wed, 25 Jan 2017 08:39:15 +0100
Subject: [PATCH] random-seed: raise POOL_SIZE_MIN to 1024
Resolves: #1386824
---
 src/random-seed/random-seed.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c
index ce1bd19..3ccc8f6 100644
--- a/src/random-seed/random-seed.c
+++ b/src/random-seed/random-seed.c
@@ -29,7 +29,7 @@
 #include "util.h"
 #include "mkdir.h"
-#define POOL_SIZE_MIN 512
+#define POOL_SIZE_MIN 1024
 int main(int argc, char *argv[]) {
         _cleanup_close_ int seed_fd = -1, random_fd = -1;
SOURCES/0440-bash-completion-add-support-for-now-5155.patch
New file
@@ -0,0 +1,24 @@
From 88cc61d44a1567fd81e073defa01fc351051fec5 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jan.synacek@gmail.com>
Date: Wed, 25 Jan 2017 13:44:04 +0100
Subject: [PATCH] bash-completion: add support for --now (#5155)
(cherry picked from commit 0067c7b29ab996bf99cf1bafe63c118b9b6d5b56)
Resolves: #1351806
---
 shell-completion/bash/systemctl.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in
index 0a022c4..a1dde32 100644
--- a/shell-completion/bash/systemctl.in
+++ b/shell-completion/bash/systemctl.in
@@ -91,7 +91,7 @@ _systemctl () {
         local -A OPTS=(
                [STANDALONE]='--all -a --reverse --after --before --defaults --fail --ignore-dependencies --failed --force -f --full -l --global
-                             --help -h --no-ask-password --no-block --no-legend --no-pager --no-reload --no-wall
+                             --help -h --no-ask-password --no-block --no-legend --no-pager --no-reload --no-wall --now
                              --quiet -q --privileged -P --system --version --runtime --recursive -r'
                       [ARG]='--host -H --kill-who --property -p --signal -s --type -t --state --root'
         )
SOURCES/0441-basic-fix-touch-creating-files-with-07777-mode.patch
New file
@@ -0,0 +1,30 @@
From 616db6ddcacd25e4c3a771cd317373971c9055ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com>
Date: Fri, 29 Jan 2016 23:36:08 +0200
Subject: [PATCH] basic: fix touch() creating files with 07777 mode
mode_t is unsigned, so MODE_INVALID < 0 can never be true.
This fixes a possible DoS where any user could fill /run by writing to
a world-writable /run/systemd/show-status.
Cherry-picked from: 06eeacb6fe029804f296b065b3ce91e796e1cd0e
Resolves: #1416062
---
 src/shared/util.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/shared/util.c b/src/shared/util.c
index 66729f7..1070e32 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3908,7 +3908,8 @@ int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gi
         if (parents)
                 mkdir_parents(path, 0755);
-        fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644);
+        fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY,
+                        (mode == 0 || mode == MODE_INVALID) ? 0644 : mode);
         if (fd < 0)
                 return -errno;
SOURCES/0442-udev-net_id-add-support-for-phys_port_name-attribute.patch
New file
@@ -0,0 +1,97 @@
From 192545bc67fed763ac54761ca067b9c2f93ecdd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20P=C3=ADrko?= <jiri@resnulli.us>
Date: Wed, 2 Nov 2016 03:46:01 +0100
Subject: [PATCH] udev: net_id: add support for phys_port_name attribute
 (#4506)
Switch drivers uses phys_port_name attribute to pass front panel port
name to user. Use it to generate netdev names.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Cherry-picked from: 4887b656c22af059d4e833de7b56544f24951184
Resolves: #1392426
---
 src/udev/udev-builtin-net_id.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 19e1f26..7c15435 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -38,7 +38,7 @@
  *   o<index>[d<dev_port>]                 -- on-board device index number
  *   s<slot>[f<function>][d<dev_port>]     -- hotplug slot index number
  *   x<MAC>                                -- MAC address
- *   [P<domain>]p<bus>s<slot>[f<function>][d<dev_id>/<dev_port>]
+ *   [P<domain>]p<bus>s<slot>[f<function>][n<phys_port_name>|d<dev_id>/<dev_port>]
  *                                         -- PCI geographical location
  *   [P<domain>]p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>]
  *                                         -- USB port number chain
@@ -134,7 +134,7 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
         unsigned dev_port = 0;
         size_t l;
         char *s;
-        const char *attr;
+        const char *attr, *port_name;
         int idx;
         /* ACPI _DSM  -- device specific method for naming a PCI or PCI Express device */
@@ -161,10 +161,15 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
         if (attr)
                 dev_port = strtol(attr, NULL, 10);
+        /* kernel provided front panel port name for multiple port PCI device */
+        port_name = udev_device_get_sysattr_value(dev, "phys_port_name");
+
         s = names->pci_onboard;
         l = sizeof(names->pci_onboard);
         l = strpcpyf(&s, l, "o%d", idx);
-        if (dev_port > 0)
+        if (port_name)
+                l = strpcpyf(&s, l, "n%s", port_name);
+        else if (dev_port > 0)
                 l = strpcpyf(&s, l, "d%d", dev_port);
         if (l == 0)
                 names->pci_onboard[0] = '\0';
@@ -199,7 +204,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
         unsigned domain, bus, slot, func, dev_id = 0;
         size_t l;
         char *s;
-        const char *attr;
+        const char *attr, *port_name;
         struct udev_device *pci = NULL;
         char slots[256], str[256];
         _cleanup_closedir_ DIR *dir = NULL;
@@ -220,6 +225,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
                 }
         }
+        /* kernel provided front panel port name for multiple port PCI device */
+        port_name = udev_device_get_sysattr_value(dev, "phys_port_name");
+
         /* compose a name based on the raw kernel's PCI bus, slot numbers */
         s = names->pci_path;
         l = sizeof(names->pci_path);
@@ -228,7 +236,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
         l = strpcpyf(&s, l, "p%us%u", bus, slot);
         if (func > 0 || is_pci_multifunction(names->pcidev))
                 l = strpcpyf(&s, l, "f%d", func);
-        if (dev_id > 0)
+        if (port_name)
+                l = strpcpyf(&s, l, "n%s", port_name);
+        else if (dev_id > 0)
                 l = strpcpyf(&s, l, "d%d", dev_id);
         if (l == 0)
                 names->pci_path[0] = '\0';
@@ -278,7 +288,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
                 l = strpcpyf(&s, l, "s%d", hotplug_slot);
                 if (func > 0 || is_pci_multifunction(names->pcidev))
                         l = strpcpyf(&s, l, "f%d", func);
-                if (dev_id > 0)
+                if (port_name)
+                        l = strpcpyf(&s, l, "n%s", port_name);
+                else if (dev_id > 0)
                         l = strpcpyf(&s, l, "d%d", dev_id);
                 if (l == 0)
                         names->pci_slot[0] = '\0';
SOURCES/0443-install-introduce-UnitFileFlags.patch
New file
@@ -0,0 +1,988 @@
From 111080b06c79e6bcbe9da4786f9c7229f1fb573e Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 20 Oct 2016 14:48:33 +0200
Subject: [PATCH] install: introduce UnitFileFlags
Introduce a new enum to get rid of some boolean arguments of unit_file_*
functions. It unifies the code, makes it a bit cleaner and extensible.
