diff --git a/SOURCES/0233-units-serial-getty-.service-add-Install-section.patch b/SOURCES/0233-units-serial-getty-.service-add-Install-section.patch
index ec8132e..dd560ff 100644
--- a/SOURCES/0233-units-serial-getty-.service-add-Install-section.patch
+++ b/SOURCES/0233-units-serial-getty-.service-add-Install-section.patch
@@ -1,4 +1,4 @@
-From 2e1c925693871dfba76845b82bb653dc09b2de97 Mon Sep 17 00:00:00 2001
+From 8ade7cd519f3cdccc81ed8c2fb2f72df48a191d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 24 Feb 2014 08:02:28 -0500
Subject: [PATCH] units/serial-getty@.service: add [Install] section
@@ -8,7 +8,7 @@ specific gettys, and also mirrors getty@.service.
http://lists.freedesktop.org/archives/systemd-devel/2014-February/017329.html
-Resolves: #1118230
+Resolves: #1083936
---
units/serial-getty@.service.m4 | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SOURCES/0234-units-order-network-online.target-after-network.targ.patch b/SOURCES/0234-units-order-network-online.target-after-network.targ.patch
index 361bc19..4390f79 100644
--- a/SOURCES/0234-units-order-network-online.target-after-network.targ.patch
+++ b/SOURCES/0234-units-order-network-online.target-after-network.targ.patch
@@ -1,9 +1,9 @@
-From 8ace570670d71d13fe604e7cf9d264de245ac981 Mon Sep 17 00:00:00 2001
+From dda9057e8ee63f2e525333bf7d606f22bce0f7f5 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 21 Jul 2014 15:13:15 +0200
Subject: [PATCH] units: order network-online.target after network.target
-Resolves: #1121650
+Resolves: #1072431
---
units/network-online.target | 1 +
1 file changed, 1 insertion(+)
diff --git a/SOURCES/0235-util-consider-both-fuse.glusterfs-and-glusterfs-netw.patch b/SOURCES/0235-util-consider-both-fuse.glusterfs-and-glusterfs-netw.patch
new file mode 100644
index 0000000..5cbe8ca
--- /dev/null
+++ b/SOURCES/0235-util-consider-both-fuse.glusterfs-and-glusterfs-netw.patch
@@ -0,0 +1,36 @@
+From f8615ebc34fb1a960a1bd946650a8c15a9a347fa Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 25 Mar 2014 01:46:24 +0100
+Subject: [PATCH] util: consider both fuse.glusterfs and glusterfs network file
+ systems
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Based on a similar patch by Lukáš Nykrýn.
+
+Resolves: #1080229
+---
+ src/shared/util.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/util.c b/src/shared/util.c
+index 090a204..2974c2a 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -1625,7 +1625,14 @@ bool fstype_is_network(const char *fstype) {
+ "nfs\0"
+ "nfs4\0"
+ "gfs\0"
+- "gfs2\0";
++ "gfs2\0"
++ "glusterfs\0";
++
++ const char *x;
++
++ x = startswith(fstype, "fuse.");
++ if (x)
++ fstype = x;
+
+ return nulstr_contains(table, fstype);
+ }
diff --git a/SOURCES/0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch b/SOURCES/0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
deleted file mode 100644
index 005ef88..0000000
--- a/SOURCES/0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 3a45f6df7e5d37c1eb0c6e83b74093ef717942e6 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Wed, 27 Aug 2014 21:42:20 +0200
-Subject: [PATCH] util: fix minimal race where we might miss SIGTERMs when
- forking off an agent
-
-Before forking, block all signals, and unblock them afterwards. This way
-the child will have them blocked, and we won't lose them.
-
-(cherry picked from commit 8a7c93d858c342744adf481565d8bb03b9713dcf)
-
-Related: #1134818
----
- src/shared/util.c | 29 +++++++++++++++++++++++------
- 1 file changed, 23 insertions(+), 6 deletions(-)
-
-diff --git a/src/shared/util.c b/src/shared/util.c
-index 090a204..0fcc130 100644
---- a/src/shared/util.c
-+++ b/src/shared/util.c
-@@ -4991,9 +4991,9 @@ int fd_inc_rcvbuf(int fd, size_t n) {
- }
-
- int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) {
-- pid_t parent_pid, agent_pid;
-- int fd;
- bool stdout_is_tty, stderr_is_tty;
-+ pid_t parent_pid, agent_pid;
-+ sigset_t ss, saved_ss;
- unsigned n, i;
- va_list ap;
- char **l;
-@@ -5001,16 +5001,25 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa
- assert(pid);
- assert(path);
-
-- parent_pid = getpid();
--
- /* Spawns a temporary TTY agent, making sure it goes away when
- * we go away */
-
-+ parent_pid = getpid();
-+
-+ /* First we temporarily block all signals, so that the new
-+ * child has them blocked initially. This way, we can be sure
-+ * that SIGTERMs are not lost we might send to the agent. */
-+ assert_se(sigfillset(&ss) >= 0);
-+ assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0);
-+
- agent_pid = fork();
-- if (agent_pid < 0)
-+ if (agent_pid < 0) {
-+ assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
- return -errno;
-+ }
-
- if (agent_pid != 0) {
-+ assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
- *pid = agent_pid;
- return 0;
- }
-@@ -5021,8 +5030,14 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa
- if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
- _exit(EXIT_FAILURE);
-
-+ /* Make sure we actually can kill the agent, if we need to, in
-+ * case somebody invoked us from a shell script that trapped
-+ * SIGTERM or so... */
-+ reset_all_signal_handlers();
-+ reset_signal_mask();
-+
- /* Check whether our parent died before we were able
-- * to set the death signal */
-+ * to set the death signal and unblock the signals */
- if (getppid() != parent_pid)
- _exit(EXIT_SUCCESS);
-
-@@ -5033,6 +5048,8 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa
- stderr_is_tty = isatty(STDERR_FILENO);
-
- if (!stdout_is_tty || !stderr_is_tty) {
-+ int fd;
-+
- /* Detach from stdout/stderr. and reopen
- * /dev/tty for them. This is important to
- * ensure that when systemctl is started via
diff --git a/SOURCES/0236-core-make-StopWhenUnneeded-work-in-conjunction-with-.patch b/SOURCES/0236-core-make-StopWhenUnneeded-work-in-conjunction-with-.patch
new file mode 100644
index 0000000..a7cb5f3
--- /dev/null
+++ b/SOURCES/0236-core-make-StopWhenUnneeded-work-in-conjunction-with-.patch
@@ -0,0 +1,43 @@
+From bb586b571661bd77cafe0824efecdba502c99a98 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 13 Feb 2014 02:12:27 +0100
+Subject: [PATCH] core: make StopWhenUnneeded work in conjunction with units
+ that fail during their start job
+
+https://bugzilla.redhat.com/show_bug.cgi?id=997031
+
+Resolves: #986949
+---
+ src/core/unit.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index a4e6c18..17792d1 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -1455,7 +1455,9 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
+ * sucessfully, since there's no change of state in that case. Which is
+ * why it is handled in service_set_state() */
+ if (UNIT_IS_INACTIVE_OR_FAILED(os) != UNIT_IS_INACTIVE_OR_FAILED(ns)) {
+- ExecContext *ec = unit_get_exec_context(u);
++ ExecContext *ec;
++
++ ec = unit_get_exec_context(u);
+ if (ec && exec_context_may_touch_console(ec)) {
+ if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
+ m->n_on_console --;
+@@ -1551,12 +1553,11 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
+ }
+
+ /* stop unneeded units regardless if going down was expected or not */
+- if (UNIT_IS_ACTIVE_OR_ACTIVATING(os) && UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
++ if (UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
+ check_unneeded_dependencies(u);
+
+ if (ns != os && ns == UNIT_FAILED) {
+- log_notice_unit(u->id,
+- "Unit %s entered failed state.", u->id);
++ log_notice_unit(u->id, "Unit %s entered failed state.", u->id);
+ unit_start_on_failure(u);
+ }
+ }
diff --git a/SOURCES/0236-util-reset-signals-when-we-fork-off-agents.patch b/SOURCES/0236-util-reset-signals-when-we-fork-off-agents.patch
deleted file mode 100644
index 04801b9..0000000
--- a/SOURCES/0236-util-reset-signals-when-we-fork-off-agents.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From c0e227a9fbb99cc9d437f8ac695c93c72c92e11b Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Tue, 26 Aug 2014 21:04:21 +0200
-Subject: [PATCH] util: reset signals when we fork off agents
-
-If we invoke agents, we should make sure we actually can kill them
-again. I mean, it's probably not our job to cleanup the signals if our
-tools are invoked in weird contexts, but at least we should make sure,
-that the subprocesses we invoke and intend to control work as intended.
-
-Also see:
-
-http://lists.freedesktop.org/archives/systemd-devel/2014-August/022460.html
-
-(cherry picked from commit 8a7c93d858c342744adf481565d8bb03b9713dcf)
-
-Resolves: #1134818
----
- src/shared/util.c | 18 ++++++++++++++++++
- src/shared/util.h | 1 +
- 2 files changed, 19 insertions(+)
-
-diff --git a/src/shared/util.c b/src/shared/util.c
-index 0fcc130..3620c0a 100644
---- a/src/shared/util.c
-+++ b/src/shared/util.c
-@@ -935,6 +935,18 @@ int reset_all_signal_handlers(void) {
- return 0;
- }
-
-+int reset_signal_mask(void) {
-+ sigset_t ss;
-+
-+ if (sigemptyset(&ss) < 0)
-+ return -errno;
-+
-+ if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
-+ return -errno;
-+
-+ return 0;
-+}
-+
- char *strstrip(char *s) {
- char *e;
-
-@@ -5044,6 +5056,12 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa
- /* Don't leak fds to the agent */
- close_all_fds(except, n_except);
-
-+ /* Make sure we actually can kill the agent, if we need to, in
-+ * case somebody invoked us from a shell script that trapped
-+ * SIGTERM or so... */
-+ reset_all_signal_handlers();
-+ reset_signal_mask();
-+
- stdout_is_tty = isatty(STDOUT_FILENO);
- stderr_is_tty = isatty(STDERR_FILENO);
-
-diff --git a/src/shared/util.h b/src/shared/util.h
-index 3a4bc98..cf935ce 100644
---- a/src/shared/util.h
-+++ b/src/shared/util.h
-@@ -206,6 +206,7 @@ int readlink_and_make_absolute(const char *p, char **r);
- int readlink_and_canonicalize(const char *p, char **r);
-
- int reset_all_signal_handlers(void);
-+int reset_signal_mask(void);
-
- char *strstrip(char *s);
- char *delete_chars(char *s, const char *bad);
diff --git a/SOURCES/0237-cgroups-agent-down-grade-log-level.patch b/SOURCES/0237-cgroups-agent-down-grade-log-level.patch
new file mode 100644
index 0000000..5cc9b97
--- /dev/null
+++ b/SOURCES/0237-cgroups-agent-down-grade-log-level.patch
@@ -0,0 +1,41 @@
+From b0010d76a8c56900d15fab8ac1ed94d364d1e566 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Wed, 23 Jul 2014 14:08:18 +0200
+Subject: [PATCH] cgroups-agent: down-grade log level
+
+(cherry picked from commit 844de4355592259eebcffddfc38c63266e451cb6)
+
+Conflicts:
+ src/cgroups-agent/cgroups-agent.c
+
+Resolves: #1044386
+---
+ src/cgroups-agent/cgroups-agent.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c
+index a47949a..43b9b3a 100644
+--- a/src/cgroups-agent/cgroups-agent.c
++++ b/src/cgroups-agent/cgroups-agent.c
+@@ -50,7 +50,11 @@ int main(int argc, char *argv[]) {
+
+ bus = dbus_connection_open_private("unix:path=/run/systemd/private", &error);
+ if (!bus) {
+- log_warning("Failed to get D-Bus connection: %s", bus_error_message(&error));
++ log_warning("Failed to get D-Bus connection: %s", strerror(-r));
++ /* If we couldn't connect we assume this was triggered
++ * while systemd got restarted/transitioned from
++ * initrd to the system, so let's ignore this */
++ log_debug("Failed to get D-Bus connection: %s", strerror(-r));
+ goto finish;
+ }
+
+@@ -73,7 +77,7 @@ int main(int argc, char *argv[]) {
+ }
+
+ if (!dbus_connection_send(bus, m, NULL)) {
+- log_error("Failed to send signal message on private connection.");
++ log_debug("Failed to send signal message on private connection.");
+ goto finish;
+ }
+
diff --git a/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch b/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch
deleted file mode 100644
index 5b6cfca..0000000
--- a/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch
+++ /dev/null
@@ -1,610 +0,0 @@
-From efd4bdec3cd568439eb9b0f0a555b4016da12efe Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Tue, 24 Jun 2014 14:50:26 +0200
-Subject: [PATCH] socket: add SocketUser= and SocketGroup= for chown()ing
- sockets in the file system
-
-This is relatively complex, as we cannot invoke NSS from PID 1, and thus
-need to fork a helper process temporarily.
-
-(cherry picked from commit 3900e5fdff688dc3c273f177d9d913b7389d5561)
-
-Resolves: #1111761
----
- man/systemd.socket.xml | 38 ++++--
- src/core/dbus-socket.c | 8 +-
- src/core/load-fragment-gperf.gperf.m4 | 4 +-
- src/core/socket.c | 220 +++++++++++++++++++++++++++-------
- src/core/socket.h | 5 +
- src/shared/exit-status.c | 4 +
- src/shared/exit-status.h | 3 +-
- 7 files changed, 224 insertions(+), 58 deletions(-)
-
-diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
-index 570a6fb..d146b3b 100644
---- a/man/systemd.socket.xml
-+++ b/man/systemd.socket.xml
-@@ -372,16 +372,21 @@
- </varlistentry>
-
- <varlistentry>
-- <term><varname>DirectoryMode=</varname></term>
-- <listitem><para>If listening on a file
-- system socket or FIFO, the parent
-- directories are automatically created
-- if needed. This option specifies the
-- file system access mode used when
-- creating these directories. Takes an
-- access mode in octal
-- notation. Defaults to
-- 0755.</para></listitem>
-+ <term><varname>SocketUser=</varname></term>
-+ <term><varname>SocketGroup=</varname></term>
-+
-+ <listitem><para>Takes a UNIX
-+ user/group name. When specified
-+ all AF_UNIX sockets and FIFO nodes in
-+ the file system are owned by the
-+ specified user and group. If unset
-+ (the default), the nodes are owned by
-+ the root user/group (if run in system
-+ context) or the invoking user/group
-+ (if run in user context). If only a
-+ user is specified but no group, then
-+ the group is derived from the user's
-+ default group.</para></listitem>
- </varlistentry>
-
- <varlistentry>
-@@ -396,6 +401,19 @@
- </varlistentry>
-
- <varlistentry>
-+ <term><varname>DirectoryMode=</varname></term>
-+ <listitem><para>If listening on a file
-+ system socket or FIFO, the parent
-+ directories are automatically created
-+ if needed. This option specifies the
-+ file system access mode used when
-+ creating these directories. Takes an
-+ access mode in octal
-+ notation. Defaults to
-+ 0755.</para></listitem>
-+ </varlistentry>
-+
-+ <varlistentry>
- <term><varname>Accept=</varname></term>
- <listitem><para>Takes a boolean
- argument. If true, a service instance
-diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
-index 30c4b63..870bcdc 100644
---- a/src/core/dbus-socket.c
-+++ b/src/core/dbus-socket.c
-@@ -44,8 +44,10 @@
- BUS_CGROUP_CONTEXT_INTERFACE \
- " <property name=\"ControlPID\" type=\"u\" access=\"read\"/>\n" \
- " <property name=\"BindToDevice\" type=\"s\" access=\"read\"/>\n" \
-- " <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \
-+ " <property name=\"SocketUser\" type=\"s\" access=\"read\"/>\n" \
-+ " <property name=\"SocketGroup\" type=\"s\" access=\"read\"/>\n" \
- " <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \
-+ " <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \
- " <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \
- " <property name=\"KeepAlive\" type=\"b\" access=\"read\"/>\n" \
- " <property name=\"Priority\" type=\"i\" access=\"read\"/>\n" \
-@@ -172,8 +174,10 @@ static const BusProperty bus_socket_properties[] = {
- BUS_EXEC_COMMAND_PROPERTY("ExecStopPost", offsetof(Socket, exec_command[SOCKET_EXEC_STOP_POST]), true ),
- { "ControlPID", bus_property_append_pid, "u", offsetof(Socket, control_pid) },
- { "BindToDevice", bus_property_append_string, "s", offsetof(Socket, bind_to_device), true },
-- { "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) },
-+ { "SocketUser", bus_property_append_string, "s", offsetof(Socket, user), true },
-+ { "SocketGroup", bus_property_append_string, "s", offsetof(Socket, group), true },
- { "SocketMode", bus_property_append_mode, "u", offsetof(Socket, socket_mode) },
-+ { "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) },
- { "Accept", bus_property_append_bool, "b", offsetof(Socket, accept) },
- { "KeepAlive", bus_property_append_bool, "b", offsetof(Socket, keep_alive) },
- { "Priority", bus_property_append_int, "i", offsetof(Socket, priority) },
-diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
-index d65bcc1..0991cb9 100644
---- a/src/core/load-fragment-gperf.gperf.m4
-+++ b/src/core/load-fragment-gperf.gperf.m4
-@@ -193,8 +193,10 @@ Socket.ExecStartPost, config_parse_exec, SOCKET_EXEC
- Socket.ExecStopPre, config_parse_exec, SOCKET_EXEC_STOP_PRE, offsetof(Socket, exec_command)
- Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC_STOP_POST, offsetof(Socket, exec_command)
- Socket.TimeoutSec, config_parse_sec, 0, offsetof(Socket, timeout_usec)
--Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
-+Socket.SocketUser, config_parse_unit_string_printf, 0, offsetof(Socket, user)
-+Socket.SocketGroup, config_parse_unit_string_printf, 0, offsetof(Socket, group)
- Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode)
-+Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
- Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept)
- Socket.MaxConnections, config_parse_unsigned, 0, offsetof(Socket, max_connections)
- Socket.KeepAlive, config_parse_bool, 0, offsetof(Socket, keep_alive)
-diff --git a/src/core/socket.c b/src/core/socket.c
-index e673f38..32e0d35 100644
---- a/src/core/socket.c
-+++ b/src/core/socket.c
-@@ -54,6 +54,7 @@
- static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
- [SOCKET_DEAD] = UNIT_INACTIVE,
- [SOCKET_START_PRE] = UNIT_ACTIVATING,
-+ [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
- [SOCKET_START_POST] = UNIT_ACTIVATING,
- [SOCKET_LISTENING] = UNIT_ACTIVE,
- [SOCKET_RUNNING] = UNIT_ACTIVE,
-@@ -147,6 +148,8 @@ static void socket_done(Unit *u) {
- free(s->smack);
- free(s->smack_ip_in);
- free(s->smack_ip_out);
-+ free(s->user);
-+ free(s->group);
-
- unit_unwatch_timer(u, &s->timer_watch);
- }
-@@ -527,6 +530,16 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
- "%sSmackLabelIPOut: %s\n",
- prefix, s->smack_ip_out);
-
-+ if (s->user)
-+ fprintf(f,
-+ "%sOwnerUser: %s\n",
-+ prefix, s->user);
-+
-+ if (s->group)
-+ fprintf(f,
-+ "%sOwnerGroup: %s\n",
-+ prefix, s->user);
-+
- LIST_FOREACH(port, p, s->ports) {
-
- if (p->type == SOCKET_SOCKET) {
-@@ -1100,6 +1113,7 @@ static void socket_set_state(Socket *s, SocketState state) {
- s->state = state;
-
- if (state != SOCKET_START_PRE &&
-+ state != SOCKET_START_CHOWN &&
- state != SOCKET_START_POST &&
- state != SOCKET_STOP_PRE &&
- state != SOCKET_STOP_PRE_SIGTERM &&
-@@ -1116,7 +1130,8 @@ static void socket_set_state(Socket *s, SocketState state) {
- if (state != SOCKET_LISTENING)
- socket_unwatch_fds(s);
-
-- if (state != SOCKET_START_POST &&
-+ if (state != SOCKET_START_CHOWN &&
-+ state != SOCKET_START_POST &&
- state != SOCKET_LISTENING &&
- state != SOCKET_RUNNING &&
- state != SOCKET_STOP_PRE &&
-@@ -1143,6 +1158,7 @@ static int socket_coldplug(Unit *u) {
- if (s->deserialized_state != s->state) {
-
- if (s->deserialized_state == SOCKET_START_PRE ||
-+ s->deserialized_state == SOCKET_START_CHOWN ||
- s->deserialized_state == SOCKET_START_POST ||
- s->deserialized_state == SOCKET_STOP_PRE ||
- s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
-@@ -1163,7 +1179,8 @@ static int socket_coldplug(Unit *u) {
- return r;
- }
-
-- if (s->deserialized_state == SOCKET_START_POST ||
-+ if (s->deserialized_state == SOCKET_START_CHOWN ||
-+ s->deserialized_state == SOCKET_START_POST ||
- s->deserialized_state == SOCKET_LISTENING ||
- s->deserialized_state == SOCKET_RUNNING ||
- s->deserialized_state == SOCKET_STOP_PRE ||
-@@ -1185,7 +1202,7 @@ static int socket_coldplug(Unit *u) {
- static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
- pid_t pid;
- int r;
-- char **argv;
-+ _cleanup_strv_free_ char **argv = NULL;
-
- assert(s);
- assert(c);
-@@ -1216,11 +1233,11 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
- NULL,
- &pid);
-
-- strv_free(argv);
- if (r < 0)
- goto fail;
-
-- if ((r = unit_watch_pid(UNIT(s), pid)) < 0)
-+ r = unit_watch_pid(UNIT(s), pid);
-+ if (r < 0)
- /* FIXME: we need to do something here */
- goto fail;
-
-@@ -1234,6 +1251,88 @@ fail:
- return r;
- }
-
-+static int socket_chown(Socket *s, pid_t *_pid) {
-+ pid_t pid;
-+ int r;
-+
-+ r = unit_watch_timer(UNIT(s), CLOCK_MONOTONIC, true, s->timeout_usec, &s->timer_watch);
-+ if (r < 0)
-+ goto fail;
-+
-+ pid = fork();
-+ if (pid < 0)
-+ return -errno;
-+
-+ if (pid == 0) {
-+ SocketPort *p;
-+ uid_t uid = (uid_t) -1;
-+ gid_t gid = (gid_t) -1;
-+ int ret;
-+
-+ default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
-+ ignore_signals(SIGPIPE, -1);
-+ log_forget_fds();
-+
-+ if (!isempty(s->user)) {
-+ const char *user = s->user;
-+
-+ r = get_user_creds(&user, &uid, &gid, NULL, NULL);
-+ if (r < 0) {
-+ ret = EXIT_USER;
-+ goto fail_child;
-+ }
-+ }
-+
-+ if (!isempty(s->group)) {
-+ const char *group = s->group;
-+
-+ r = get_group_creds(&group, &gid);
-+ if (r < 0) {
-+ ret = EXIT_GROUP;
-+ goto fail_child;
-+ }
-+ }
-+
-+ LIST_FOREACH(port, p, s->ports) {
-+ const char *path = NULL;
-+
-+ if (p->type == SOCKET_SOCKET)
-+ path = socket_address_get_path(&p->address);
-+ else if (p->type == SOCKET_FIFO)
-+ path = p->path;
-+
-+ if (!path)
-+ continue;
-+
-+ if (chown(path, uid, gid) < 0) {
-+ r = -errno;
-+ ret = EXIT_CHOWN;
-+ goto fail_child;
-+ }
-+ }
-+
-+ _exit(0);
-+
-+ fail_child:
-+ log_open();
-+ log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
-+
-+ _exit(ret);
-+ }
-+
-+ r = unit_watch_pid(UNIT(s), pid);
-+ if (r < 0)
-+ goto fail;
-+
-+ *_pid = pid;
-+
-+ return 0;
-+
-+fail:
-+ unit_unwatch_timer(UNIT(s), &s->timer_watch);
-+ return r;
-+}
-+
- static void socket_enter_dead(Socket *s, SocketResult f) {
- assert(s);
-
-@@ -1256,9 +1355,11 @@ static void socket_enter_stop_post(Socket *s, SocketResult f) {
- socket_unwatch_control_pid(s);
-
- s->control_command_id = SOCKET_EXEC_STOP_POST;
-+ s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
-
-- if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST])) {
-- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
-+ if (s->control_command) {
-+ r = socket_spawn(s, s->control_command, &s->control_pid);
-+ if (r < 0)
- goto fail;
-
- socket_set_state(s, SOCKET_STOP_POST);
-@@ -1326,9 +1427,11 @@ static void socket_enter_stop_pre(Socket *s, SocketResult f) {
- socket_unwatch_control_pid(s);
-
- s->control_command_id = SOCKET_EXEC_STOP_PRE;
-+ s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
-
-- if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE])) {
-- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
-+ if (s->control_command) {
-+ r = socket_spawn(s, s->control_command, &s->control_pid);
-+ if (r < 0)
- goto fail;
-
- socket_set_state(s, SOCKET_STOP_PRE);
-@@ -1376,15 +1479,13 @@ static void socket_enter_start_post(Socket *s) {
- }
-
- socket_unwatch_control_pid(s);
--
- s->control_command_id = SOCKET_EXEC_START_POST;
-+ s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
-
-- if ((s->control_command = s->exec_command[SOCKET_EXEC_START_POST])) {
-+ if (s->control_command) {
- r = socket_spawn(s, s->control_command, &s->control_pid);
- if (r < 0) {
-- log_warning_unit(UNIT(s)->id,
-- "%s failed to run 'start-post' task: %s",
-- UNIT(s)->id, strerror(-r));
-+ log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
- goto fail;
- }
-
-@@ -1398,6 +1499,38 @@ fail:
- socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
- }
-
-+static void socket_enter_start_chown(Socket *s) {
-+ int r;
-+
-+ assert(s);
-+
-+ r = socket_open_fds(s);
-+ if (r < 0) {
-+ log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
-+ goto fail;
-+ }
-+
-+ if (!isempty(s->user) || !isempty(s->group)) {
-+ socket_unwatch_control_pid(s);
-+ s->control_command_id = SOCKET_EXEC_START_CHOWN;
-+ s->control_command = NULL;
-+
-+ r = socket_chown(s, &s->control_pid);
-+ if (r < 0) {
-+ log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
-+ goto fail;
-+ }
-+
-+ socket_set_state(s, SOCKET_START_CHOWN);
-+ } else
-+ socket_enter_start_post(s);
-+
-+ return;
-+
-+fail:
-+ socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
-+}
-+
- static void socket_enter_start_pre(Socket *s) {
- int r;
- assert(s);
-@@ -1405,21 +1538,21 @@ static void socket_enter_start_pre(Socket *s) {
- socket_unwatch_control_pid(s);
-
- s->control_command_id = SOCKET_EXEC_START_PRE;
-+ s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
-
-- if ((s->control_command = s->exec_command[SOCKET_EXEC_START_PRE])) {
-- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
-+ if (s->control_command) {
-+ r = socket_spawn(s, s->control_command, &s->control_pid);
-+ if (r < 0)
- goto fail;
-
- socket_set_state(s, SOCKET_START_PRE);
- } else
-- socket_enter_start_post(s);
-+ socket_enter_start_chown(s);
-
- return;
-
- fail:
-- log_warning_unit(UNIT(s)->id,
-- "%s failed to run 'start-pre' task: %s",
-- UNIT(s)->id, strerror(-r));
-+ log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
- socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
- }
-
-@@ -1609,6 +1742,7 @@ static int socket_start(Unit *u) {
- return -EAGAIN;
-
- if (s->state == SOCKET_START_PRE ||
-+ s->state == SOCKET_START_CHOWN ||
- s->state == SOCKET_START_POST)
- return 0;
-
-@@ -1669,6 +1803,7 @@ static int socket_stop(Unit *u) {