(cherry picked from commit b3796dd8349af4235143889e44522a730c1635c0)
Related: #1413041
---
 src/core/dbus-manager.c      | 36 ++++++++++++++++++--------
 src/core/main.c              |  2 +-
 src/shared/install.c         | 61 ++++++++++++++++++++------------------------
 src/shared/install.h         | 25 ++++++++++--------
 src/systemctl/systemctl.c    | 28 ++++++++++++--------
 src/test/test-install-root.c | 58 ++++++++++++++++++++---------------------
 src/test/test-install.c      | 38 +++++++++++++--------------
 7 files changed, 135 insertions(+), 113 deletions(-)
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index c2067c0..5b40aa2 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -41,6 +41,11 @@
 #include "dbus-execute.h"
 #include "bus-common-errors.h"
+static UnitFileFlags unit_file_bools_to_flags(bool runtime, bool force) {
+        return (runtime ? UNIT_FILE_RUNTIME : 0) |
+               (force   ? UNIT_FILE_FORCE   : 0);
+}
+
 static int property_get_version(
                 sd_bus *bus,
                 const char *path,
@@ -1647,7 +1652,7 @@ static int method_enable_unit_files_generic(
                 sd_bus_message *message,
                 Manager *m,
                 const char *verb,
-                int (*call)(UnitFileScope scope, bool runtime, const char *root_dir, char *files[], bool force, UnitFileChange **changes, unsigned *n_changes),
+                int (*call)(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char *files[], UnitFileChange **changes, unsigned *n_changes),
                 bool carries_install_info,
                 sd_bus_error *error) {
@@ -1655,6 +1660,7 @@ static int method_enable_unit_files_generic(
         UnitFileChange *changes = NULL;
         unsigned n_changes = 0;
         UnitFileScope scope;
+        UnitFileFlags flags;
         int runtime, force, r;
         assert(bus);
@@ -1676,12 +1682,13 @@ static int method_enable_unit_files_generic(
                 return r;
         r = mac_selinux_unit_access_check_strv(l, message, m, verb, error);
+        flags = unit_file_bools_to_flags(runtime, force);
         if (r < 0)
                 return r;
         scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
-        r = call(scope, runtime, NULL, l, force, &changes, &n_changes);
+        r = call(scope, flags, NULL, l, &changes, &n_changes);
         if (r < 0)
                 return r;
@@ -1700,8 +1707,8 @@ static int method_link_unit_files(sd_bus *bus, sd_bus_message *message, void *us
         return method_enable_unit_files_generic(bus, message, userdata, "enable", unit_file_link, false, error);
 }
-static int unit_file_preset_without_mode(UnitFileScope scope, bool runtime, const char *root_dir, char **files, bool force, UnitFileChange **changes, unsigned *n_changes) {
-        return unit_file_preset(scope, runtime, root_dir, files, UNIT_FILE_PRESET_FULL, force, changes, n_changes);
+static int unit_file_preset_without_mode(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes) {
+        return unit_file_preset(scope, flags, root_dir, files, UNIT_FILE_PRESET_FULL, changes, n_changes);
 }
 static int method_preset_unit_files(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
@@ -1721,6 +1728,7 @@ static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *messa
         UnitFilePresetMode mm;
         UnitFileScope scope;
         int runtime, force, r;
+        UnitFileFlags flags;
         const char *mode;
         assert(bus);
@@ -1741,6 +1749,8 @@ static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *messa
         if (r < 0)
                 return r;
+        flags = unit_file_bools_to_flags(runtime, force);
+
         if (isempty(mode))
                 mm = UNIT_FILE_PRESET_FULL;
         else {
@@ -1755,7 +1765,7 @@ static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *messa
         scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
-        r = unit_file_preset(scope, runtime, NULL, l, mm, force, &changes, &n_changes);
+        r = unit_file_preset(scope, flags, NULL, l, mm, &changes, &n_changes);
         if (r < 0)
                 return r;
@@ -1767,7 +1777,7 @@ static int method_disable_unit_files_generic(
                 sd_bus_message *message,
                 Manager *m, const
                 char *verb,
-                int (*call)(UnitFileScope scope, bool runtime, const char *root_dir, char *files[], UnitFileChange **changes, unsigned *n_changes),
+                int (*call)(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char *files[], UnitFileChange **changes, unsigned *n_changes),
                 sd_bus_error *error) {
         _cleanup_strv_free_ char **l = NULL;
@@ -1800,7 +1810,7 @@ static int method_disable_unit_files_generic(
         scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
-        r = call(scope, runtime, NULL, l, &changes, &n_changes);
+        r = call(scope, runtime ? UNIT_FILE_RUNTIME : 0, NULL, l, &changes, &n_changes);
         if (r < 0)
                 return r;
@@ -1843,7 +1853,7 @@ static int method_set_default_target(sd_bus *bus, sd_bus_message *message, void
         scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
-        r = unit_file_set_default(scope, NULL, name, force, &changes, &n_changes);
+        r = unit_file_set_default(scope, force ? UNIT_FILE_FORCE : 0, NULL, name, &changes, &n_changes);
         if (r < 0)
                 return r;
@@ -1857,6 +1867,7 @@ static int method_preset_all_unit_files(sd_bus *bus, sd_bus_message *message, vo
         UnitFilePresetMode mm;
         UnitFileScope scope;
         const char *mode;
+        UnitFileFlags flags;
         int force, runtime, r;
         assert(bus);
@@ -1877,6 +1888,8 @@ static int method_preset_all_unit_files(sd_bus *bus, sd_bus_message *message, vo
         if (r < 0)
                 return r;
+        flags = unit_file_bools_to_flags(runtime, force);
+
         if (isempty(mode))
                 mm = UNIT_FILE_PRESET_FULL;
         else {
@@ -1887,7 +1900,7 @@ static int method_preset_all_unit_files(sd_bus *bus, sd_bus_message *message, vo
         scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
-        r = unit_file_preset_all(scope, runtime, NULL, mm, force, &changes, &n_changes);
+        r = unit_file_preset_all(scope, flags, NULL, mm, &changes, &n_changes);
         if (r < 0) {
                 unit_file_changes_free(changes, n_changes);
                 return r;
@@ -1906,6 +1919,7 @@ static int method_add_dependency_unit_files(sd_bus *bus, sd_bus_message *message
         char *target;
         char *type;
         UnitDependency dep;
+        UnitFileFlags flags;
         assert(bus);
         assert(message);
@@ -1925,6 +1939,8 @@ static int method_add_dependency_unit_files(sd_bus *bus, sd_bus_message *message
         if (r < 0)
                 return r;
+        flags = unit_file_bools_to_flags(runtime, force);
+
         dep = unit_dependency_from_string(type);
         if (dep < 0)
                 return -EINVAL;
@@ -1935,7 +1951,7 @@ static int method_add_dependency_unit_files(sd_bus *bus, sd_bus_message *message
         scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
-        r = unit_file_add_dependency(scope, runtime, NULL, l, target, dep, force, &changes, &n_changes);
+        r = unit_file_add_dependency(scope, flags, NULL, l, target, dep, &changes, &n_changes);
         if (r < 0)
                 return r;
diff --git a/src/core/main.c b/src/core/main.c
index 820cbc3..a0df1e5 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1658,7 +1658,7 @@ int main(int argc, char *argv[]) {
                 bump_rlimit_nofile(&saved_rlimit_nofile);
                 if (empty_etc) {
-                        r = unit_file_preset_all(UNIT_FILE_SYSTEM, false, NULL, UNIT_FILE_PRESET_FULL, false, NULL, 0);
+                        r = unit_file_preset_all(UNIT_FILE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_FULL, NULL, 0);
                         if (r < 0)
                                 log_warning_errno(r, "Failed to populate /etc with preset unit settings, ignoring: %m");
                         else
diff --git a/src/shared/install.c b/src/shared/install.c
index 62bdf67..b3df6b3 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1549,10 +1549,9 @@ static int install_context_mark_for_removal(
 int unit_file_mask(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 char **files,
-                bool force,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -1567,7 +1566,7 @@ int unit_file_mask(
         if (r < 0)
                 return r;
-        r = get_config_path(scope, runtime, root_dir, &prefix);
+        r = get_config_path(scope, flags & UNIT_FILE_RUNTIME, root_dir, &prefix);
         if (r < 0)
                 return r;
@@ -1584,7 +1583,7 @@ int unit_file_mask(
                 if (!path)
                         return -ENOMEM;
-                q = create_symlink("/dev/null", path, force, changes, n_changes);
+                q = create_symlink("/dev/null", path, !!(flags & UNIT_FILE_FORCE), changes, n_changes);
                 if (q < 0 && r >= 0)
                         r = q;
         }
@@ -1594,7 +1593,7 @@ int unit_file_mask(
 int unit_file_unmask(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 char **files,
                 UnitFileChange **changes,
@@ -1614,7 +1613,7 @@ int unit_file_unmask(
         if (r < 0)
                 return r;
-        r = get_config_path(scope, runtime, root_dir, &config_path);
+        r = get_config_path(scope, flags & UNIT_FILE_RUNTIME, root_dir, &config_path);
         if (r < 0)
                 return r;
@@ -1677,10 +1676,9 @@ int unit_file_unmask(