- /* If there's already something running we go directly into
- * kill mode. */
- if (s->state == SOCKET_START_PRE ||
-+ s->state == SOCKET_START_CHOWN ||
- s->state == SOCKET_START_POST) {
- socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
- return -EAGAIN;
-@@ -2098,11 +2233,18 @@ static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
-
- case SOCKET_START_PRE:
- if (f == SOCKET_SUCCESS)
-- socket_enter_start_post(s);
-+ socket_enter_start_chown(s);
- else
- socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
- break;
-
-+ case SOCKET_START_CHOWN:
-+ if (f == SOCKET_SUCCESS)
-+ socket_enter_start_post(s);
-+ else
-+ socket_enter_stop_pre(s, f);
-+ break;
-+
- case SOCKET_START_POST:
- if (f == SOCKET_SUCCESS)
- socket_enter_listening(s);
-@@ -2141,65 +2283,53 @@ static void socket_timer_event(Unit *u, uint64_t elapsed, Watch *w) {
- switch (s->state) {
-
- case SOCKET_START_PRE:
-- log_warning_unit(u->id,
-- "%s starting timed out. Terminating.", u->id);
-+ log_warning_unit(u->id, "%s starting timed out. Terminating.", u->id);
- socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
- break;
-
-+ case SOCKET_START_CHOWN:
- case SOCKET_START_POST:
-- log_warning_unit(u->id,
-- "%s starting timed out. Stopping.", u->id);
-+ log_warning_unit(u->id, "%s starting timed out. Stopping.", u->id);
- socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
- break;
-
- case SOCKET_STOP_PRE:
-- log_warning_unit(u->id,
-- "%s stopping timed out. Terminating.", u->id);
-+ log_warning_unit(u->id, "%s stopping timed out. Terminating.", u->id);
- socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
- break;
-
- case SOCKET_STOP_PRE_SIGTERM:
- if (s->kill_context.send_sigkill) {
-- log_warning_unit(u->id,
-- "%s stopping timed out. Killing.", u->id);
-+ log_warning_unit(u->id, "%s stopping timed out. Killing.", u->id);
- socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
- } else {
-- log_warning_unit(u->id,
-- "%s stopping timed out. Skipping SIGKILL. Ignoring.",
-- u->id);
-+ log_warning_unit(u->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", u->id);
- socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
- }
- break;
-
- case SOCKET_STOP_PRE_SIGKILL:
-- log_warning_unit(u->id,
-- "%s still around after SIGKILL. Ignoring.", u->id);
-+ log_warning_unit(u->id, "%s still around after SIGKILL. Ignoring.", u->id);
- socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
- break;
-
- case SOCKET_STOP_POST:
-- log_warning_unit(u->id,
-- "%s stopping timed out (2). Terminating.", u->id);
-+ log_warning_unit(u->id, "%s stopping timed out (2). Terminating.", u->id);
- socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
- break;
-
- case SOCKET_FINAL_SIGTERM:
- if (s->kill_context.send_sigkill) {
-- log_warning_unit(u->id,
-- "%s stopping timed out (2). Killing.", u->id);
-+ log_warning_unit(u->id, "%s stopping timed out (2). Killing.", u->id);
- socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
- } else {
-- log_warning_unit(u->id,
-- "%s stopping timed out (2). Skipping SIGKILL. Ignoring.",
-- u->id);
-+ log_warning_unit(u->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", u->id);
- socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
- }
- break;
-
- case SOCKET_FINAL_SIGKILL:
-- log_warning_unit(u->id,
-- "%s still around after SIGKILL (2). Entering failed mode.",
-- u->id);
-+ log_warning_unit(u->id, "%s still around after SIGKILL (2). Entering failed mode.", u->id);
- socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
- break;
-
-@@ -2333,6 +2463,7 @@ static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) {
- static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
- [SOCKET_DEAD] = "dead",
- [SOCKET_START_PRE] = "start-pre",
-+ [SOCKET_START_CHOWN] = "start-chown",
- [SOCKET_START_POST] = "start-post",
- [SOCKET_LISTENING] = "listening",
- [SOCKET_RUNNING] = "running",
-@@ -2349,6 +2480,7 @@ DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
-
- static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
- [SOCKET_EXEC_START_PRE] = "StartPre",
-+ [SOCKET_EXEC_START_CHOWN] = "StartChown",
- [SOCKET_EXEC_START_POST] = "StartPost",
- [SOCKET_EXEC_STOP_PRE] = "StopPre",
- [SOCKET_EXEC_STOP_POST] = "StopPost"
-diff --git a/src/core/socket.h b/src/core/socket.h
-index 3d7eadc..6a24883 100644
---- a/src/core/socket.h
-+++ b/src/core/socket.h
-@@ -32,6 +32,7 @@ typedef struct Socket Socket;
- typedef enum SocketState {
- SOCKET_DEAD,
- SOCKET_START_PRE,
-+ SOCKET_START_CHOWN,
- SOCKET_START_POST,
- SOCKET_LISTENING,
- SOCKET_RUNNING,
-@@ -48,6 +49,7 @@ typedef enum SocketState {
-
- typedef enum SocketExecCommand {
- SOCKET_EXEC_START_PRE,
-+ SOCKET_EXEC_START_CHOWN,
- SOCKET_EXEC_START_POST,
- SOCKET_EXEC_STOP_PRE,
- SOCKET_EXEC_STOP_POST,
-@@ -151,6 +153,9 @@ struct Socket {
- char *smack;
- char *smack_ip_in;
- char *smack_ip_out;
-+
-+ char *user;
-+ char *group;
- };
-
- /* Called from the service code when collecting fds */
-diff --git a/src/shared/exit-status.c b/src/shared/exit-status.c
-index 45131f2..f15fdba 100644
---- a/src/shared/exit-status.c
-+++ b/src/shared/exit-status.c
-@@ -130,6 +130,10 @@ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) {
-
- case EXIT_SECCOMP:
- return "SECCOMP";
-+
-+ case EXIT_CHOWN:
-+ return "CHOWN";
-+
- }
- }
-
-diff --git a/src/shared/exit-status.h b/src/shared/exit-status.h
-index 1f035a3..52dd3d0 100644
---- a/src/shared/exit-status.h
-+++ b/src/shared/exit-status.h
-@@ -67,7 +67,8 @@ typedef enum ExitStatus {
- EXIT_NETWORK,
- EXIT_NAMESPACE,
- EXIT_NO_NEW_PRIVILEGES,
-- EXIT_SECCOMP
-+ EXIT_SECCOMP,
-+ EXIT_CHOWN
- } ExitStatus;
-
- typedef enum ExitStatusLevel {
diff --git a/SOURCES/0238-random-seed-raise-POOL_SIZE_MIN-constant-to-1024.patch b/SOURCES/0238-random-seed-raise-POOL_SIZE_MIN-constant-to-1024.patch
new file mode 100644
index 0000000..ccf36f5
--- /dev/null
+++ b/SOURCES/0238-random-seed-raise-POOL_SIZE_MIN-constant-to-1024.patch
@@ -0,0 +1,23 @@
+From 20436a1eb3a468b7bc32fe1d36cb7c4029519052 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Thu, 24 Jul 2014 11:17:36 +0200
+Subject: [PATCH] random-seed: raise POOL_SIZE_MIN constant to 1024
+
+Resolves: #1066517
+---
+ src/random-seed/random-seed.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c
+index af79ecf..8b7bfbb 100644
+--- a/src/random-seed/random-seed.c
++++ b/src/random-seed/random-seed.c
+@@ -29,7 +29,7 @@
+ #include "util.h"
+ #include "mkdir.h"
+
+-#define POOL_SIZE_MIN 512
++#define POOL_SIZE_MIN 1024
+
+ int main(int argc, char *argv[]) {
+ _cleanup_close_ int seed_fd = -1, random_fd = -1;
diff --git a/SOURCES/0238-rules-don-t-enable-usb-pm-for-Avocent-devices.patch b/SOURCES/0238-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
deleted file mode 100644
index 0e9f0c3..0000000
--- a/SOURCES/0238-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From dcfab2c436b48d87cdfd2b9fa525e07816322b96 Mon Sep 17 00:00:00 2001
-From: Tom Hirst <tom.hirst@ipe-systems.co.uk>
-Date: Wed, 25 Jun 2014 11:57:11 +0000
-Subject: [PATCH] rules: don't enable usb pm for Avocent devices
-
-The Avocent KVM over IP devices doesn't work correctly with USB power
-management enabled.
-
-(cherry-picked from 52fb538361053f8c4abce0e40cd0bae3d28ceb16)
-
-Resolves: #1176736
----
- rules/42-usb-hid-pm.rules | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/rules/42-usb-hid-pm.rules b/rules/42-usb-hid-pm.rules
-index 3fd6e8a..483a781 100644
---- a/rules/42-usb-hid-pm.rules
-+++ b/rules/42-usb-hid-pm.rules
-@@ -11,10 +11,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}==
- ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
- ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
-
--# Catch-all for Avocent HID devices. Keyed off interface in order to only
--# trigger on HID class devices.
--ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto"
--
- # Dell DRAC 4
- ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto"
-
diff --git a/SOURCES/0239-core-introduce-new-Delegate-yes-no-property-controll.patch b/SOURCES/0239-core-introduce-new-Delegate-yes-no-property-controll.patch
deleted file mode 100644
index 0e1f819..0000000
--- a/SOURCES/0239-core-introduce-new-Delegate-yes-no-property-controll.patch
+++ /dev/null
@@ -1,385 +0,0 @@
-From 80753fa3c0622fd8117c64e1ed2d7841edee3b00 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Thu, 13 Nov 2014 14:34:42 +0100
-Subject: [PATCH] core: introduce new Delegate=yes/no property controlling
- creation of cgroup subhierarchies
-
-For priviliged units this resource control property ensures that the
-processes have all controllers systemd manages enabled.
-
-For unpriviliged services (those with User= set) this ensures that
-access rights to the service cgroup is granted to the user in question,
-to create further subgroups. Note that this only applies to the
-name=systemd hierarchy though, as access to other controllers is not
-safe for unpriviliged processes.
-
-Delegate=yes should be set for container scopes where a systemd instance
-inside the container shall manage the hierarchies below its own cgroup
-and have access to all controllers.
-
-Delegate=yes should also be set for user@.service, so that systemd
---user can run, controlling its own cgroup tree.
-
-This commit changes machined, systemd-nspawn@.service and user@.service
-to set this boolean, in order to ensure that container management will
-just work, and the user systemd instance can run fine.
-
-(cherry picked from a931ad47a8623163a29d898224d8a8c1177ffdaf)
-
-Resolves: #1179715
----
- man/systemd.resource-control.xml | 14 ++++++++++++
- src/core/cgroup.c | 19 +++++++++++++++--
- src/core/cgroup.h | 2 ++
- src/core/dbus-cgroup.c | 40 +++++++++++++++++++++++++++++++++++
- src/core/execute.c | 23 +++++++++++++++++---
- src/core/execute.h | 2 ++
- src/core/load-fragment-gperf.gperf.m4 | 3 ++-
- src/core/mount.c | 1 +
- src/core/service.c | 1 +
- src/core/socket.c | 1 +
- src/core/swap.c | 1 +
- src/machine/machined-dbus.c | 10 +++++++++
- src/shared/cgroup-util.h | 3 ++-
- units/systemd-nspawn@.service.in | 1 +
- 14 files changed, 114 insertions(+), 7 deletions(-)
-
-diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
-index 8688905..3748c0c 100644
---- a/man/systemd.resource-control.xml
-+++ b/man/systemd.resource-control.xml
-@@ -327,6 +327,20 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term><varname>Delegate=</varname></term>
-+
-+ <listitem>
-+ <para>Turns on delegation of further resource control
-+ partitioning to processes of the unit. For unpriviliged
-+ services (i.e. those using the <varname>User=</varname>
-+ setting) this allows processes to create a subhierarchy
-+ beneath its control group path. For priviliged services and
-+ scopes this ensures the processes will have all control
-+ group controllers enabled.</para>
-+ </listitem>
-+ </varlistentry>
-+
- </variablelist>
- </refsect1>
-
-diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index 32e2599..764311f 100644
---- a/src/core/cgroup.c
-+++ b/src/core/cgroup.c
-@@ -94,14 +94,16 @@ void cgroup_context_dump(CGroupContext *c, FILE* f, const char *prefix) {
- "%sCPUShares=%lu\n"
- "%sBlockIOWeight=%lu\n"
- "%sMemoryLimit=%" PRIu64 "\n"
-- "%sDevicePolicy=%s\n",
-+ "%sDevicePolicy=%s\n"
-+ "%sDelegate=%s\n",
- prefix, yes_no(c->cpu_accounting),
- prefix, yes_no(c->blockio_accounting),
- prefix, yes_no(c->memory_accounting),
- prefix, c->cpu_shares,
- prefix, c->blockio_weight,
- prefix, c->memory_limit,
-- prefix, cgroup_device_policy_to_string(c->device_policy));
-+ prefix, cgroup_device_policy_to_string(c->device_policy),
-+ prefix, yes_no(c->delegate));
-
- LIST_FOREACH(device_allow, a, c->device_allow)
- fprintf(f,
-@@ -342,6 +344,19 @@ static CGroupControllerMask unit_get_cgroup_mask(Unit *u) {
- if (!c)
- return 0;
-
-+ /* If delegation is turned on, then turn on all cgroups,
-+ * unless the process we fork into it is known to drop
-+ * privileges anyway, and shouldn't get access to the
-+ * controllers anyway. */
-+
-+ if (c->delegate) {
-+ ExecContext *e;
-+
-+ e = unit_get_exec_context(u);
-+ if (!e || exec_context_maintains_privileges(e))
-+ return _CGROUP_CONTROLLER_MASK_ALL;
-+ }
-+
- return cgroup_context_get_mask(c);
- }
-
-diff --git a/src/core/cgroup.h b/src/core/cgroup.h
-index 0a079e9..d00bcac 100644
---- a/src/core/cgroup.h
-+++ b/src/core/cgroup.h
-@@ -80,6 +80,8 @@ struct CGroupContext {
-
- CGroupDevicePolicy device_policy;
- LIST_HEAD(CGroupDeviceAllow, device_allow);
-+
-+ bool delegate;
- };
-
- #include "unit.h"
-diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
-index 9ebcad9..a13c869 100644
---- a/src/core/dbus-cgroup.c
-+++ b/src/core/dbus-cgroup.c
-@@ -124,6 +124,7 @@ static int bus_cgroup_append_device_allow(DBusMessageIter *i, const char *proper
- }
-
- const BusProperty bus_cgroup_context_properties[] = {
-+ { "Delegate", bus_property_append_bool, "b", offsetof(CGroupContext, delegate) },
- { "CPUAccounting", bus_property_append_bool, "b", offsetof(CGroupContext, cpu_accounting) },
- { "CPUShares", bus_property_append_ul, "t", offsetof(CGroupContext, cpu_shares) },