 int unit_file_link(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 char **files,
-                bool force,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -1702,7 +1700,7 @@ int unit_file_link(
         if (r < 0)
                 return r;
-        r = get_config_path(scope, runtime, root_dir, &config_path);
+        r = get_config_path(scope, flags & UNIT_FILE_RUNTIME, root_dir, &config_path);
         if (r < 0)
                 return r;
@@ -1757,7 +1755,7 @@ int unit_file_link(
                 if (!path)
                         return -ENOMEM;
-                q = create_symlink(*i, path, force, changes, n_changes);
+                q = create_symlink(*i, path, !!(flags & UNIT_FILE_FORCE), changes, n_changes);
                 if (q < 0 && r >= 0)
                         r = q;
         }
@@ -1767,12 +1765,11 @@ int unit_file_link(
 int unit_file_add_dependency(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 char **files,
                 const char *target,
                 UnitDependency dep,
-                bool force,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -1801,7 +1798,7 @@ int unit_file_add_dependency(
         if (r < 0)
                 return r;
-        r = get_config_path(scope, runtime, root_dir, &config_path);
+        r = get_config_path(scope, flags & UNIT_FILE_RUNTIME, root_dir, &config_path);
         if (r < 0)
                 return r;
@@ -1839,16 +1836,15 @@ int unit_file_add_dependency(
                         return -ENOMEM;
          }
-        return install_context_apply(scope, &c, &paths, config_path, root_dir, force, SEARCH_FOLLOW_CONFIG_SYMLINKS, changes, n_changes);
+        return install_context_apply(scope, &c, &paths, config_path, root_dir, !!(flags & UNIT_FILE_FORCE), SEARCH_FOLLOW_CONFIG_SYMLINKS, changes, n_changes);
 }
 int unit_file_enable(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 char **files,
-                bool force,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -1870,7 +1866,7 @@ int unit_file_enable(
         if (r < 0)
                 return r;
-        r = get_config_path(scope, runtime, root_dir, &config_path);
+        r = get_config_path(scope, flags & UNIT_FILE_RUNTIME, root_dir, &config_path);
         if (r < 0)
                 return r;
@@ -1889,12 +1885,12 @@ int unit_file_enable(
         useful to determine whether the passed files had any
         installation data at all. */
-        return install_context_apply(scope, &c, &paths, config_path, root_dir, force, SEARCH_LOAD, changes, n_changes);
+        return install_context_apply(scope, &c, &paths, config_path, root_dir, !!(flags & UNIT_FILE_FORCE), SEARCH_LOAD, changes, n_changes);
 }
 int unit_file_disable(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 char **files,
                 UnitFileChange **changes,
@@ -1918,7 +1914,7 @@ int unit_file_disable(
         if (r < 0)
                 return r;
-        r = get_config_path(scope, runtime, root_dir, &config_path);
+        r = get_config_path(scope, flags & UNIT_FILE_RUNTIME, root_dir, &config_path);
         if (r < 0)
                 return r;
@@ -1940,10 +1936,9 @@ int unit_file_disable(
 int unit_file_reenable(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 char **files,
-                bool force,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -1958,19 +1953,19 @@ int unit_file_reenable(
                 n[i] = basename(files[i]);
         n[i] = NULL;
-        r = unit_file_disable(scope, runtime, root_dir, n, changes, n_changes);
+        r = unit_file_disable(scope, flags, root_dir, n, changes, n_changes);
         if (r < 0)
                 return r;
         /* But the enable command with the full name */
-        return unit_file_enable(scope, runtime, root_dir, files, force, changes, n_changes);
+        return unit_file_enable(scope, flags, root_dir, files, changes, n_changes);
 }
 int unit_file_set_default(
                 UnitFileScope scope,
+                UnitFileFlags flags,
                 const char *root_dir,
                 const char *name,
-                bool force,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -2010,7 +2005,7 @@ int unit_file_set_default(
         path = strjoina(config_path, "/" SPECIAL_DEFAULT_TARGET);
-        return create_symlink(i->path, path, force, changes, n_changes);
+        return create_symlink(i->path, path, !!(flags & UNIT_FILE_FORCE), changes, n_changes);
 }
 int unit_file_get_default(
@@ -2311,11 +2306,10 @@ static int preset_prepare_one(
 int unit_file_preset(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 char **files,
                 UnitFilePresetMode mode,
-                bool force,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -2337,7 +2331,7 @@ int unit_file_preset(
         if (r < 0)
                 return r;
-        r = get_config_path(scope, runtime, root_dir, &config_path);
+        r = get_config_path(scope, flags & UNIT_FILE_RUNTIME, root_dir, &config_path);
         if (r < 0)
                 return r;
@@ -2350,15 +2344,14 @@ int unit_file_preset(
                         return r;
         }
-        return execute_preset(scope, &plus, &minus, &paths, config_path, root_dir, files, mode, force, changes, n_changes);
+        return execute_preset(scope, &plus, &minus, &paths, config_path, root_dir, files, mode, !!(flags & UNIT_FILE_FORCE), changes, n_changes);
 }
 int unit_file_preset_all(
                 UnitFileScope scope,
-                bool runtime,
+                UnitFileFlags flags,
                 const char *root_dir,
                 UnitFilePresetMode mode,
-                bool force,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -2380,7 +2373,7 @@ int unit_file_preset_all(
         if (r < 0)
                 return r;
-        r = get_config_path(scope, runtime, root_dir, &config_path);
+        r = get_config_path(scope, flags & UNIT_FILE_RUNTIME, root_dir, &config_path);
         if (r < 0)
                 return r;
@@ -2434,7 +2427,7 @@ int unit_file_preset_all(
                 }
         }
-        return execute_preset(scope, &plus, &minus, &paths, config_path, root_dir, NULL, mode, force, changes, n_changes);
+        return execute_preset(scope, &plus, &minus, &paths, config_path, root_dir, NULL, mode, !!(flags & UNIT_FILE_FORCE), changes, n_changes);
 }
 static void unit_file_list_free_one(UnitFileList *f) {
diff --git a/src/shared/install.h b/src/shared/install.h
index 7e40445..c961b53 100644
--- a/src/shared/install.h
+++ b/src/shared/install.h
@@ -66,6 +66,11 @@ typedef enum UnitFileChangeType {
         _UNIT_FILE_CHANGE_TYPE_INVALID = -1
 } UnitFileChangeType;
+typedef enum UnitFileFlags {
+        UNIT_FILE_RUNTIME = 1,
+        UNIT_FILE_FORCE = 1 << 1
+} UnitFileFlags;
+
 static inline bool unit_file_change_is_modification(UnitFileChangeType type) {
         return IN_SET(type, UNIT_FILE_SYMLINK, UNIT_FILE_UNLINK);
 }
@@ -120,17 +125,17 @@ static inline bool UNIT_FILE_INSTALL_INFO_HAS_ALSO(InstallInfo *i) {
         return !strv_isempty(i->also);
 }
-int unit_file_enable(UnitFileScope scope, bool runtime, const char *root_dir, char **files, bool force, UnitFileChange **changes, unsigned *n_changes);
-int unit_file_disable(UnitFileScope scope, bool runtime, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
-int unit_file_reenable(UnitFileScope scope, bool runtime, const char *root_dir, char **files, bool force, UnitFileChange **changes, unsigned *n_changes);
-int unit_file_link(UnitFileScope scope, bool runtime, const char *root_dir, char **files, bool force, UnitFileChange **changes, unsigned *n_changes);
-int unit_file_preset(UnitFileScope scope, bool runtime, const char *root_dir, char **files, UnitFilePresetMode mode, bool force, UnitFileChange **changes, unsigned *n_changes);
-int unit_file_preset_all(UnitFileScope scope, bool runtime, const char *root_dir, UnitFilePresetMode mode, bool force, UnitFileChange **changes, unsigned *n_changes);
-int unit_file_mask(UnitFileScope scope, bool runtime, const char *root_dir, char **files, bool force, UnitFileChange **changes, unsigned *n_changes);
-int unit_file_unmask(UnitFileScope scope, bool runtime, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
-int unit_file_set_default(UnitFileScope scope, const char *root_dir, const char *file, bool force, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_enable(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_disable(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_reenable(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_link(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_preset(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, UnitFilePresetMode mode, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_preset_all(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, UnitFilePresetMode mode, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_mask(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_unmask(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_set_default(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, const char *file, UnitFileChange **changes, unsigned *n_changes);
 int unit_file_get_default(UnitFileScope scope, const char *root_dir, char **name);
-int unit_file_add_dependency(UnitFileScope scope, bool runtime, const char *root_dir, char **files, const char *target, UnitDependency dep, bool force, UnitFileChange **changes, unsigned *n_changes);
+int unit_file_add_dependency(UnitFileScope scope, UnitFileFlags flags, const char *root_dir, char **files, const char *target, UnitDependency dep, UnitFileChange **changes, unsigned *n_changes);
 int unit_file_lookup_state(UnitFileScope scope, const char *root_dir,const LookupPaths *paths, const char *name, UnitFileState *ret);
 int unit_file_get_state(UnitFileScope scope, const char *root_dir, const char *filename, UnitFileState *ret);
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 1e1009f..e0dbf0f 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -165,6 +165,11 @@ static int daemon_reload(sd_bus *bus, char **args);
 static int halt_now(enum action a);
 static int check_one_unit(sd_bus *bus, const char *name, const char *good_states, bool quiet);
+static UnitFileFlags args_to_flags(void) {
+        return (arg_runtime ? UNIT_FILE_RUNTIME : 0) |
+               (arg_force   ? UNIT_FILE_FORCE   : 0);
+}
+
 static char** strv_skip_first(char **strv) {
         if (strv_length(strv) > 0)
                 return strv + 1;
@@ -1974,7 +1979,7 @@ static int set_default(sd_bus *bus, char **args) {
                 return log_oom();
         if (!bus || avoid_bus()) {
-                r = unit_file_set_default(arg_scope, arg_root, unit, true, &changes, &n_changes);
+                r = unit_file_set_default(arg_scope, UNIT_FILE_FORCE, arg_root, unit, &changes, &n_changes);
                 if (r < 0)
                         return log_error_errno(r, "Failed to set default target: %m");
@@ -5407,22 +5412,25 @@ static int enable_unit(sd_bus *bus, char **args) {
         }
         if (!bus || avoid_bus()) {
+                UnitFileFlags flags;
+
+                flags = args_to_flags();
                 if (streq(verb, "enable")) {
-                        r = unit_file_enable(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
+                        r = unit_file_enable(arg_scope, flags, arg_root, names, &changes, &n_changes);
                         carries_install_info = r;
                 } else if (streq(verb, "disable"))
-                        r = unit_file_disable(arg_scope, arg_runtime, arg_root, names, &changes, &n_changes);
+                        r = unit_file_disable(arg_scope, flags, arg_root, names, &changes, &n_changes);
                 else if (streq(verb, "reenable")) {
-                        r = unit_file_reenable(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
+                        r = unit_file_reenable(arg_scope, flags, arg_root, names, &changes, &n_changes);
                         carries_install_info = r;
                 } else if (streq(verb, "link"))
-                        r = unit_file_link(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
+                        r = unit_file_link(arg_scope, flags, arg_root, names, &changes, &n_changes);
                 else if (streq(verb, "preset")) {
-                        r = unit_file_preset(arg_scope, arg_runtime, arg_root, names, arg_preset_mode, arg_force, &changes, &n_changes);
+                        r = unit_file_preset(arg_scope, flags, arg_root, names, arg_preset_mode, &changes, &n_changes);
                 } else if (streq(verb, "mask"))
-                        r = unit_file_mask(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
+                        r = unit_file_mask(arg_scope, flags, arg_root, names, &changes, &n_changes);
                 else if (streq(verb, "unmask"))
-                        r = unit_file_unmask(arg_scope, arg_runtime, arg_root, names, &changes, &n_changes);
+                        r = unit_file_unmask(arg_scope, flags, arg_root, names, &changes, &n_changes);
                 else
                         assert_not_reached("Unknown verb");
@@ -5588,7 +5596,7 @@ static int add_dependency(sd_bus *bus, char **args) {
                 UnitFileChange *changes = NULL;
                 unsigned n_changes = 0;
-                r = unit_file_add_dependency(arg_scope, arg_runtime, arg_root, names, target, dep, arg_force, &changes, &n_changes);
+                r = unit_file_add_dependency(arg_scope, args_to_flags(), arg_root, names, target, dep, &changes, &n_changes);
                 if (r < 0)
                         return log_error_errno(r, "Can't add dependency: %m");
@@ -5652,7 +5660,7 @@ static int preset_all(sd_bus *bus, char **args) {
         if (!bus || avoid_bus()) {
-                r = unit_file_preset_all(arg_scope, arg_runtime, arg_root, arg_preset_mode, arg_force, &changes, &n_changes);
+                r = unit_file_preset_all(arg_scope, args_to_flags(), arg_root, arg_preset_mode, &changes, &n_changes);
                 if (r < 0) {
                         log_error_errno(r, "Operation failed: %m");
                         goto finish;
diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
index 667c374..cb417d4 100644
--- a/src/test/test-install-root.c
+++ b/src/test/test-install-root.c
@@ -62,7 +62,7 @@ static void test_basic_mask_and_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", NULL) >= 0);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_mask(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("a.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_mask(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/dev/null"));
@@ -78,11 +78,11 @@ static void test_basic_mask_and_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", &state) >= 0 && state == UNIT_FILE_MASKED);
         /* Enabling a masked unit should fail! */
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("a.service"), false, &changes, &n_changes) == -ESHUTDOWN);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) == -ESHUTDOWN);
         unit_file_changes_free(changes, n_changes);
         changes = NULL; n_changes = 0;
-        assert_se(unit_file_unmask(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("a.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_unmask(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_UNLINK);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/a.service");
@@ -90,7 +90,7 @@ static void test_basic_mask_and_enable(const char *root) {
         unit_file_changes_free(changes, n_changes);
         changes = NULL; n_changes = 0;
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("a.service"), false, &changes, &n_changes) == 1);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) == 1);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/a.service"));
@@ -105,12 +105,12 @@ static void test_basic_mask_and_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
         /* Enabling it again should succeed but be a NOP */
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("a.service"), false, &changes, &n_changes) == 1);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) == 1);
         assert_se(n_changes == 0);
         unit_file_changes_free(changes, n_changes);
         changes = NULL; n_changes = 0;
-        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("a.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_UNLINK);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/a.service");
@@ -124,13 +124,13 @@ static void test_basic_mask_and_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         /* Disabling a disabled unit must suceed but be a NOP */
-        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("a.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 0);
         unit_file_changes_free(changes, n_changes);
         changes = NULL; n_changes = 0;
         /* Let's enable this indirectly via a symlink */
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("d.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("d.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/a.service"));
@@ -146,7 +146,7 @@ static void test_basic_mask_and_enable(const char *root) {
         /* Let's try to reenable */
-        assert_se(unit_file_reenable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("b.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_reenable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("b.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 2);
         assert_se(changes[0].type == UNIT_FILE_UNLINK);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/a.service");
@@ -215,7 +215,7 @@ static void test_linked_units(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "linked3.service", &state) >= 0 && state == UNIT_FILE_LINKED);
         /* First, let's link the unit into the search path */
-        assert_se(unit_file_link(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("/opt/linked.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_link(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("/opt/linked.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/opt/linked.service"));
@@ -227,7 +227,7 @@ static void test_linked_units(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "linked.service", &state) >= 0 && state == UNIT_FILE_LINKED);
         /* Let's unlink it from the search path again */
-        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("linked.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("linked.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_UNLINK);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/linked.service");
@@ -238,7 +238,7 @@ static void test_linked_units(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "linked.service", NULL) == -ENOENT);
         /* Now, let's not just link it, but also enable it */
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("/opt/linked.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("/opt/linked.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 2);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/linked.service");
         q = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/linked.service");