- { "BlockIOAccounting", bus_property_append_bool, "b", offsetof(CGroupContext, blockio_accounting) },
-@@ -138,6 +139,38 @@ const BusProperty bus_cgroup_context_properties[] = {
- {}
- };
-
-+static int bus_cgroup_set_transient_property(
-+ Unit *u,
-+ CGroupContext *c,
-+ const char *name,
-+ DBusMessageIter *i,
-+ UnitSetPropertiesMode mode,
-+ DBusError *error) {
-+
-+ assert(u);
-+ assert(c);
-+ assert(name);
-+ assert(i);
-+
-+ if (streq(name, "Delegate")) {
-+
-+ if (dbus_message_iter_get_arg_type(i) != DBUS_TYPE_BOOLEAN)
-+ return -EINVAL;
-+
-+ if (mode != UNIT_CHECK) {
-+ dbus_bool_t b;
-+
-+ dbus_message_iter_get_basic(i, &b);
-+ c->delegate = b;
-+ unit_write_drop_in_private(u, mode, name, b ? "Delegate=yes" : "Delegate=no");
-+ }
-+
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
- int bus_cgroup_set_property(
- Unit *u,
- CGroupContext *c,
-@@ -550,5 +583,12 @@ int bus_cgroup_set_property(
- return 1;
- }
-
-+ if (u->transient && u->load_state == UNIT_STUB) {
-+ int r;
-+ r = bus_cgroup_set_transient_property(u, c, name, i, mode, error);
-+ if (r != 0)
-+ return r;
-+ }
-+
- return 0;
- }
-diff --git a/src/core/execute.c b/src/core/execute.c
-index 981b9e4..c3fd6a8 100644
---- a/src/core/execute.c
-+++ b/src/core/execute.c
-@@ -1035,6 +1035,7 @@ int exec_spawn(ExecCommand *command,
- bool confirm_spawn,
- CGroupControllerMask cgroup_supported,
- const char *cgroup_path,
-+ bool cgroup_delegate,
- const char *unit_id,
- int idle_pipe[4],
- pid_t *ret) {
-@@ -1299,8 +1300,10 @@ int exec_spawn(ExecCommand *command,
- }
- }
-
--#ifdef HAVE_PAM
-- if (cgroup_path && context->user && context->pam_name) {
-+ /* If delegation is enabled we'll pass ownership of the cgroup
-+ * (but only in systemd's own controller hierarchy!) to the
-+ * user of the new process. */
-+ if (cgroup_path && context->user && cgroup_delegate) {
- err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
- if (err < 0) {
- r = EXIT_CGROUP;
-@@ -1314,7 +1317,6 @@ int exec_spawn(ExecCommand *command,
- goto fail_child;
- }
- }
--#endif
-
- if (apply_permissions) {
- err = enforce_groups(context, username, gid);
-@@ -2069,6 +2071,21 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
- prefix, c->utmp_id);
- }
-
-+bool exec_context_maintains_privileges(ExecContext *c) {
-+ assert(c);
-+
-+ /* Returns true if the process forked off would run under
-+ * an unchanged UID or as root. */
-+
-+ if (!c->user)
-+ return true;
-+
-+ if (streq(c->user, "root") || streq(c->user, "0"))
-+ return true;
-+
-+ return false;
-+}
-+
- void exec_status_start(ExecStatus *s, pid_t pid) {
- assert(s);
-
-diff --git a/src/core/execute.h b/src/core/execute.h
-index c1e9717..eca9d7d 100644
---- a/src/core/execute.h
-+++ b/src/core/execute.h
-@@ -173,6 +173,7 @@ int exec_spawn(ExecCommand *command,
- bool confirm_spawn,
- CGroupControllerMask cgroup_mask,
- const char *cgroup_path,
-+ bool cgroup_delegate,
- const char *unit_id,
- int pipe_fd[2],
- pid_t *ret);
-@@ -199,6 +200,7 @@ void exec_context_tty_reset(const ExecContext *context);
- int exec_context_load_environment(const ExecContext *c, char ***l);
-
- bool exec_context_may_touch_console(ExecContext *c);
-+bool exec_context_maintains_privileges(ExecContext *c);
- void exec_context_serialize(const ExecContext *c, Unit *u, FILE *f);
-
- void exec_status_start(ExecStatus *s, pid_t pid);
-diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
-index 0991cb9..3e88c8a 100644
---- a/src/core/load-fragment-gperf.gperf.m4
-+++ b/src/core/load-fragment-gperf.gperf.m4
-@@ -95,7 +95,8 @@ $1.BlockIOAccounting, config_parse_bool, 0,
- $1.BlockIOWeight, config_parse_blockio_weight, 0, offsetof($1, cgroup_context)
- $1.BlockIODeviceWeight, config_parse_blockio_device_weight, 0, offsetof($1, cgroup_context)
- $1.BlockIOReadBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context)
--$1.BlockIOWriteBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context)'
-+$1.BlockIOWriteBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context)
-+$1.Delegate, config_parse_bool, 0, offsetof($1, cgroup_context.delegate)'
- )m4_dnl
- Unit.Description, config_parse_unit_string_printf, 0, offsetof(Unit, description)
- Unit.Documentation, config_parse_documentation, 0, offsetof(Unit, documentation)
-diff --git a/src/core/mount.c b/src/core/mount.c
-index 3672338..f7c98c4 100644
---- a/src/core/mount.c
-+++ b/src/core/mount.c
-@@ -793,6 +793,7 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
- UNIT(m)->manager->confirm_spawn,
- UNIT(m)->manager->cgroup_supported,
- UNIT(m)->cgroup_path,
-+ m->cgroup_context.delegate,
- UNIT(m)->id,
- NULL,
- &pid);
-diff --git a/src/core/service.c b/src/core/service.c
-index f6fdbbc..da30d77 100644
---- a/src/core/service.c
-+++ b/src/core/service.c
-@@ -1869,6 +1869,7 @@ static int service_spawn(
- UNIT(s)->manager->confirm_spawn,
- UNIT(s)->manager->cgroup_supported,
- path,
-+ s->cgroup_context.delegate,
- UNIT(s)->id,
- s->type == SERVICE_IDLE ? UNIT(s)->manager->idle_pipe : NULL,
- &pid);
-diff --git a/src/core/socket.c b/src/core/socket.c
-index 32e0d35..f365125 100644
---- a/src/core/socket.c
-+++ b/src/core/socket.c
-@@ -1229,6 +1229,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
- UNIT(s)->manager->confirm_spawn,
- UNIT(s)->manager->cgroup_supported,
- UNIT(s)->cgroup_path,
-+ s->cgroup_context.delegate,
- UNIT(s)->id,
- NULL,
- &pid);
-diff --git a/src/core/swap.c b/src/core/swap.c
-index 727bb95..597c8ca 100644
---- a/src/core/swap.c
-+++ b/src/core/swap.c
-@@ -591,6 +591,7 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) {
- UNIT(s)->manager->confirm_spawn,
- UNIT(s)->manager->cgroup_supported,
- UNIT(s)->cgroup_path,
-+ s->cgroup_context.delegate,
- UNIT(s)->id,
- NULL,
- &pid);
-diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
-index 22caadf..0cebdc5 100644
---- a/src/machine/machined-dbus.c
-+++ b/src/machine/machined-dbus.c
-@@ -739,9 +739,11 @@ int manager_start_scope(
- DBusMessageIter iter, sub, sub2, sub3, sub4;
- const char *timeout_stop_property = "TimeoutStopUSec";
- const char *pids_property = "PIDs";
-+ const char *delegate_property = "Delegate";
- uint64_t timeout = 500 * USEC_PER_MSEC;
- const char *fail = "fail";
- uint32_t u;
-+ dbus_bool_t b = 1;
- int r;
-
- assert(manager);
-@@ -814,6 +816,14 @@ int manager_start_scope(
- !dbus_message_iter_close_container(&sub, &sub2))
- return log_oom();
-
-+ if (!dbus_message_iter_open_container(&sub, DBUS_TYPE_STRUCT, NULL, &sub2) ||
-+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &delegate_property) ||
-+ !dbus_message_iter_open_container(&sub2, DBUS_TYPE_VARIANT, "b", &sub3) ||
-+ !dbus_message_iter_append_basic(&sub3, DBUS_TYPE_BOOLEAN, &b) ||
-+ !dbus_message_iter_close_container(&sub2, &sub3) ||
-+ !dbus_message_iter_close_container(&sub, &sub2))
-+ return log_oom();
-+
- if (more_properties) {
- r = copy_many_fields(&sub, more_properties);
- if (r < 0)
-diff --git a/src/shared/cgroup-util.h b/src/shared/cgroup-util.h
-index 0963450..0608b9a 100644
---- a/src/shared/cgroup-util.h
-+++ b/src/shared/cgroup-util.h
-@@ -34,7 +34,8 @@ typedef enum CGroupControllerMask {
- CGROUP_CPUACCT = 2,
- CGROUP_BLKIO = 4,
- CGROUP_MEMORY = 8,
-- CGROUP_DEVICE = 16
-+ CGROUP_DEVICE = 16,
-+ _CGROUP_CONTROLLER_MASK_ALL = 31
- } CGroupControllerMask;
-
- /*
-diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
-index 8e00736..bdfa89f 100644
---- a/units/systemd-nspawn@.service.in
-+++ b/units/systemd-nspawn@.service.in
-@@ -12,6 +12,7 @@ Documentation=man:systemd-nspawn(1)
- [Service]
- ExecStart=@bindir@/systemd-nspawn -bjD /var/lib/container/%i
- Type=notify
-+Delegate=yes
-
- [Install]
- WantedBy=multi-user.target
diff --git a/SOURCES/0239-delta-do-not-use-unicode-chars-in-C-locale.patch b/SOURCES/0239-delta-do-not-use-unicode-chars-in-C-locale.patch
new file mode 100644
index 0000000..c3ff191
--- /dev/null
+++ b/SOURCES/0239-delta-do-not-use-unicode-chars-in-C-locale.patch
@@ -0,0 +1,135 @@
+From 719f080ce2c999febe4c9289fb09e5e2e719d4d2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 16 Apr 2014 23:33:41 -0400
+Subject: [PATCH] delta: do not use unicode chars in C locale
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1088418
+
+(cherry picked from commit 00a5cc3a63c125633e822f39efd9c32223169f62)
+
+Resolves: #1088419
+---
+ src/delta/delta.c | 40 +++++++++++++++++++++++++---------------
+ 1 file changed, 25 insertions(+), 15 deletions(-)
+
+diff --git a/src/delta/delta.c b/src/delta/delta.c
+index a8dd57e..f1aea80 100644
+--- a/src/delta/delta.c
++++ b/src/delta/delta.c
+@@ -85,6 +85,10 @@ static void pager_open_if_enabled(void) {
+ pager_open(false);
+ }
+
++static inline const char* arrow(void) {
++ return is_locale_utf8() ? "→" : "->";
++}
++
+ static int equivalent(const char *a, const char *b) {
+ _cleanup_free_ char *x = NULL, *y = NULL;
+
+@@ -103,8 +107,9 @@ static int notify_override_masked(const char *top, const char *bottom) {
+ if (!(arg_flags & SHOW_MASKED))
+ return 0;
+
+- printf("%s%s%s %s → %s\n",
+- ansi_highlight_red(), "[MASKED]", ansi_highlight_off(), top, bottom);
++ printf("%s%s%s %s %s %s\n",
++ ansi_highlight_red(), "[MASKED]", ansi_highlight_off(),
++ top, arrow(), bottom);
+ return 1;
+ }
+
+@@ -112,8 +117,9 @@ static int notify_override_equivalent(const char *top, const char *bottom) {
+ if (!(arg_flags & SHOW_EQUIVALENT))
+ return 0;
+
+- printf("%s%s%s %s → %s\n",
+- ansi_highlight_green(), "[EQUIVALENT]", ansi_highlight_off(), top, bottom);
++ printf("%s%s%s %s %s %s\n",
++ ansi_highlight_green(), "[EQUIVALENT]", ansi_highlight_off(),
++ top, arrow(), bottom);
+ return 1;
+ }
+
+@@ -121,8 +127,9 @@ static int notify_override_redirected(const char *top, const char *bottom) {
+ if (!(arg_flags & SHOW_REDIRECTED))
+ return 0;
+
+- printf("%s%s%s %s → %s\n",
+- ansi_highlight(), "[REDIRECTED]", ansi_highlight_off(), top, bottom);
++ printf("%s%s%s %s %s %s\n",
++ ansi_highlight(), "[REDIRECTED]", ansi_highlight_off(),
++ top, arrow(), bottom);
+ return 1;
+ }
+
+@@ -130,8 +137,9 @@ static int notify_override_overridden(const char *top, const char *bottom) {
+ if (!(arg_flags & SHOW_OVERRIDDEN))
+ return 0;
+
+- printf("%s%s%s %s → %s\n",
+- ansi_highlight(), "[OVERRIDDEN]", ansi_highlight_off(), top, bottom);
++ printf("%s%s%s %s %s %s\n",
++ ansi_highlight(), "[OVERRIDDEN]", ansi_highlight_off(),
++ top, arrow(), bottom);
+ return 1;
+ }
+
+@@ -139,8 +147,9 @@ static int notify_override_extended(const char *top, const char *bottom) {
+ if (!(arg_flags & SHOW_EXTENDED))
+ return 0;
+
+- printf("%s%s%s %s → %s\n",
+- ansi_highlight(), "[EXTENDED]", ansi_highlight_off(), top, bottom);
++ printf("%s%s%s %s %s %s\n",
++ ansi_highlight(), "[EXTENDED]", ansi_highlight_off(),
++ top, arrow(), bottom);
+ return 1;
+ }
+
+@@ -241,7 +250,7 @@ static int enumerate_dir_d(Hashmap *top, Hashmap *bottom, Hashmap *drops, const
+ return -ENOMEM;
+ d = p + strlen(toppath) + 1;
+
+- log_debug("Adding at top: %s → %s", d, p);
++ log_debug("Adding at top: %s %s %s", d, arrow(), p);
+ k = hashmap_put(top, d, p);
+ if (k >= 0) {
+ p = strdup(p);
+@@ -253,7 +262,7 @@ static int enumerate_dir_d(Hashmap *top, Hashmap *bottom, Hashmap *drops, const
+ return k;
+ }
+
+- log_debug("Adding at bottom: %s → %s", d, p);
++ log_debug("Adding at bottom: %s %s %s", d, arrow(), p);
+ free(hashmap_remove(bottom, d));
+ k = hashmap_put(bottom, d, p);
+ if (k < 0) {
+@@ -276,7 +285,8 @@ static int enumerate_dir_d(Hashmap *top, Hashmap *bottom, Hashmap *drops, const
+ if (!p)
+ return -ENOMEM;
+
+- log_debug("Adding to drops: %s → %s → %s", unit, basename(p), p);
++ log_debug("Adding to drops: %s %s %s %s %s",
++ unit, arrow(), basename(p), arrow(), p);
+ k = hashmap_put(h, basename(p), p);
+ if (k < 0) {
+ free(p);
+@@ -328,7 +338,7 @@ static int enumerate_dir(Hashmap *top, Hashmap *bottom, Hashmap *drops, const ch
+ if (!p)
+ return -ENOMEM;
+
+- log_debug("Adding at top: %s → %s", basename(p), p);
++ log_debug("Adding at top: %s %s %s", basename(p), arrow(), p);
+ k = hashmap_put(top, basename(p), p);
+ if (k >= 0) {
+ p = strdup(p);
+@@ -339,7 +349,7 @@ static int enumerate_dir(Hashmap *top, Hashmap *bottom, Hashmap *drops, const ch
+ return k;
+ }
+
+- log_debug("Adding at bottom: %s → %s", basename(p), p);
++ log_debug("Adding at bottom: %s %s %s", basename(p), arrow(), p);
+ free(hashmap_remove(bottom, basename(p)));
+ k = hashmap_put(bottom, basename(p), p);
+ if (k < 0) {
diff --git a/SOURCES/0240-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch b/SOURCES/0240-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch
deleted file mode 100644
index 17bf635..0000000
--- a/SOURCES/0240-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From ca891be92be9f82078bd88d041098c34ae35334f Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Wed, 10 Dec 2014 20:38:24 +0100
-Subject: [PATCH] core: don't migrate PIDs for units that may contain
- subcgroups, do this only for leaf units
-
-Otherwise a slice or delegation unit might move PIDs around ignoring the
-fact that it is attached to a subcgroup.