@@ -260,7 +260,7 @@ static void test_linked_units(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "linked.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
         /* And let's unlink it again */
-        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("linked.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("linked.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 2);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/linked.service");
         q = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/linked.service");
@@ -280,7 +280,7 @@ static void test_linked_units(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "linked.service", NULL) == -ENOENT);
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("linked2.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("linked2.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 2);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/linked2.service");
         q = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/linked2.service");
@@ -299,7 +299,7 @@ static void test_linked_units(const char *root) {
         unit_file_changes_free(changes, n_changes);
         changes = NULL; n_changes = 0;
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("linked3.service"), false, &changes, &n_changes) == -ELOOP);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("linked3.service"), &changes, &n_changes) == -ELOOP);
         unit_file_changes_free(changes, n_changes);
         changes = NULL; n_changes = 0;
 }
@@ -318,14 +318,14 @@ static void test_default(const char *root) {
         assert_se(unit_file_get_default(UNIT_FILE_SYSTEM, root, &def) == -ENOENT);
-        assert_se(unit_file_set_default(UNIT_FILE_SYSTEM, root, "idontexist.target", false, &changes, &n_changes) == -ENOENT);
+        assert_se(unit_file_set_default(UNIT_FILE_SYSTEM, 0, root, "idontexist.target", &changes, &n_changes) == -ENOENT);
         assert_se(n_changes == 0);
         unit_file_changes_free(changes, n_changes);
         changes = NULL; n_changes = 0;
         assert_se(unit_file_get_default(UNIT_FILE_SYSTEM, root, &def) == -ENOENT);
-        assert_se(unit_file_set_default(UNIT_FILE_SYSTEM, root, "test-default.target", false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_set_default(UNIT_FILE_SYSTEM, 0, root, "test-default.target", &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/test-default-real.target"));
@@ -355,7 +355,7 @@ static void test_add_dependency(const char *root) {
         p = strjoina(root, "/usr/lib/systemd/system/add-dependency-test-service.service");
         assert_se(symlink("real-add-dependency-test-service.service", p) >= 0);
-        assert_se(unit_file_add_dependency(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("add-dependency-test-service.service"), "add-dependency-test-target.target", UNIT_WANTS, false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_add_dependency(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("add-dependency-test-service.service"), "add-dependency-test-target.target", UNIT_WANTS, &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/real-add-dependency-test-service.service"));
@@ -392,7 +392,7 @@ static void test_template_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@def.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@foo.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("template@.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("template@.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service"));
@@ -408,7 +408,7 @@ static void test_template_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@def.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@foo.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("template@.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("template@.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_UNLINK);
         assert_se(streq(changes[0].path, p));
@@ -422,7 +422,7 @@ static void test_template_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@def.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@foo.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("template@foo.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("template@foo.service"), &changes, &n_changes) >= 0);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service"));
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/template@foo.service");
@@ -437,7 +437,7 @@ static void test_template_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@def.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@foo.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
-        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("template@foo.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("template@foo.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_UNLINK);
         assert_se(streq(changes[0].path, p));
@@ -453,7 +453,7 @@ static void test_template_enable(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@foo.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "template-symlink@quux.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("template-symlink@quux.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("template-symlink@quux.service"), &changes, &n_changes) >= 0);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service"));
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/template@quux.service");
@@ -498,7 +498,7 @@ static void test_indirect(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "indirectb.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "indirectc.service", &state) >= 0 && state == UNIT_FILE_INDIRECT);
-        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("indirectc.service"), false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("indirectc.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/indirectb.service"));
@@ -511,7 +511,7 @@ static void test_indirect(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "indirectb.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "indirectc.service", &state) >= 0 && state == UNIT_FILE_INDIRECT);
-        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("indirectc.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("indirectc.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_UNLINK);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/indirectb.service");
@@ -551,7 +551,7 @@ static void test_preset_and_list(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "preset-yes.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "preset-no.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_preset(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("preset-yes.service"), UNIT_FILE_PRESET_FULL, false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_preset(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("preset-yes.service"), UNIT_FILE_PRESET_FULL, &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_SYMLINK);
         assert_se(streq(changes[0].source, "/usr/lib/systemd/system/preset-yes.service"));
@@ -563,7 +563,7 @@ static void test_preset_and_list(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "preset-yes.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "preset-no.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("preset-yes.service"), &changes, &n_changes) >= 0);
+        assert_se(unit_file_disable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("preset-yes.service"), &changes, &n_changes) >= 0);
         assert_se(n_changes == 1);
         assert_se(changes[0].type == UNIT_FILE_UNLINK);
         p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/multi-user.target.wants/preset-yes.service");
@@ -574,7 +574,7 @@ static void test_preset_and_list(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "preset-yes.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "preset-no.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_preset(UNIT_FILE_SYSTEM, false, root, STRV_MAKE("preset-no.service"), UNIT_FILE_PRESET_FULL, false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_preset(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("preset-no.service"), UNIT_FILE_PRESET_FULL, &changes, &n_changes) >= 0);
         assert_se(n_changes == 0);
         unit_file_changes_free(changes, n_changes);
         changes = NULL; n_changes = 0;
@@ -582,7 +582,7 @@ static void test_preset_and_list(const char *root) {
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "preset-yes.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
         assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "preset-no.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
-        assert_se(unit_file_preset_all(UNIT_FILE_SYSTEM, false, root, UNIT_FILE_PRESET_FULL, false, &changes, &n_changes) >= 0);
+        assert_se(unit_file_preset_all(UNIT_FILE_SYSTEM, 0, root, UNIT_FILE_PRESET_FULL, &changes, &n_changes) >= 0);
         assert_se(n_changes > 0);
diff --git a/src/test/test-install.c b/src/test/test-install.c
index 08a1faf..0cae0e7 100644
--- a/src/test/test-install.c
+++ b/src/test/test-install.c
@@ -73,12 +73,12 @@ int main(int argc, char* argv[]) {
         log_error("enable");
-        r = unit_file_enable(UNIT_FILE_SYSTEM, false, NULL, (char**) files, false, &changes, &n_changes);
+        r = unit_file_enable(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         log_error("enable2");
-        r = unit_file_enable(UNIT_FILE_SYSTEM, false, NULL, (char**) files, false, &changes, &n_changes);
+        r = unit_file_enable(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -93,7 +93,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_disable(UNIT_FILE_SYSTEM, false, NULL, (char**) files, &changes, &n_changes);