-
-(cherry picked from commit 0cd385d31814c8c1bc0c81d11ef321036b8b0921)
-
-Resolves: #1179715
----
- src/core/cgroup.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index 764311f..5558b6d 100644
---- a/src/core/cgroup.c
-+++ b/src/core/cgroup.c
-@@ -392,11 +392,16 @@ static CGroupControllerMask unit_get_siblings_mask(Unit *u) {
-
- static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
- _cleanup_free_ char *path;
-+ CGroupContext *c;
- int r;
- bool was_in_hash = false;
-
- assert(u);
-
-+ c = unit_get_cgroup_context(u);
-+ if (!c)
-+ return 0;
-+
- path = unit_default_cgroup_path(u);
- if (!path)
- return log_oom();
-@@ -416,8 +421,10 @@ static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
- if (r < 0)
- log_error("Failed to create cgroup %s: %s", path, strerror(-r));
-
-- /* Then, possibly move things over */
-- if (u->cgroup_path) {
-+ /* Then, possibly move things over, but not if
-+ * subgroups may contain processes, which is the case
-+ * for slice and delegation units. */
-+ if (u->cgroup_path && u->type != UNIT_SLICE && !c->delegate) {
- r = cg_migrate_everywhere(u->manager->cgroup_supported, u->cgroup_path, path);
- if (r < 0)
- log_error("Failed to migrate cgroup from %s to %s: %s",
diff --git a/SOURCES/0240-core-print-debug-instead-of-error-message.patch b/SOURCES/0240-core-print-debug-instead-of-error-message.patch
new file mode 100644
index 0000000..a406895
--- /dev/null
+++ b/SOURCES/0240-core-print-debug-instead-of-error-message.patch
@@ -0,0 +1,32 @@
+From bcbb894a709f56ac0bccf7e5edfd59e39e8ec800 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 14 May 2014 15:13:43 +0200
+Subject: [PATCH] core: print debug instead of error message
+
+In case that session scope is in some other state than SCOPE_RUNNING or
+SCOPE_ABANDONED we will not print error message. It might be the case
+that scope is in other state because systemd realized that scope is
+empty before dispatching dbus call from pam hook. Or system is going
+down and stop job is runnig for the scope and changed scope state to
+SCOPE_STOP_SIGTERM or SCOPE_STOP_SIGKILL.
+
+(cherry picked from commit f517790db5277fa71d6ae3617244f1acc4b62572)
+
+Resolves: #1105608
+---
+ src/core/dbus-scope.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c
+index 58dd9ff..71d6921 100644
+--- a/src/core/dbus-scope.c
++++ b/src/core/dbus-scope.c
+@@ -76,7 +76,7 @@ DBusHandlerResult bus_scope_message_handler(Unit *u, DBusConnection *c, DBusMess
+
+ r = scope_abandon(s);
+ if (r < 0)
+- log_error("Failed to mark scope %s as abandoned : %s", UNIT(s)->id, strerror(-r));
++ log_debug("Failed to mark scope %s as abandoned : Scope is not running", UNIT(s)->id);
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
diff --git a/SOURCES/0241-journald-always-add-syslog-facility-for-messages-com.patch b/SOURCES/0241-journald-always-add-syslog-facility-for-messages-com.patch
new file mode 100644
index 0000000..3d4c49a
--- /dev/null
+++ b/SOURCES/0241-journald-always-add-syslog-facility-for-messages-com.patch
@@ -0,0 +1,41 @@
+From 7f85c4184fc45c3dd2c76b4867ab252c3530f84d Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Fri, 25 Jul 2014 14:38:22 +0200
+Subject: [PATCH] journald: always add syslog facility for messages coming from
+ kmsg
+
+Set SYSLOG_FACILITY field for kernel log messages too. Setting only
+SYSLOG_IDENTIFIER="kernel" is not sufficient and tools reading journal
+maybe confused by missing SYSLOG_FACILITY field for kernel log messages.
+
+(cherry picked from commit 36dd072cdf03dcac0fcd2d6b42f261444dc7ac88)
+
+Resolves: #1113215
+---
+ src/journal/journald-kmsg.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/journal/journald-kmsg.c b/src/journal/journald-kmsg.c
+index 9895808..e393cb7 100644
+--- a/src/journal/journald-kmsg.c
++++ b/src/journal/journald-kmsg.c
+@@ -274,6 +274,9 @@ static void dev_kmsg_record(Server *s, char *p, size_t l) {
+ if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
+ IOVEC_SET_STRING(iovec[n++], syslog_priority);
+
++ if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
++ IOVEC_SET_STRING(iovec[n++], syslog_facility);
++
+ if ((priority & LOG_FACMASK) == LOG_KERN)
+ IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=kernel");
+ else {
+@@ -295,9 +298,6 @@ static void dev_kmsg_record(Server *s, char *p, size_t l) {
+ if (syslog_pid)
+ IOVEC_SET_STRING(iovec[n++], syslog_pid);
+ }
+-
+- if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
+- IOVEC_SET_STRING(iovec[n++], syslog_facility);
+ }
+
+ message = cunescape_length_with_prefix(p, pl, "MESSAGE=");
diff --git a/SOURCES/0242-Introduce-_cleanup_endmntent_.patch b/SOURCES/0242-Introduce-_cleanup_endmntent_.patch
new file mode 100644
index 0000000..a195d89
--- /dev/null
+++ b/SOURCES/0242-Introduce-_cleanup_endmntent_.patch
@@ -0,0 +1,173 @@
+From 8e7be40d1386e6053d4663114a00e0390400350f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 3 Oct 2013 22:13:55 -0400
+Subject: [PATCH] Introduce _cleanup_endmntent_
+
+(cherry picked from commit 5862d652ba14178cff46b8a8fc6c6d8392bf32b1)
+
+Related: #1098310
+---
+ src/cryptsetup/cryptsetup.c | 19 ++++++-------------
+ src/fstab-generator/fstab-generator.c | 17 +++++------------
+ src/remount-fs/remount-fs.c | 13 ++++---------
+ src/shared/util.h | 7 +++++++
+ 4 files changed, 22 insertions(+), 34 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
+index 769c3e4..4f2f52a 100644
+--- a/src/cryptsetup/cryptsetup.c
++++ b/src/cryptsetup/cryptsetup.c
+@@ -236,31 +236,24 @@ finish:
+ }
+
+ static char *disk_mount_point(const char *label) {
+- char *mp = NULL;
+ _cleanup_free_ char *device = NULL;
+- FILE *f = NULL;
++ _cleanup_endmntent_ FILE *f = NULL;
+ struct mntent *m;
+
+ /* Yeah, we don't support native systemd unit files here for now */
+
+ if (asprintf(&device, "/dev/mapper/%s", label) < 0)
+- goto finish;
++ return NULL;
+
+ f = setmntent("/etc/fstab", "r");
+ if (!f)
+- goto finish;
++ return NULL;
+
+ while ((m = getmntent(f)))
+- if (path_equal(m->mnt_fsname, device)) {
+- mp = strdup(m->mnt_dir);
+- break;
+- }
+-
+-finish:
+- if (f)
+- endmntent(f);
++ if (path_equal(m->mnt_fsname, device))
++ return strdup(m->mnt_dir);
+
+- return mp;
++ return NULL;
+ }
+
+ static int get_password(const char *name, usec_t until, bool accept_cached, char ***passwords) {
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index c0c2992..78d7609 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -327,15 +327,12 @@ static int add_mount(
+ }
+
+ static int parse_fstab(const char *prefix, bool initrd) {
+- _cleanup_free_ char *fstab_path = NULL;
+- FILE *f;
++ char *fstab_path;
++ _cleanup_endmntent_ FILE *f;
+ int r = 0;
+ struct mntent *me;
+
+- fstab_path = strjoin(strempty(prefix), "/etc/fstab", NULL);
+- if (!fstab_path)
+- return log_oom();
+-
++ fstab_path = strappenda(strempty(prefix), "/etc/fstab");
+ f = setmntent(fstab_path, "r");
+ if (!f) {
+ if (errno == ENOENT)
+@@ -354,10 +351,8 @@ static int parse_fstab(const char *prefix, bool initrd) {
+
+ what = fstab_node_to_udev_node(me->mnt_fsname);
+ where = strjoin(strempty(prefix), me->mnt_dir, NULL);
+- if (!what || !where) {
+- r = log_oom();
+- goto finish;
+- }
++ if (!what || !where)
++ return log_oom();
+
+ if (is_path(where))
+ path_kill_slashes(where);
+@@ -395,8 +390,6 @@ static int parse_fstab(const char *prefix, bool initrd) {
+ r = k;
+ }
+
+-finish:
+- endmntent(f);
+ return r;
+ }
+
+diff --git a/src/remount-fs/remount-fs.c b/src/remount-fs/remount-fs.c
+index f432718..847637a 100644
+--- a/src/remount-fs/remount-fs.c
++++ b/src/remount-fs/remount-fs.c
+@@ -40,7 +40,7 @@
+
+ int main(int argc, char *argv[]) {
+ int ret = EXIT_FAILURE;
+- FILE *f = NULL;
++ _cleanup_endmntent_ FILE *f = NULL;
+ struct mntent* me;
+ Hashmap *pids = NULL;
+
+@@ -57,13 +57,11 @@ int main(int argc, char *argv[]) {
+
+ f = setmntent("/etc/fstab", "r");
+ if (!f) {
+- if (errno == ENOENT) {
+- ret = EXIT_SUCCESS;
+- goto finish;
+- }
++ if (errno == ENOENT)
++ return EXIT_SUCCESS;
+
+ log_error("Failed to open /etc/fstab: %m");
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ pids = hashmap_new(trivial_hash_func, trivial_compare_func);
+@@ -162,8 +160,5 @@ finish:
+ if (pids)
+ hashmap_free_free(pids);
+
+- if (f)
+- endmntent(f);
+-
+ return ret;
+ }
+diff --git a/src/shared/util.h b/src/shared/util.h
+index 3a4bc98..5a1e1bc 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -39,6 +39,7 @@
+ #include <stddef.h>
+ #include <unistd.h>
+ #include <locale.h>
++#include <mntent.h>
+
+ #include "macro.h"
+ #include "time-util.h"
+@@ -579,6 +580,11 @@ static inline void umaskp(mode_t *u) {
+ umask(*u);
+ }
+
++static inline void endmntentp(FILE **f) {
++ if (*f)
++ endmntent(*f);
++}
++
+ #define _cleanup_free_ _cleanup_(freep)
+ #define _cleanup_fclose_ _cleanup_(fclosep)
+ #define _cleanup_pclose_ _cleanup_(pclosep)
+@@ -586,6 +592,7 @@ static inline void umaskp(mode_t *u) {
+ #define _cleanup_closedir_ _cleanup_(closedirp)
+ #define _cleanup_umask_ _cleanup_(umaskp)
+ #define _cleanup_globfree_ _cleanup_(globfree)
++#define _cleanup_endmntent_ _cleanup_(endmntentp)
+
+ _malloc_ _alloc_(1, 2) static inline void *malloc_multiply(size_t a, size_t b) {
+ if (_unlikely_(b == 0 || a > ((size_t) -1) / b))
diff --git a/SOURCES/0243-Introduce-_cleanup_fdset_free_.patch b/SOURCES/0243-Introduce-_cleanup_fdset_free_.patch
new file mode 100644
index 0000000..a698bdb
--- /dev/null
+++ b/SOURCES/0243-Introduce-_cleanup_fdset_free_.patch
@@ -0,0 +1,127 @@
+From 735583e63b9c109e3aaa7aecbce8d7a477988ef6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 11 Oct 2013 19:33:48 -0400
+Subject: [PATCH] Introduce _cleanup_fdset_free_
+
+(cherry picked from commit 51d122af23533b0b8318911c4fc8b128ad8eafb7)
+
+Related: #1098310
+---
+ src/core/manager.c | 22 +++++++---------------
+ src/nspawn/nspawn.c | 4 +---
+ src/shared/fdset.h | 7 +++++++
+ 3 files changed, 15 insertions(+), 18 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 2829c95..57a88b0 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -236,7 +236,7 @@ static void draw_cylon(char buffer[], size_t buflen, unsigned width, unsigned po
+ *p++ = '*';
+ if (pos < width-1)
+ p = mempset(p, ' ', width-1-pos);
+- p = stpcpy(p, ANSI_HIGHLIGHT_OFF);
++ strcpy(p, ANSI_HIGHLIGHT_OFF);
+ }
+ }
+
+@@ -257,6 +257,7 @@ static void manager_print_jobs_in_progress(Manager *m) {
+ /* m->n_running_jobs must be consistent with the contents of m->jobs,
+ * so the above loop must have succeeded in finding j. */
+ assert(counter == print_nr + 1);
++ assert(j);
+
+ cylon_pos = m->jobs_in_progress_iteration % 14;
+ if (cylon_pos >= 8)
+@@ -2343,8 +2344,8 @@ int manager_distribute_fds(Manager *m, FDSet *fds) {
+
+ int manager_reload(Manager *m) {
+ int r, q;
+- FILE *f;
+- FDSet *fds;
++ _cleanup_fclose_ FILE *f = NULL;
++ _cleanup_fdset_free_ FDSet *fds = NULL;
+
+ assert(m);
+
+@@ -2358,20 +2359,18 @@ int manager_reload(Manager *m) {
+ fds = fdset_new();
+ if (!fds) {
+ m->n_reloading --;
+- r = -ENOMEM;
+- goto finish;
++ return -ENOMEM;
+ }
+
+ r = manager_serialize(m, f, fds, false);
+ if (r < 0) {
+ m->n_reloading --;
+- goto finish;
++ return r;
+ }
+
+ if (fseeko(f, 0, SEEK_SET) < 0) {
+ m->n_reloading --;
+- r = -errno;
+- goto finish;
++ return -errno;
+ }
+
+ /* From here on there is no way back. */
+@@ -2415,13 +2414,6 @@ int manager_reload(Manager *m) {
+
+ m->send_reloading_done = true;
+
+-finish:
+- if (f)
+- fclose(f);
+-
+- if (fds)
+- fdset_free(fds);
+-
+ return r;
+ }
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index f326f99..1cf67d0 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -1305,7 +1305,7 @@ int main(int argc, char *argv[]) {
+ bool saved_attr_valid = false;
+ struct winsize ws;
+ int kmsg_socket_pair[2] = { -1, -1 };
+- FDSet *fds = NULL;
++ _cleanup_fdset_free_ FDSet *fds = NULL;
+
+ log_parse_environment();
+ log_open();
+@@ -1813,7 +1813,5 @@ finish:
+ free(arg_directory);
+ free(arg_machine);
+
+- fdset_free(fds);
+-
+ return r;
+ }
+diff --git a/src/shared/fdset.h b/src/shared/fdset.h
+index a7bd5e2..1a26005 100644
+--- a/src/shared/fdset.h
++++ b/src/shared/fdset.h
+@@ -22,6 +22,7 @@
+ ***/
+
+ #include "set.h"
++#include "util.h"
+
+ typedef struct FDSet FDSet;
+
+@@ -47,3 +48,9 @@ int fdset_iterate(FDSet *s, Iterator *i);
+
+ #define FDSET_FOREACH(fd, fds, i) \
+ for ((i) = ITERATOR_FIRST, (fd) = fdset_iterate((fds), &(i)); (fd) >= 0; (fd) = fdset_iterate((fds), &(i)))
++
++static inline void fdset_freep(FDSet **fds) {
++ if (*fds)
++ fdset_free(*fds);
++}
++#define _cleanup_fdset_free_ _cleanup_(fdset_freep)
diff --git a/SOURCES/0244-Introduce-udev-object-cleanup-functions.patch b/SOURCES/0244-Introduce-udev-object-cleanup-functions.patch
new file mode 100644
index 0000000..db3bda5
--- /dev/null
+++ b/SOURCES/0244-Introduce-udev-object-cleanup-functions.patch
@@ -0,0 +1,1291 @@
+From 0aad0e32d93d848e707a3cd0edd78c58a4c21829 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 12 Oct 2013 20:28:21 -0400
+Subject: [PATCH] Introduce udev object cleanup functions
+
+Conflicts:
+ src/backlight/backlight.c
+ src/gpt-auto-generator/gpt-auto-generator.c