+        r = unit_file_disable(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -107,10 +107,10 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_mask(UNIT_FILE_SYSTEM, false, NULL, (char**) files, false, &changes, &n_changes);
+        r = unit_file_mask(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         log_error("mask2");
-        r = unit_file_mask(UNIT_FILE_SYSTEM, false, NULL, (char**) files, false, &changes, &n_changes);
+        r = unit_file_mask(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -124,10 +124,10 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_unmask(UNIT_FILE_SYSTEM, false, NULL, (char**) files, &changes, &n_changes);
+        r = unit_file_unmask(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         log_error("unmask2");
-        r = unit_file_unmask(UNIT_FILE_SYSTEM, false, NULL, (char**) files, &changes, &n_changes);
+        r = unit_file_unmask(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -141,7 +141,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_mask(UNIT_FILE_SYSTEM, false, NULL, (char**) files, false, &changes, &n_changes);
+        r = unit_file_mask(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -155,10 +155,10 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_disable(UNIT_FILE_SYSTEM, false, NULL, (char**) files, &changes, &n_changes);
+        r = unit_file_disable(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         log_error("disable2");
-        r = unit_file_disable(UNIT_FILE_SYSTEM, false, NULL, (char**) files, &changes, &n_changes);
+        r = unit_file_disable(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -172,7 +172,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_unmask(UNIT_FILE_SYSTEM, false, NULL, (char**) files, &changes, &n_changes);
+        r = unit_file_unmask(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -186,7 +186,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_enable(UNIT_FILE_SYSTEM, false, NULL, (char**) files2, false, &changes, &n_changes);
+        r = unit_file_enable(UNIT_FILE_SYSTEM, 0, NULL, (char**) files2, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -200,7 +200,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_disable(UNIT_FILE_SYSTEM, false, NULL, STRV_MAKE(basename(files2[0])), &changes, &n_changes);
+        r = unit_file_disable(UNIT_FILE_SYSTEM, 0, NULL, STRV_MAKE(basename(files2[0])), &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -213,7 +213,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_link(UNIT_FILE_SYSTEM, false, NULL, (char**) files2, false, &changes, &n_changes);
+        r = unit_file_link(UNIT_FILE_SYSTEM, 0, NULL, (char**) files2, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -227,7 +227,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_disable(UNIT_FILE_SYSTEM, false, NULL, STRV_MAKE(basename(files2[0])), &changes, &n_changes);
+        r = unit_file_disable(UNIT_FILE_SYSTEM, 0, NULL, STRV_MAKE(basename(files2[0])), &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -240,7 +240,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_link(UNIT_FILE_SYSTEM, false, NULL, (char**) files2, false, &changes, &n_changes);
+        r = unit_file_link(UNIT_FILE_SYSTEM, 0, NULL, (char**) files2, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -254,7 +254,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_reenable(UNIT_FILE_SYSTEM, false, NULL, (char**) files2, false, &changes, &n_changes);
+        r = unit_file_reenable(UNIT_FILE_SYSTEM, 0, NULL, (char**) files2, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -268,7 +268,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_disable(UNIT_FILE_SYSTEM, false, NULL, STRV_MAKE(basename(files2[0])), &changes, &n_changes);
+        r = unit_file_disable(UNIT_FILE_SYSTEM, 0, NULL, STRV_MAKE(basename(files2[0])), &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
@@ -280,7 +280,7 @@ int main(int argc, char* argv[]) {
         changes = NULL;
         n_changes = 0;
-        r = unit_file_preset(UNIT_FILE_SYSTEM, false, NULL, (char**) files, UNIT_FILE_PRESET_FULL, false, &changes, &n_changes);
+        r = unit_file_preset(UNIT_FILE_SYSTEM, 0, NULL, (char**) files, UNIT_FILE_PRESET_FULL, &changes, &n_changes);
         assert_se(r >= 0);
         dump_changes(changes, n_changes);
SOURCES/0444-shared-systemctl-teach-is-enabled-to-show-installati.patch
New file
@@ -0,0 +1,363 @@
From fef4e6a045ae703de12ec271b0c8fd02d0bac0fc Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 20 Oct 2016 15:20:11 +0200
Subject: [PATCH] shared, systemctl: teach is-enabled to show installation
 targets
It may be desired by users to know what targets a particular service is
installed into. Improve user friendliness by teaching the is-enabled
command to show such information when used with --full.
This patch makes use of the newly added UnitFileFlags and adds
UNIT_FILE_DRY_RUN flag into it. Since the API had already been modified,
it's now easy to add the new dry-run feature for other commands as
well. As a next step, --dry-run could be added to systemctl, which in
turn might pave the way for a long requested dry-run feature when
running systemctl start.
(cherry picked from commit 3b3557c410c7910fae0990599dcb82711cf5fbb7)
Resolves: #1413041
---
 man/systemctl.xml                      |  3 ++
 src/core/dbus-manager.c                | 44 ++++++++++++++++++++
 src/core/org.freedesktop.systemd1.conf |  4 ++
 src/shared/install.c                   | 35 +++++++++-------
 src/shared/install.h                   |  3 +-
 src/systemctl/systemctl.c              | 73 +++++++++++++++++++++++++++++++++-
 6 files changed, 145 insertions(+), 17 deletions(-)
diff --git a/man/systemctl.xml b/man/systemctl.xml
index bb21f3a..4a1aff2 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -223,6 +223,8 @@
           of <command>status</command>, <command>list-units</command>,
           <command>list-jobs</command>, and
           <command>list-timers</command>.</para>
+          <para>Also, show installation targets in the output of
+          <command>is-enabled</command>.</para>
         </listitem>
       </varlistentry>
@@ -1054,6 +1056,7 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
             exit code of 0 if at least one is enabled, non-zero
             otherwise. Prints the current enable status (see table).
             To suppress this output, use <option>--quiet</option>.
+            To show installation targets, use <option>--full</option>.
             </para>
             <table>
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 5b40aa2..7ba1b51 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1958,6 +1958,49 @@ static int method_add_dependency_unit_files(sd_bus *bus, sd_bus_message *message
         return reply_unit_file_changes_and_free(m, bus, message, -1, changes, n_changes);
 }
+static int method_get_unit_file_links(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        UnitFileChange *changes = NULL;
+        unsigned n_changes = 0, i;
+        UnitFileFlags flags;
+        const char *name;
+        char **p;
+        int runtime, r;
+
+        r = sd_bus_message_read(message, "sb", &name, &runtime);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, SD_BUS_TYPE_ARRAY, "s");
+        if (r < 0)
+                return r;
+
+        p = STRV_MAKE(name);
+        flags = UNIT_FILE_DRY_RUN |
+                (runtime ? UNIT_FILE_RUNTIME : 0);
+
+        r = unit_file_disable(UNIT_FILE_SYSTEM, flags, NULL, p, &changes, &n_changes);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get file links for %s: %m", name);
+
+        for (i = 0; i < n_changes; i++)
+                if (changes[i].type == UNIT_FILE_UNLINK) {
+                        r = sd_bus_message_append(reply, "s", changes[i].path);
+                        if (r < 0)
+                                return r;
+                }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(bus, reply, NULL);
+}
+
 const sd_bus_vtable bus_manager_vtable[] = {
         SD_BUS_VTABLE_START(0),
@@ -2049,6 +2092,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
         SD_BUS_METHOD("GetDefaultTarget", NULL, "s", method_get_default_target, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("PresetAllUnitFiles", "sbb", "a(sss)", method_preset_all_unit_files, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("AddDependencyUnitFiles", "asssbb", "a(sss)", method_add_dependency_unit_files, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetUnitFileLinks", "sb", "as", method_get_unit_file_links, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_SIGNAL("UnitNew", "so", 0),
         SD_BUS_SIGNAL("UnitRemoved", "so", 0),
diff --git a/src/core/org.freedesktop.systemd1.conf b/src/core/org.freedesktop.systemd1.conf
index 6a7a37e..3997dd0 100644
--- a/src/core/org.freedesktop.systemd1.conf
+++ b/src/core/org.freedesktop.systemd1.conf
@@ -78,6 +78,10 @@
                 <allow send_destination="org.freedesktop.systemd1"
                        send_interface="org.freedesktop.systemd1.Manager"
+                       send_member="GetUnitFileLinks"/>
+
+                <allow send_destination="org.freedesktop.systemd1"
+                       send_interface="org.freedesktop.systemd1.Manager"
                        send_member="ListJobs"/>
                 <allow send_destination="org.freedesktop.systemd1"
diff --git a/src/shared/install.c b/src/shared/install.c
index b3df6b3..bdfd7b9 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -340,6 +340,7 @@ static int remove_marked_symlinks_fd(
                 int fd,
                 const char *path,
                 const char *config_path,
+                bool dry_run,