+
+(cherry picked from commit 1ca208fb4f93e5869704af1812cbff7130a2fc03)
+
+Related: #1098310
+---
+ Makefile.am | 1 +
+ src/backlight/backlight.c | 57 +++++------
+ src/core/umount.c | 143 ++++++++++------------------
+ src/cryptsetup/cryptsetup.c | 27 ++----
+ src/fsck/fsck.c | 13 +--
+ src/gpt-auto-generator/gpt-auto-generator.c | 121 +++++++----------------
+ src/journal/journal-internal.h | 7 +-
+ src/login/sysfs-show.c | 22 ++---
+ src/readahead/readahead-common.c | 66 +++++--------
+ src/shared/fdset.h | 5 +-
+ src/shared/install.c | 6 +-
+ src/shared/set.h | 10 +-
+ src/shared/strv.h | 7 +-
+ src/shared/udev-util.h | 37 +++++++
+ src/shared/util.h | 33 +++----
+ src/test/test-libudev.c | 8 +-
+ src/test/test-udev.c | 21 ++--
+ src/tmpfiles/tmpfiles.c | 5 +-
+ 18 files changed, 227 insertions(+), 362 deletions(-)
+ create mode 100644 src/shared/udev-util.h
+
+diff --git a/Makefile.am b/Makefile.am
+index fa2fba6..ef73138 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -647,6 +647,7 @@ libsystemd_shared_la_SOURCES = \
+ src/shared/sparse-endian.h \
+ src/shared/util.c \
+ src/shared/util.h \
++ src/shared/udev-util.h \
+ src/shared/virt.c \
+ src/shared/virt.h \
+ src/shared/efivars.c \
+diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c
+index 9b2eada..aa80c29 100644
+--- a/src/backlight/backlight.c
++++ b/src/backlight/backlight.c
+@@ -19,15 +19,15 @@
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
+-#include <libudev.h>
+-
+ #include "util.h"
+ #include "mkdir.h"
+ #include "fileio.h"
++#include "libudev.h"
++#include "udev-util.h"
+
+ int main(int argc, char *argv[]) {
+- struct udev *udev = NULL;
+- struct udev_device *device = NULL;
++ _cleanup_udev_unref_ struct udev *udev = NULL;
++ _cleanup_udev_device_unref_ struct udev_device *device = NULL;
+ _cleanup_free_ char *saved = NULL;
+ int r;
+
+@@ -45,37 +45,35 @@ int main(int argc, char *argv[]) {
+ r = mkdir_p("/var/lib/systemd/backlight", 0755);
+ if (r < 0) {
+ log_error("Failed to create backlight directory: %s", strerror(-r));
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ udev = udev_new();
+ if (!udev) {
+- r = log_oom();
+- goto finish;
++ log_oom();
++ return EXIT_FAILURE;
+ }
+
+ errno = 0;
+ device = udev_device_new_from_subsystem_sysname(udev, "backlight", argv[2]);
+ if (!device) {
+- if (errno != 0) {
++ if (errno != 0)
+ log_error("Failed to get backlight device: %m");
+- r = -errno;
+- } else
+- r = log_oom();
++ else
++ log_oom();
+
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ if (!streq_ptr(udev_device_get_subsystem(device), "backlight")) {
+ log_error("Not a backlight device: %s", argv[2]);
+- r = -ENODEV;
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ saved = strappend("/var/lib/systemd/backlight/", udev_device_get_sysname(device));
+ if (!saved) {
+- r = log_oom();
+- goto finish;
++ log_oom();
++ return EXIT_FAILURE;
+ }
+
+ if (streq(argv[1], "load")) {
+@@ -84,19 +82,17 @@ int main(int argc, char *argv[]) {
+ r = read_one_line_file(saved, &value);
+ if (r < 0) {
+
+- if (r == -ENOENT) {
+- r = 0;
+- goto finish;
+- }
++ if (r == -ENOENT)
++ return EXIT_SUCCESS;
+
+ log_error("Failed to read %s: %s", saved, strerror(-r));
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ r = udev_device_set_sysattr_value(device, "brightness", value);
+ if (r < 0) {
+ log_error("Failed to write system attribute: %s", strerror(-r));
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ } else if (streq(argv[1], "save")) {
+@@ -105,28 +101,19 @@ int main(int argc, char *argv[]) {
+ value = udev_device_get_sysattr_value(device, "brightness");
+ if (!value) {
+ log_error("Failed to read system attribute: %s", strerror(-r));
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ r = write_string_file(saved, value);
+ if (r < 0) {
+ log_error("Failed to write %s: %s", saved, strerror(-r));
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ } else {
+ log_error("Unknown verb %s.", argv[1]);
+- r = -EINVAL;
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+-finish:
+- if (device)
+- udev_device_unref(device);
+-
+- if (udev)
+- udev_unref(udev);
+-
+- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+-
++ return EXIT_SUCCESS;
+ }
+diff --git a/src/core/umount.c b/src/core/umount.c
+index 1e95ad7..99dbe27 100644
+--- a/src/core/umount.c
++++ b/src/core/umount.c
+@@ -27,7 +27,6 @@
+ #include <unistd.h>
+ #include <linux/loop.h>
+ #include <linux/dm-ioctl.h>
+-#include <libudev.h>
+
+ #include "list.h"
+ #include "mount-setup.h"
+@@ -35,6 +34,8 @@
+ #include "path-util.h"
+ #include "util.h"
+ #include "virt.h"
++#include "libudev.h"
++#include "udev-util.h"
+
+ typedef struct MountPoint {
+ char *path;
+@@ -201,145 +202,108 @@ finish:
+ }
+
+ static int loopback_list_get(MountPoint **head) {
+- int r;
+- struct udev *udev;
+- struct udev_enumerate *e = NULL;
++ _cleanup_udev_unref_ struct udev *udev;
++ _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+ struct udev_list_entry *item = NULL, *first = NULL;
+
+ assert(head);
+
+- if (!(udev = udev_new())) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ udev = udev_new();
++ if (!udev)
++ return -ENOMEM;
+
+- if (!(e = udev_enumerate_new(udev))) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ e = udev_enumerate_new(udev);
++ if (!e)
++ return -ENOMEM;
+
+ if (udev_enumerate_add_match_subsystem(e, "block") < 0 ||
+ udev_enumerate_add_match_sysname(e, "loop*") < 0 ||
+- udev_enumerate_add_match_sysattr(e, "loop/backing_file", NULL) < 0) {
+- r = -EIO;
+- goto finish;
+- }
++ udev_enumerate_add_match_sysattr(e, "loop/backing_file", NULL) < 0)
++ return -EIO;
+
+- if (udev_enumerate_scan_devices(e) < 0) {
+- r = -EIO;
+- goto finish;
+- }
++ if (udev_enumerate_scan_devices(e) < 0)
++ return -EIO;
+
+ first = udev_enumerate_get_list_entry(e);
+ udev_list_entry_foreach(item, first) {
+ MountPoint *lb;
+- struct udev_device *d;
++ _cleanup_udev_device_unref_ struct udev_device *d;
+ char *loop;
+ const char *dn;
+
+- if (!(d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item)))) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
++ if (!d)
++ return -ENOMEM;
+
+- if (!(dn = udev_device_get_devnode(d))) {
+- udev_device_unref(d);
++ dn = udev_device_get_devnode(d);
++ if (!dn)
+ continue;
+- }
+
+ loop = strdup(dn);
+- udev_device_unref(d);
+-
+- if (!loop) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ if (!loop)
++ return -ENOMEM;
+
+- if (!(lb = new0(MountPoint, 1))) {
++ lb = new0(MountPoint, 1);
++ if (!lb) {
+ free(loop);
+- r = -ENOMEM;
+- goto finish;
++ return -ENOMEM;
+ }
+
+ lb->path = loop;
+ LIST_PREPEND(MountPoint, mount_point, *head, lb);
+ }
+
+- r = 0;
+-
+-finish:
+- if (e)
+- udev_enumerate_unref(e);
+-
+- if (udev)
+- udev_unref(udev);
+-
+- return r;
++ return 0;
+ }
+
+ static int dm_list_get(MountPoint **head) {
+- int r;
+- struct udev *udev;
+- struct udev_enumerate *e = NULL;
++ _cleanup_udev_unref_ struct udev *udev;
++ _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+ struct udev_list_entry *item = NULL, *first = NULL;
+
+ assert(head);
+
+- if (!(udev = udev_new())) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ udev = udev_new();
++ if (!udev)
++ return -ENOMEM;
+
+- if (!(e = udev_enumerate_new(udev))) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ e = udev_enumerate_new(udev);
++ if (!e)
++ return -ENOMEM;
+
+ if (udev_enumerate_add_match_subsystem(e, "block") < 0 ||
+- udev_enumerate_add_match_sysname(e, "dm-*") < 0) {
+- r = -EIO;
+- goto finish;
+- }
++ udev_enumerate_add_match_sysname(e, "dm-*") < 0)
++ return -EIO;
+
+- if (udev_enumerate_scan_devices(e) < 0) {
+- r = -EIO;
+- goto finish;
+- }
++ if (udev_enumerate_scan_devices(e) < 0)
++ return -EIO;
+
+ first = udev_enumerate_get_list_entry(e);
+
+ udev_list_entry_foreach(item, first) {
+ MountPoint *m;
+- struct udev_device *d;
++ _cleanup_udev_device_unref_ struct udev_device *d;
+ dev_t devnum;
+ char *node;
+ const char *dn;
+
+- if (!(d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item)))) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
++ if (!d)
++ return -ENOMEM;
+
+ devnum = udev_device_get_devnum(d);
+ dn = udev_device_get_devnode(d);
+-
+- if (major(devnum) == 0 || !dn) {
+- udev_device_unref(d);
++ if (major(devnum) == 0 || !dn)
+ continue;
+- }
+
+ node = strdup(dn);
+- udev_device_unref(d);
+-
+- if (!node) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ if (!node)
++ return -ENOMEM;
+
+- if (!(m = new(MountPoint, 1))) {
++ m = new(MountPoint, 1);
++ if (!m) {
+ free(node);
+- r = -ENOMEM;
+- goto finish;
++ return -ENOMEM;
+ }
+
+ m->path = node;
+@@ -347,16 +311,7 @@ static int dm_list_get(MountPoint **head) {
+ LIST_PREPEND(MountPoint, mount_point, *head, m);
+ }
+
+- r = 0;
+-
+-finish:
+- if (e)
+- udev_enumerate_unref(e);
+-
+- if (udev)
+- udev_unref(udev);
+-
+- return r;
++ return 0;
+ }
+
+ static int delete_loopback(const char *device) {
+diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
+index 4f2f52a..0a15b50 100644
+--- a/src/cryptsetup/cryptsetup.c
++++ b/src/cryptsetup/cryptsetup.c
+@@ -25,7 +25,6 @@
+ #include <mntent.h>
+
+ #include <libcryptsetup.h>
+-#include <libudev.h>
+
+ #include "fileio.h"
+ #include "log.h"
+@@ -34,6 +33,8 @@
+ #include "strv.h"
+ #include "ask-password-api.h"
+ #include "def.h"
++#include "libudev.h"
++#include "udev-util.h"
+
+ static const char *opt_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
+ static char *opt_cipher = NULL;
+@@ -184,7 +185,7 @@ static void log_glue(int level, const char *msg, void *usrptr) {
+ log_debug("%s", msg);
+ }
+
+-static char *disk_description(const char *path) {
++static char* disk_description(const char *path) {
+
+ static const char name_fields[] = {
+ "ID_PART_ENTRY_NAME\0"
+@@ -193,10 +194,9 @@ static char *disk_description(const char *path) {
+ "ID_MODEL\0"
+ };
+
+- struct udev *udev = NULL;
+- struct udev_device *device = NULL;
++ _cleanup_udev_unref_ struct udev *udev = NULL;
++ _cleanup_udev_device_unref_ struct udev_device *device = NULL;
+ struct stat st;
+- char *description = NULL;
+ const char *i;
+
+ assert(path);
+@@ -213,26 +213,17 @@ static char *disk_description(const char *path) {
+
+ device = udev_device_new_from_devnum(udev, 'b', st.st_rdev);
+ if (!device)
+- goto finish;
++ return NULL;
+
+ NULSTR_FOREACH(i, name_fields) {
+ const char *name;
+
+ name = udev_device_get_property_value(device, i);
+- if (!isempty(name)) {
+- description = strdup(name);
+- break;
+- }
++ if (!isempty(name))
++ return strdup(name);
+ }
+
+-finish:
+- if (device)
+- udev_device_unref(device);
+-
+- if (udev)
+- udev_unref(udev);
+-
+- return description;
++ return NULL;
+ }
+
+ static char *disk_mount_point(const char *label) {
+diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
+index f298cf7..96a79dd 100644
+--- a/src/fsck/fsck.c
++++ b/src/fsck/fsck.c
+@@ -27,7 +27,6 @@
+ #include <fcntl.h>
+ #include <sys/file.h>
+
+-#include <libudev.h>
+ #include <dbus/dbus.h>
+
+ #include "util.h"
+@@ -36,6 +35,8 @@
+ #include "bus-errors.h"
+ #include "virt.h"
+ #include "fileio.h"
++#include "libudev.h"
++#include "udev-util.h"
+
+ static bool arg_skip = false;
+ static bool arg_force = false;
+@@ -251,8 +252,8 @@ int main(int argc, char *argv[]) {
+ int i = 0, r = EXIT_FAILURE, q;
+ pid_t pid;
+ siginfo_t status;
+- struct udev *udev = NULL;
+- struct udev_device *udev_device = NULL;
++ _cleanup_udev_unref_ struct udev *udev = NULL;
++ _cleanup_udev_device_unref_ struct udev_device *udev_device = NULL;
+ const char *device;
+ bool root_directory;
+ int progress_pipe[2] = { -1, -1 };
+@@ -400,12 +401,6 @@ int main(int argc, char *argv[]) {
+ touch("/run/systemd/quotacheck");
+
+ finish:
+- if (udev_device)
+- udev_device_unref(udev_device);
+-
+- if (udev)
+- udev_unref(udev);
+-
+ close_pipe(progress_pipe);
+
+ return r;
+diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
+index adbf71d..8436d26 100644
+--- a/src/gpt-auto-generator/gpt-auto-generator.c
++++ b/src/gpt-auto-generator/gpt-auto-generator.c
+@@ -36,6 +36,7 @@
+ #include "missing.h"
+ #include "sd-id128.h"
+ #include "libudev.h"
++#include "udev-util.h"
+ #include "special.h"
+ #include "unit-name.h"
+ #include "virt.h"
+@@ -50,10 +51,7 @@
+
+ static const char *arg_dest = "/tmp";
+
+-static inline void blkid_free_probep(blkid_probe *b) {
+- if (*b)
+- blkid_free_probe(*b);
+-}
++define_trivial_cleanup_func(blkid_probe, blkid_free_probe)
+ #define _cleanup_blkid_freep_probe_ _cleanup_(blkid_free_probep)
+
+ static int verify_gpt_partition(const char *node, sd_id128_t *type, unsigned *nr, char **fstype) {
+@@ -236,75 +234,62 @@ static int add_home(const char *path, const char *fstype) {
+ }
+
+ static int enumerate_partitions(struct udev *udev, dev_t dev) {
+- struct udev_enumerate *e = NULL;
+- struct udev_device *parent = NULL, *d = NULL;
++ struct udev_device *parent = NULL;
++ _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
++ _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+ struct udev_list_entry *first, *item;
+ unsigned home_nr = (unsigned) -1;
+ _cleanup_free_ char *home = NULL, *home_fstype = NULL;
+ int r;
+
+ e = udev_enumerate_new(udev);
+- if (!e) {
+- r = log_oom();
+- goto finish;
+- }
++ if (!e)
++ return log_oom();
+
+ d = udev_device_new_from_devnum(udev, 'b', dev);
+- if (!d) {
+- r = log_oom();
+- goto finish;
+- }
++ if (!d)
++ return log_oom();
+
+ parent = udev_device_get_parent(d);
+- if (!parent) {
+- r = log_oom();
+- goto finish;
+- }
++ if (!parent)
++ return log_oom();
+
+ r = udev_enumerate_add_match_parent(e, parent);
+- if (r < 0) {
+- r = log_oom();
+- goto finish;
+- }
++ if (r < 0)
++ return log_oom();
+
+ r = udev_enumerate_add_match_subsystem(e, "block");
+- if (r < 0) {
+- r = log_oom();
+- goto finish;
+- }
++ if (r < 0)
++ return log_oom();
+
+ r = udev_enumerate_scan_devices(e);
+ if (r < 0) {
+ log_error("Failed to enumerate partitions on /dev/block/%u:%u: %s",
+ major(dev), minor(dev), strerror(-r));
+- goto finish;
++ return r;
+ }
+
+ first = udev_enumerate_get_list_entry(e);
+ udev_list_entry_foreach(item, first) {
+ _cleanup_free_ char *fstype = NULL;
+ const char *node = NULL;
+- struct udev_device *q;
++ _cleanup_udev_device_unref_ struct udev_device *q;
+ sd_id128_t type_id;
+ unsigned nr;
+
+ q = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
+- if (!q) {
+- r = log_oom();
+- goto finish;
+- }
++ if (!q)
++ return log_oom();
+
+ if (udev_device_get_devnum(q) == udev_device_get_devnum(d))
+- goto skip;
++ continue;
+
+ if (udev_device_get_devnum(q) == udev_device_get_devnum(parent))
+- goto skip;
++ continue;
+
+ node = udev_device_get_devnode(q);
+- if (!node) {
+- r = log_oom();
+- goto finish;
+- }
++ if (!node)
++ return log_oom();
+
+ r = verify_gpt_partition(node, &type_id, &nr, &fstype);
+ if (r < 0) {
+@@ -313,11 +298,10 @@ static int enumerate_partitions(struct udev *udev, dev_t dev) {
+ continue;
+ log_error("Failed to verify GPT partition %s: %s",
+ node, strerror(-r));
+- udev_device_unref(q);
+- goto finish;
++ return r;
+ }
+ if (r == 0)
+- goto skip;
++ continue;
+
+ if (sd_id128_equal(type_id, SD_ID128_MAKE(06,57,fd,6d,a4,ab,43,c4,84,e5,09,33,c8,4b,4f,4f)))
+ add_swap(node, fstype);
+@@ -326,10 +310,8 @@ static int enumerate_partitions(struct udev *udev, dev_t dev) {
+ if (!home || nr < home_nr) {
+ free(home);
+ home = strdup(node);
+- if (!home) {
+- r = log_oom();
+- goto finish;
+- }
++ if (!home)
++ return log_oom();
+
+ home_nr = nr;
+
+@@ -338,22 +320,11 @@ static int enumerate_partitions(struct udev *udev, dev_t dev) {
+ fstype = NULL;
+ }
+ }
+-
+- skip:
+- udev_device_unref(q);
+ }
+
+ if (home && home_fstype)
+ add_home(home, home_fstype);
+
+-finish:
+- if (d)
+- udev_device_unref(d);
+-
+- if (e)
+- udev_enumerate_unref(e);
+-
+-
+ return r;
+ }
+
+@@ -432,44 +403,31 @@ static int get_block_device(const char *path, dev_t *dev) {
+ }
+
+ static int devno_to_devnode(struct udev *udev, dev_t devno, char **ret) {
+- struct udev_device *d = NULL;
++ _cleanup_udev_device_unref_ struct udev_device *d;
+ const char *t;
+ char *n;
+- int r;
+
+ d = udev_device_new_from_devnum(udev, 'b', devno);
+- if (!d) {
+- r = log_oom();
+- goto finish;
+- }
++ if (!d)
++ return log_oom();
+
+ t = udev_device_get_devnode(d);
+- if (!t) {
+- r = -ENODEV;
+- goto finish;
+- }
++ if (!t)
++ return -ENODEV;
+
+ n = strdup(t);
+- if (!n) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ if (!n)
++ return -ENOMEM;
+
+ *ret = n;
+- r = 0;
+-
+-finish:
+- if (d)
+- udev_device_unref(d);
+-
+- return r;
++ return 0;
+ }
+
+ int main(int argc, char *argv[]) {
+ _cleanup_free_ char *node = NULL;
+- struct udev *udev = NULL;
++ _cleanup_udev_unref_ struct udev *udev = NULL;
+ dev_t devno;
+- int r;
++ int r = 0;
+
+ if (argc > 1 && argc != 4) {
+ log_error("This program takes three or no arguments.");
+@@ -488,13 +446,11 @@ int main(int argc, char *argv[]) {
+
+ if (in_initrd()) {
+ log_debug("In initrd, exiting.");
+- r = 0;
+ goto finish;
+ }
+
+ if (detect_container(NULL) > 0) {
+ log_debug("In a container, exiting.");
+- r = 0;
+ goto finish;
+ }
+
+@@ -533,8 +489,5 @@ int main(int argc, char *argv[]) {
+ r = enumerate_partitions(udev, devno);
+
+ finish:
+- if (udev)
+- udev_unref(udev);
+-
+ return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+ }
+diff --git a/src/journal/journal-internal.h b/src/journal/journal-internal.h
+index 5bc6535..1bc912c 100644
+--- a/src/journal/journal-internal.h
++++ b/src/journal/journal-internal.h
+@@ -135,11 +135,8 @@ struct sd_journal {
+ char *journal_make_match_string(sd_journal *j);
+ void journal_print_header(sd_journal *j);
+
+-static inline void journal_closep(sd_journal **j) {
+- sd_journal_close(*j);
+-}
+-
+-#define _cleanup_journal_close_ _cleanup_(journal_closep)
++define_trivial_cleanup_func(sd_journal*, sd_journal_close)
++#define _cleanup_journal_close_ _cleanup_(sd_journal_closep)
+
+ #define JOURNAL_FOREACH_DATA_RETVAL(j, data, l, retval) \
+ for (sd_journal_restart_data(j); ((retval) = sd_journal_enumerate_data((j), &(data), &(l))) > 0; )
+diff --git a/src/login/sysfs-show.c b/src/login/sysfs-show.c
+index 14de7d8..9fc3054 100644
+--- a/src/login/sysfs-show.c
++++ b/src/login/sysfs-show.c
+@@ -26,6 +26,7 @@
+ #include "util.h"
+ #include "sysfs-show.h"
+ #include "path-util.h"
++#include "udev-util.h"
+
+ static int show_sysfs_one(
+ struct udev *udev,
+@@ -143,9 +144,9 @@ static int show_sysfs_one(
+ }
+
+ int show_sysfs(const char *seat, const char *prefix, unsigned n_columns) {
+- struct udev *udev;
++ _cleanup_udev_unref_ struct udev *udev;
++ _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+ struct udev_list_entry *first = NULL;
+- struct udev_enumerate *e;
+ int r;
+
+ if (n_columns <= 0)
+@@ -162,10 +163,8 @@ int show_sysfs(const char *seat, const char *prefix, unsigned n_columns) {
+ return -ENOMEM;
+
+ e = udev_enumerate_new(udev);
+- if (!e) {
+- r = -ENOMEM;
+- goto finish;
+- }
++ if (!e)
++ return ENOMEM;
+
+ if (!streq(seat, "seat0"))
+ r = udev_enumerate_add_match_tag(e, seat);
+@@ -173,11 +172,11 @@ int show_sysfs(const char *seat, const char *prefix, unsigned n_columns) {
+ r = udev_enumerate_add_match_tag(e, "seat");
+
+ if (r < 0)
+- goto finish;
++ return r;
+
+ r = udev_enumerate_scan_devices(e);
+ if (r < 0)
+- goto finish;
++ return r;
+
+ first = udev_enumerate_get_list_entry(e);
+ if (first)
+@@ -185,12 +184,5 @@ int show_sysfs(const char *seat, const char *prefix, unsigned n_columns) {
+ else
+ printf("%s%s%s\n", prefix, draw_special_char(DRAW_TREE_RIGHT), "(none)");
+
+-finish:
+- if (e)
+- udev_enumerate_unref(e);
+-
+- if (udev)
+- udev_unref(udev);
+-
+ return r;
+ }
+diff --git a/src/readahead/readahead-common.c b/src/readahead/readahead-common.c
+index a234a89..aea1fbe 100644
+--- a/src/readahead/readahead-common.c
++++ b/src/readahead/readahead-common.c
+@@ -27,13 +27,14 @@
+ #include <fcntl.h>
+ #include <sys/mman.h>
+ #include <unistd.h>
+-#include <libudev.h>
+
+ #include "log.h"
+ #include "readahead-common.h"
+ #include "util.h"
+ #include "missing.h"
+ #include "fileio.h"
++#include "libudev.h"
++#include "udev-util.h"
+
+ int file_verify(int fd, const char *fn, off_t file_size_max, struct stat *st) {
+ assert(fd >= 0);
+@@ -60,9 +61,9 @@ int file_verify(int fd, const char *fn, off_t file_size_max, struct stat *st) {
+
+ int fs_on_ssd(const char *p) {
+ struct stat st;
+- struct udev *udev = NULL;
+- struct udev_device *udev_device = NULL, *look_at = NULL;
+- bool b = false;
++ _cleanup_udev_unref_ struct udev *udev = NULL;
++ _cleanup_udev_device_unref_ struct udev_device *udev_device = NULL;
++ struct udev_device *look_at = NULL;
+ const char *devtype, *rotational, *model, *id;
+ int r;
+
+@@ -128,7 +129,7 @@ int fs_on_ssd(const char *p) {
+
+ udev_device = udev_device_new_from_devnum(udev, 'b', st.st_dev);
+ if (!udev_device)
+- goto finish;
++ return false;
+
+ devtype = udev_device_get_property_value(udev_device, "DEVTYPE");
+ if (devtype && streq(devtype, "partition"))
+@@ -137,46 +138,34 @@ int fs_on_ssd(const char *p) {
+ look_at = udev_device;
+
+ if (!look_at)
+- goto finish;
++ return false;
+
+ /* First, try high-level property */
+ id = udev_device_get_property_value(look_at, "ID_SSD");
+- if (id) {
+- b = streq(id, "1");
+- goto finish;
+- }
++ if (id)
++ return streq(id, "1");
+
+ /* Second, try kernel attribute */
+ rotational = udev_device_get_sysattr_value(look_at, "queue/rotational");
+- if (rotational) {
+- b = streq(rotational, "0");
+- goto finish;
+- }
++ if (rotational)
++ return streq(rotational, "0");
+
+ /* Finally, fallback to heuristics */
+ look_at = udev_device_get_parent(look_at);
+ if (!look_at)
+- goto finish;
++ return false;
+
+ model = udev_device_get_sysattr_value(look_at, "model");
+ if (model)
+- b = !!strstr(model, "SSD");
+-
+-finish:
+- if (udev_device)
+- udev_device_unref(udev_device);
+-
+- if (udev)
+- udev_unref(udev);
++ return !!strstr(model, "SSD");
+
+- return b;
++ return false;
+ }
+
+ int fs_on_read_only(const char *p) {
+ struct stat st;
+- struct udev *udev = NULL;
+- struct udev_device *udev_device = NULL;
+- bool b = false;
++ _cleanup_udev_unref_ struct udev *udev = NULL;
++ _cleanup_udev_device_unref_ struct udev_device *udev_device = NULL;
+ const char *read_only;
+
+ assert(p);
+@@ -187,24 +176,19 @@ int fs_on_read_only(const char *p) {
+ if (major(st.st_dev) == 0)
+ return false;
+
+- if (!(udev = udev_new()))
++ udev = udev_new();
++ if (!udev)
+ return -ENOMEM;
+
+- if (!(udev_device = udev_device_new_from_devnum(udev, 'b', st.st_dev)))
+- goto finish;
+-
+- if ((read_only = udev_device_get_sysattr_value(udev_device, "ro")))
+- if ((b = streq(read_only, "1")))
+- goto finish;
+-
+-finish:
+- if (udev_device)
+- udev_device_unref(udev_device);
++ udev_device = udev_device_new_from_devnum(udev, 'b', st.st_dev);
++ if (!udev_device)
++ return false;
+
+- if (udev)
+- udev_unref(udev);
++ read_only = udev_device_get_sysattr_value(udev_device, "ro");
++ if (read_only)
++ return streq(read_only, "1");
+
+- return b;
++ return false;
+ }
+
+ bool enough_ram(void) {
+diff --git a/src/shared/fdset.h b/src/shared/fdset.h
+index 1a26005..6277e46 100644
+--- a/src/shared/fdset.h
++++ b/src/shared/fdset.h
+@@ -49,8 +49,5 @@ int fdset_iterate(FDSet *s, Iterator *i);
+ #define FDSET_FOREACH(fd, fds, i) \
+ for ((i) = ITERATOR_FIRST, (fd) = fdset_iterate((fds), &(i)); (fd) >= 0; (fd) = fdset_iterate((fds), &(i)))
+
+-static inline void fdset_freep(FDSet **fds) {
+- if (*fds)
+- fdset_free(*fds);
+-}
++define_trivial_cleanup_func(FDSet*, fdset_free)
+ #define _cleanup_fdset_free_ _cleanup_(fdset_freep)
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 9722ed4..b9c85b7 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -44,10 +44,8 @@ typedef struct {
+ Hashmap *have_installed;
+ } InstallContext;
+
+-#define _cleanup_lookup_paths_free_ \
+- __attribute__((cleanup(lookup_paths_free)))
+-#define _cleanup_install_context_done_ \
+- __attribute__((cleanup(install_context_done)))
++#define _cleanup_lookup_paths_free_ _cleanup_(lookup_paths_free)
++#define _cleanup_install_context_done_ _cleanup_(install_context_done)
+
+ static int lookup_paths_init_from_scope(LookupPaths *paths, UnitFileScope scope) {
+ assert(paths);
+diff --git a/src/shared/set.h b/src/shared/set.h
+index e5d46e9..a291470 100644
+--- a/src/shared/set.h
++++ b/src/shared/set.h
+@@ -28,19 +28,13 @@
+ * for each set use. */
+
+ #include "hashmap.h"
++#include "util.h"
+
+ typedef struct Set Set;
+
+ Set *set_new(hash_func_t hash_func, compare_func_t compare_func);
+ void set_free(Set* s);
+-static inline void set_freep(Set **s) {
+- set_free(*s);
+-}
+-
+ void set_free_free(Set *s);
+-static inline void set_free_freep(Set **s) {
+- set_free_free(*s);
+-}
+
+ Set* set_copy(Set *s);
+ int set_ensure_allocated(Set **s, hash_func_t hash_func, compare_func_t compare_func);
+@@ -79,5 +73,7 @@ char **set_get_strv(Set *s);
+ #define SET_FOREACH_BACKWARDS(e, s, i) \
+ for ((i) = ITERATOR_LAST, (e) = set_iterate_backwards((s), &(i)); (e); (e) = set_iterate_backwards((s), &(i)))
+
++define_trivial_cleanup_func(Set*, set_free)
++define_trivial_cleanup_func(Set*, set_free_free)
+ #define _cleanup_set_free_ _cleanup_(set_freep)
+ #define _cleanup_set_free_free_ _cleanup_(set_free_freep)
+diff --git a/src/shared/strv.h b/src/shared/strv.h
+index d1f2a0e..4d117f8 100644
+--- a/src/shared/strv.h
++++ b/src/shared/strv.h
+@@ -24,16 +24,13 @@
+ #include <stdarg.h>
+ #include <stdbool.h>
+
+-#include "macro.h"
++#include "util.h"
+
+ char *strv_find(char **l, const char *name) _pure_;
+ char *strv_find_prefix(char **l, const char *name) _pure_;
+
+ void strv_free(char **l);
+-static inline void strv_freep(char ***l) {
+- strv_free(*l);
+-}
+-
++define_trivial_cleanup_func(char**, strv_free)
+ #define _cleanup_strv_free_ _cleanup_(strv_freep)
+
+ char **strv_copy(char * const *l);
+diff --git a/src/shared/udev-util.h b/src/shared/udev-util.h
+new file mode 100644
+index 0000000..bff8f5f
+--- /dev/null
++++ b/src/shared/udev-util.h
+@@ -0,0 +1,37 @@
++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
++
++#pragma once
++
++/***
++ This file is part of systemd.