                 bool *restart,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -400,7 +401,7 @@ static int remove_marked_symlinks_fd(
                         }
                         /* This will close nfd, regardless whether it succeeds or not */
-                        q = remove_marked_symlinks_fd(remove_symlinks_to, nfd, p, config_path, restart, changes, n_changes);
+                        q = remove_marked_symlinks_fd(remove_symlinks_to, nfd, p, config_path, dry_run, restart, changes, n_changes);
                         if (q < 0 && r == 0)
                                 r = q;
@@ -439,21 +440,23 @@ static int remove_marked_symlinks_fd(
                         if (!found)
                                 continue;
-                        if (unlink(p) < 0 && errno != ENOENT) {
-                                if (r == 0)
-                                        r = -errno;
-                                continue;
-                        }
+                        if (!dry_run) {
+                                if (unlink(p) < 0 && errno != ENOENT) {
+                                        if (r == 0)
+                                                r = -errno;
+                                        continue;
+                                }
-                        path_kill_slashes(p);
-                        (void) rmdir_parents(p, config_path);
+                                path_kill_slashes(p);
+                                (void) rmdir_parents(p, config_path);
+                        }
                         unit_file_changes_add(changes, n_changes, UNIT_FILE_UNLINK, p, NULL);
                         q = mark_symlink_for_removal(&remove_symlinks_to, p);
                         if (q < 0)
                                 return q;
-                        if (q > 0)
+                        if (q > 0 && !dry_run)
                                 *restart = true;
                 }
         }
@@ -464,6 +467,7 @@ static int remove_marked_symlinks_fd(
 static int remove_marked_symlinks(
                 Set *remove_symlinks_to,
                 const char *config_path,
+                bool dry_run,
                 UnitFileChange **changes,
                 unsigned *n_changes) {
@@ -491,7 +495,7 @@ static int remove_marked_symlinks(
                 }
                 /* This takes possession of cfd and closes it */
-                q = remove_marked_symlinks_fd(remove_symlinks_to, cfd, config_path, config_path, &restart, changes, n_changes);
+                q = remove_marked_symlinks_fd(remove_symlinks_to, cfd, config_path, config_path, dry_run, &restart, changes, n_changes);
                 if (r == 0)
                         r = q;
         } while (restart);
@@ -1604,6 +1608,7 @@ int unit_file_unmask(
         _cleanup_strv_free_ char **todo = NULL;
         size_t n_todo = 0, n_allocated = 0;
         char **i;
+        bool dry_run;
         int r, q;
         assert(scope >= 0);
@@ -1617,6 +1622,8 @@ int unit_file_unmask(
         if (r < 0)
                 return r;
+        dry_run = !!(flags & UNIT_FILE_DRY_RUN);
+
         STRV_FOREACH(i, files) {
                 _cleanup_free_ char *path = NULL;
@@ -1655,7 +1662,7 @@ int unit_file_unmask(
                 if (!path)
                         return -ENOMEM;
-                if (unlink(path) < 0) {
+                if (!dry_run && unlink(path) < 0) {
                         if (errno != -ENOENT && r >= 0)
                                 r = -errno;
                 } else {
@@ -1667,7 +1674,7 @@ int unit_file_unmask(
                 }
         }
-        q = remove_marked_symlinks(remove_symlinks_to, config_path, changes, n_changes);
+        q = remove_marked_symlinks(remove_symlinks_to, config_path, dry_run, changes, n_changes);
         if (r >= 0)
                 r = q;
@@ -1931,7 +1938,7 @@ int unit_file_disable(
         if (r < 0)
                 return r;
-        return remove_marked_symlinks(remove_symlinks_to, config_path, changes, n_changes);
+        return remove_marked_symlinks(remove_symlinks_to, config_path, !!(flags & UNIT_FILE_DRY_RUN), changes, n_changes);
 }
 int unit_file_reenable(
@@ -2243,7 +2250,7 @@ static int execute_preset(
                 if (r < 0)
                         return r;
-                r = remove_marked_symlinks(remove_symlinks_to, config_path, changes, n_changes);
+                r = remove_marked_symlinks(remove_symlinks_to, config_path, false, changes, n_changes);
         } else
                 r = 0;
diff --git a/src/shared/install.h b/src/shared/install.h
index c961b53..c236dcf 100644
--- a/src/shared/install.h
+++ b/src/shared/install.h
@@ -68,7 +68,8 @@ typedef enum UnitFileChangeType {
 typedef enum UnitFileFlags {
         UNIT_FILE_RUNTIME = 1,
-        UNIT_FILE_FORCE = 1 << 1
+        UNIT_FILE_FORCE = 1 << 1,
+        UNIT_FILE_DRY_RUN = 1 << 2
 } UnitFileFlags;
 static inline bool unit_file_change_is_modification(UnitFileChangeType type) {
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index e0dbf0f..ff8b4e9 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5722,6 +5722,63 @@ finish:
         return r;
 }
+static int show_installation_targets_client_side(const char *name) {
+        UnitFileChange *changes = NULL;
+        unsigned n_changes = 0, i;
+        UnitFileFlags flags;
+        char **p;
+        int r;
+
+        p = STRV_MAKE(name);
+        flags = UNIT_FILE_DRY_RUN |
+                (arg_runtime ? UNIT_FILE_RUNTIME : 0);
+
+        r = unit_file_disable(UNIT_FILE_SYSTEM, flags, NULL, p, &changes, &n_changes);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get file links for %s: %m", name);
+
+        for (i = 0; i < n_changes; i++)
+                if (changes[i].type == UNIT_FILE_UNLINK)
+                        printf("  %s\n", changes[i].path);
+
+        return 0;
+}
+
+static int show_installation_targets(sd_bus *bus, const char *name) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *link;
+        int r;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "GetUnitFileLinks",
+                        &error,
+                        &reply,
+                        "sb", name, arg_runtime);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get unit file links for %s: %s", name, bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "s");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "s", &link)) > 0)
+                printf("  %s\n", link);
+
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return 0;
+}
+
 static int unit_is_enabled(sd_bus *bus, char **args) {
         _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
@@ -5755,8 +5812,14 @@ static int unit_is_enabled(sd_bus *bus, char **args) {
                             state == UNIT_FILE_INDIRECT)
                                 enabled = true;
-                        if (!arg_quiet)
+                        if (!arg_quiet) {
                                 puts(unit_file_state_to_string(state));
+                                if (arg_full) {
+                                        r = show_installation_targets_client_side(*name);
+                                        if (r < 0)
+                                                return r;
+                                }
+                        }
                 }
         } else {
@@ -5785,8 +5848,14 @@ static int unit_is_enabled(sd_bus *bus, char **args) {
                         if (STR_IN_SET(s, "enabled", "enabled-runtime", "static", "indirect"))
                                 enabled = true;
-                        if (!arg_quiet)
+                        if (!arg_quiet) {
                                 puts(s);
+                                if (arg_full) {
+                                        r = show_installation_targets(bus, *name);
+                                        if (r < 0)
+                                                return r;
+                                }
+                        }
                 }
         }
SOURCES/0445-udev-fix-crash-with-invalid-udev.log-priority.patch
New file
@@ -0,0 +1,32 @@
From 22423054480ed8dee70160e9e886ca372b3440f3 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Tue, 21 Jul 2015 18:26:09 +0200
Subject: [PATCH] udev: fix crash with invalid udev.log-priority
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1245293
Conflicts:
    src/udev/udevd.c
Cherry-picked from: e00f5bddde0daff900cbd93e1ee0530ad1ae06ce
Resolves: #1245293
---
 src/udev/udevd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 21e7e7f..82c7a54 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -990,7 +990,10 @@ static void kernel_cmdline_options(struct udev *udev) {
                         int prio;
                         prio = util_log_priority(value);
-                        log_set_max_level(prio);
+                        if (prio < 0)
+                                log_warning("Invalid udev.log-priority ignored: %s", value);
+                        else
+                                log_set_max_level(prio);
                 } else if ((value = startswith(opt, "udev.children-max="))) {
                         r = safe_atoi(value, &arg_children_max);
                         if (r < 0)
SOURCES/0446-core-make-exec-code-a-bit-more-readable.patch
New file
@@ -0,0 +1,73 @@
From ccf46ebc548054f876a418fc2e949a05a74a9c2a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 May 2015 16:34:02 +0200
Subject: [PATCH] core: make exec code a bit more readable
Let's add a function that checks whether we need fs namespacing, to make
things easier to read, instead of using a humungous if expression...
Cherry-picked from: 8b44a3d22c1fdfc5ce5fcb77e38a90ec02ba8019
Related: #1421181
---
 src/core/execute.c | 41 +++++++++++++++++++++++++++++++----------
 1 file changed, 31 insertions(+), 10 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index e9b4359..59340ec 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1256,6 +1256,36 @@ static int build_environment(
         return 0;
 }
+static bool exec_needs_mount_namespace(
+                const ExecContext *context,
+                const ExecParameters *params,
+                ExecRuntime *runtime) {
+
+        assert(context);
+        assert(params);
+
+        if (!strv_isempty(context->read_write_dirs) ||
+            !strv_isempty(context->read_only_dirs) ||
+            !strv_isempty(context->inaccessible_dirs))
+                return true;
+
+        if (context->mount_flags != 0)
+                return true;
+
+        if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))
+                return true;
+
+        if (params->bus_endpoint_path)
+                return true;
+
+        if (context->private_devices ||
+            context->protect_system != PROTECT_SYSTEM_NO ||
+            context->protect_home != PROTECT_HOME_NO)
+                return true;
+
+        return false;
+}
+
 static int exec_child(
                 ExecCommand *command,
                 const ExecContext *context,
@@ -1563,16 +1593,7 @@ static int exec_child(
                 }
         }
-        if (!strv_isempty(context->read_write_dirs) ||
-            !strv_isempty(context->read_only_dirs) ||
-            !strv_isempty(context->inaccessible_dirs) ||
-            context->mount_flags != 0 ||
-            (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) ||
-            params->bus_endpoint_path ||
-            context->private_devices ||
-            context->protect_system != PROTECT_SYSTEM_NO ||
-            context->protect_home != PROTECT_HOME_NO) {
-
+        if (exec_needs_mount_namespace(context, params, runtime)) {
                 char *tmp = NULL, *var = NULL;
                 /* The runtime struct only contains the parent
SOURCES/0447-core-Private-Protect-options-with-RootDirectory.patch
New file
@@ -0,0 +1,295 @@
From 2b4894764e9e92ae9004524ed466b4bdf94b2a34 Mon Sep 17 00:00:00 2001
From: Alban Crequy <alban@endocode.com>
Date: Mon, 18 May 2015 12:20:28 +0200
Subject: [PATCH] core: Private*/Protect* options with RootDirectory
When a service is chrooted with the option RootDirectory=/opt/..., then
the options PrivateDevices, PrivateTmp, ProtectHome, ProtectSystem must
mount the directories under $RootDirectory/{dev,tmp,home,usr,boot}.
The test-ns tool can test setup_namespace() with and without chroot:
 $ sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns
 $ sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns
Cherry-picked from: ee818b89f4890b3a00e93772249fce810f60811e
Resolves: #1421181
---
 src/core/execute.c   |  8 ++++--
 src/core/namespace.c | 80 +++++++++++++++++++++++++++++++++++++++++++++-------
 src/core/namespace.h |  3 +-
 src/test/test-ns.c   | 24 ++++++++++++++--
 4 files changed, 100 insertions(+), 15 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 59340ec..863babd 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1305,6 +1305,7 @@ static int exec_child(
         uid_t uid = UID_INVALID;
         gid_t gid = GID_INVALID;
         int i, r;
+        bool needs_mount_namespace;
         assert(command);
         assert(context);
@@ -1593,7 +1594,9 @@ static int exec_child(
                 }
         }
-        if (exec_needs_mount_namespace(context, params, runtime)) {
+        needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime);
+
+        if (needs_mount_namespace) {
                 char *tmp = NULL, *var = NULL;
                 /* The runtime struct only contains the parent
@@ -1610,6 +1613,7 @@ static int exec_child(
                 }
                 r = setup_namespace(
+                                params->apply_chroot ? context->root_directory : NULL,
                                 context->read_write_dirs,
                                 context->read_only_dirs,
                                 context->inaccessible_dirs,
@@ -1635,7 +1639,7 @@ static int exec_child(
         }
         if (params->apply_chroot) {
-                if (context->root_directory)
+                if (!needs_mount_namespace && context->root_directory)
                         if (chroot(context->root_directory) < 0) {
                                 *exit_status = EXIT_CHROOT;
                                 return -errno;
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 00495c1..5747462 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -44,6 +44,7 @@
 #include "label.h"
 #include "selinux-util.h"
 #include "namespace.h"
+#include "mkdir.h"
 typedef enum MountMode {
         /* This is ordered by priority! */
@@ -132,6 +133,22 @@ static void drop_duplicates(BindMount *m, unsigned *n) {
         *n = t - m;
 }
+static int mount_move_root(const char *path) {
+        if (chdir(path) < 0)
+                return -errno;
+
+        if (mount(path, "/", NULL, MS_MOVE, NULL) < 0)
+                return -errno;
+
+        if (chroot(".") < 0)
+                return -errno;
+
+        if (chdir("/") < 0)
+                return -errno;
+
+        return 0;
+}
+
 static int mount_dev(BindMount *m) {
         static const char devnodes[] =
                 "/dev/null\0"
@@ -231,7 +248,13 @@ static int mount_dev(BindMount *m) {
         dev_setup(temporary_mount);
-        if (mount(dev, "/dev/", NULL, MS_MOVE, NULL) < 0) {
+        /* Create the /dev directory if missing. It is more likely to be
+         * missing when the service is started with RootDirectory. This is
+         * consistent with mount units creating the mount points when missing.
+         */
+        (void) mkdir_p_label(m->path, 0755);
+
+        if (mount(dev, m->path, NULL, MS_MOVE, NULL) < 0) {
                 r = -errno;
                 goto fail;
         }
@@ -410,6 +433,7 @@ static int make_read_only(BindMount *m) {
 }
 int setup_namespace(
+                const char* root_directory,
                 char** read_write_dirs,
                 char** read_only_dirs,
                 char** inaccessible_dirs,
@@ -455,37 +479,56 @@ int setup_namespace(
                         return r;
                 if (tmp_dir) {
-                        m->path = "/tmp";
+                        m->path = prefix_roota(root_directory, "/tmp");
                         m->mode = PRIVATE_TMP;
                         m++;
                 }
                 if (var_tmp_dir) {
-                        m->path = "/var/tmp";
+                        m->path = prefix_roota(root_directory, "/var/tmp");
                         m->mode = PRIVATE_VAR_TMP;
                         m++;
                 }
                 if (private_dev) {
-                        m->path = "/dev";
+                        m->path = prefix_roota(root_directory, "/dev");
                         m->mode = PRIVATE_DEV;
                         m++;
                 }
                 if (bus_endpoint_path) {
-                        m->path = bus_endpoint_path;
+                        m->path = prefix_roota(root_directory, bus_endpoint_path);
                         m->mode = PRIVATE_BUS_ENDPOINT;
                         m++;
                 }
                 if (protect_home != PROTECT_HOME_NO) {
-                        r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user", "-/root"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
+                        const char *home_dir, *run_user_dir, *root_dir;
+
+                        home_dir = prefix_roota(root_directory, "/home");
+                        home_dir = strjoina("-", home_dir);
+                        run_user_dir = prefix_roota(root_directory, "/run/user");
+                        run_user_dir = strjoina("-", run_user_dir);
+                        root_dir = prefix_roota(root_directory, "/root");
+                        root_dir = strjoina("-", root_dir);
+
+                        r = append_mounts(&m, STRV_MAKE(home_dir, run_user_dir, root_dir),
+                                protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
                         if (r < 0)
                                 return r;
                 }
                 if (protect_system != PROTECT_SYSTEM_NO) {
-                        r = append_mounts(&m, protect_system == PROTECT_SYSTEM_FULL ? STRV_MAKE("/usr", "-/boot", "/etc") : STRV_MAKE("/usr", "-/boot"), READONLY);
+                        const char *usr_dir, *boot_dir, *etc_dir;
+
+                        usr_dir = prefix_roota(root_directory, "/home");
+                        boot_dir = prefix_roota(root_directory, "/boot");
+                        boot_dir = strjoina("-", boot_dir);