++
++ Copyright 2013 Zbigniew Jędrzejewski-Szmek
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++***/
++
++#include "udev.h"
++#include "util.h"
++
++define_trivial_cleanup_func(struct udev*, udev_unref)
++define_trivial_cleanup_func(struct udev_device*, udev_device_unref)
++define_trivial_cleanup_func(struct udev_enumerate*, udev_enumerate_unref)
++define_trivial_cleanup_func(struct udev_event*, udev_event_unref)
++define_trivial_cleanup_func(struct udev_rules*, udev_rules_unref)
++
++#define _cleanup_udev_unref_ _cleanup_(udev_unrefp)
++#define _cleanup_udev_device_unref_ _cleanup_(udev_device_unrefp)
++#define _cleanup_udev_enumerate_unref_ _cleanup_(udev_enumerate_unrefp)
++#define _cleanup_udev_event_unref_ _cleanup_(udev_event_unrefp)
++#define _cleanup_udev_rules_unref_ _cleanup_(udev_rules_unrefp)
+diff --git a/src/shared/util.h b/src/shared/util.h
+index 5a1e1bc..e577ef0 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -556,42 +556,33 @@ static inline void freep(void *p) {
+ free(*(void**) p);
+ }
+
+-static inline void fclosep(FILE **f) {
+- if (*f)
+- fclose(*f);
+-}
+-
+-static inline void pclosep(FILE **f) {
+- if (*f)
+- pclose(*f);
+-}
++#define define_trivial_cleanup_func(type, func) \
++ static inline void func##p(type *p) { \
++ if (*p) \
++ func(*p); \
++ } \
+
+ static inline void closep(int *fd) {
+ if (*fd >= 0)
+ close_nointr_nofail(*fd);
+ }
+
+-static inline void closedirp(DIR **d) {
+- if (*d)
+- closedir(*d);
+-}
+-
+ static inline void umaskp(mode_t *u) {
+ umask(*u);
+ }
+
+-static inline void endmntentp(FILE **f) {
+- if (*f)
+- endmntent(*f);
+-}
++define_trivial_cleanup_func(FILE*, fclose)
++define_trivial_cleanup_func(FILE*, pclose)
++define_trivial_cleanup_func(DIR*, closedir)
++define_trivial_cleanup_func(FILE*, endmntent)
+
+ #define _cleanup_free_ _cleanup_(freep)
+-#define _cleanup_fclose_ _cleanup_(fclosep)
+-#define _cleanup_pclose_ _cleanup_(pclosep)
+ #define _cleanup_close_ _cleanup_(closep)
+-#define _cleanup_closedir_ _cleanup_(closedirp)
+ #define _cleanup_umask_ _cleanup_(umaskp)
+ #define _cleanup_globfree_ _cleanup_(globfree)
++#define _cleanup_fclose_ _cleanup_(fclosep)
++#define _cleanup_pclose_ _cleanup_(pclosep)
++#define _cleanup_closedir_ _cleanup_(closedirp)
+ #define _cleanup_endmntent_ _cleanup_(endmntentp)
+
+ _malloc_ _alloc_(1, 2) static inline void *malloc_multiply(size_t a, size_t b) {
+diff --git a/src/test/test-libudev.c b/src/test/test-libudev.c
+index 716767b..ab7d5a9 100644
+--- a/src/test/test-libudev.c
++++ b/src/test/test-libudev.c
+@@ -29,6 +29,7 @@
+ #include <sys/epoll.h>
+
+ #include "libudev.h"
++#include "udev-util.h"
+ #include "util.h"
+
+ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+@@ -117,7 +118,7 @@ static void print_device(struct udev_device *device)
+
+ static int test_device(struct udev *udev, const char *syspath)
+ {
+- struct udev_device *device;
++ _cleanup_udev_device_unref_ struct udev_device *device;
+
+ printf("looking at device: %s\n", syspath);
+ device = udev_device_new_from_syspath(udev, syspath);
+@@ -126,13 +127,13 @@ static int test_device(struct udev *udev, const char *syspath)
+ return -1;
+ }
+ print_device(device);
+- udev_device_unref(device);
++
+ return 0;
+ }
+
+ static int test_device_parents(struct udev *udev, const char *syspath)
+ {
+- struct udev_device *device;
++ _cleanup_udev_device_unref_ struct udev_device *device;
+ struct udev_device *device_parent;
+
+ printf("looking at device: %s\n", syspath);
+@@ -153,7 +154,6 @@ static int test_device_parents(struct udev *udev, const char *syspath)
+ print_device(device_parent);
+ device_parent = udev_device_get_parent(device_parent);
+ } while (device_parent != NULL);
+- udev_device_unref(device);
+
+ return 0;
+ }
+diff --git a/src/test/test-udev.c b/src/test/test-udev.c
+index 52b61b4..17825f1 100644
+--- a/src/test/test-udev.c
++++ b/src/test/test-udev.c
+@@ -34,6 +34,7 @@
+
+ #include "missing.h"
+ #include "udev.h"
++#include "udev-util.h"
+
+ void udev_main_log(struct udev *udev, int priority,
+ const char *file, int line, const char *fn,
+@@ -82,10 +83,10 @@ out:
+
+ int main(int argc, char *argv[])
+ {
+- struct udev *udev;
+- struct udev_event *event = NULL;
+- struct udev_device *dev = NULL;
+- struct udev_rules *rules = NULL;
++ _cleanup_udev_unref_ struct udev *udev = NULL;
++ _cleanup_udev_event_unref_ struct udev_event *event = NULL;
++ _cleanup_udev_device_unref_ struct udev_device *dev = NULL;
++ _cleanup_udev_rules_unref_ struct udev_rules *rules = NULL;
+ char syspath[UTIL_PATH_SIZE];
+ const char *devpath;
+ const char *action;
+@@ -98,7 +99,8 @@ int main(int argc, char *argv[])
+
+ udev = udev_new();
+ if (udev == NULL)
+- exit(EXIT_FAILURE);
++ return EXIT_FAILURE;
++
+ log_debug("version %s\n", VERSION);
+ label_init("/dev");
+
+@@ -160,12 +162,7 @@ int main(int argc, char *argv[])
+ out:
+ if (event != NULL && event->fd_signal >= 0)
+ close(event->fd_signal);
+- udev_event_unref(event);
+- udev_device_unref(dev);
+- udev_rules_unref(rules);
+ label_finish();
+- udev_unref(udev);
+- if (err != 0)
+- return EXIT_FAILURE;
+- return EXIT_SUCCESS;
++
++ return err ? EXIT_FAILURE : EXIT_SUCCESS;
+ }
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index 67b13bc..309fa07 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -996,10 +996,7 @@ static void item_free(Item *i) {
+ free(i);
+ }
+
+-static inline void item_freep(Item **i) {
+- if (*i)
+- item_free(*i);
+-}
++define_trivial_cleanup_func(Item*, item_free)
+ #define _cleanup_item_free_ _cleanup_(item_freep)
+
+ static bool item_equal(Item *a, Item *b) {
diff --git a/SOURCES/0245-fsck-modernization.patch b/SOURCES/0245-fsck-modernization.patch
new file mode 100644
index 0000000..bcb1278
--- /dev/null
+++ b/SOURCES/0245-fsck-modernization.patch
@@ -0,0 +1,140 @@
+From 64de3526cce9ef980b37fcb5c412a2734132ad47 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 11 Nov 2013 23:32:31 -0500
+Subject: [PATCH] fsck: modernization
+
+(cherry picked from commit e375825da0cbdbf3be755c277f9c0dec35b41a09)
+
+Related: #1098310
+---
+ src/fsck/fsck.c | 43 ++++++++++++++++++-------------------------
+ 1 file changed, 18 insertions(+), 25 deletions(-)
+
+diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
+index 96a79dd..9b4e555 100644
+--- a/src/fsck/fsck.c
++++ b/src/fsck/fsck.c
+@@ -176,7 +176,7 @@ static double percent(int pass, unsigned long cur, unsigned long max) {
+ }
+
+ static int process_progress(int fd) {
+- FILE *f, *console;
++ _cleanup_fclose_ FILE *console = NULL, *f = NULL;
+ usec_t last = 0;
+ bool locked = false;
+ int clear = 0;
+@@ -188,15 +188,13 @@ static int process_progress(int fd) {
+ }
+
+ console = fopen("/dev/console", "w");
+- if (!console) {
+- fclose(f);
++ if (!console)
+ return -ENOMEM;
+- }
+
+ while (!feof(f)) {
+ int pass, m;
+ unsigned long cur, max;
+- char *device;
++ _cleanup_free_ char *device = NULL;
+ double p;
+ usec_t t;
+
+@@ -205,20 +203,16 @@ static int process_progress(int fd) {
+
+ /* Only show one progress counter at max */
+ if (!locked) {
+- if (flock(fileno(console), LOCK_EX|LOCK_NB) < 0) {
+- free(device);
++ if (flock(fileno(console), LOCK_EX|LOCK_NB) < 0)
+ continue;
+- }
+
+ locked = true;
+ }
+
+ /* Only update once every 50ms */
+ t = now(CLOCK_MONOTONIC);
+- if (last + 50 * USEC_PER_MSEC > t) {
+- free(device);
++ if (last + 50 * USEC_PER_MSEC > t)
+ continue;
+- }
+
+ last = t;
+
+@@ -226,8 +220,6 @@ static int process_progress(int fd) {
+ fprintf(console, "\r%s: fsck %3.1f%% complete...\r%n", device, p, &m);
+ fflush(console);
+
+- free(device);
+-
+ if (m > clear)
+ clear = m;
+ }
+@@ -242,8 +234,6 @@ static int process_progress(int fd) {
+ fflush(console);
+ }
+
+- fclose(f);
+- fclose(console);
+ return 0;
+ }
+
+@@ -287,34 +277,37 @@ int main(int argc, char *argv[]) {
+
+ if (stat("/", &st) < 0) {
+ log_error("Failed to stat() the root directory: %m");
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ /* Virtual root devices don't need an fsck */
+ if (major(st.st_dev) == 0)
+- return 0;
++ return EXIT_SUCCESS;
+
+ /* check if we are already writable */
+ times[0] = st.st_atim;
+ times[1] = st.st_mtim;
+ if (utimensat(AT_FDCWD, "/", times, 0) == 0) {
+ log_info("Root directory is writable, skipping check.");
+- return 0;
++ return EXIT_SUCCESS;
+ }
+
+- if (!(udev = udev_new())) {
++ udev = udev_new();
++ if (!udev) {
+ log_oom();
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+- if (!(udev_device = udev_device_new_from_devnum(udev, 'b', st.st_dev))) {
++ udev_device = udev_device_new_from_devnum(udev, 'b', st.st_dev);
++ if (!udev_device) {
+ log_error("Failed to detect root device.");
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+- if (!(device = udev_device_get_devnode(udev_device))) {
++ device = udev_device_get_devnode(udev_device);
++ if (!device) {
+ log_error("Failed to detect device node of root directory.");
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ root_directory = true;
+@@ -323,7 +316,7 @@ int main(int argc, char *argv[]) {
+ if (arg_show_progress)
+ if (pipe(progress_pipe) < 0) {
+ log_error("pipe(): %m");
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ cmdline[i++] = "/sbin/fsck";
diff --git a/SOURCES/0246-fsck-fstab-generator-be-lenient-about-missing-fsck.-.patch b/SOURCES/0246-fsck-fstab-generator-be-lenient-about-missing-fsck.-.patch
new file mode 100644
index 0000000..75266a0
--- /dev/null
+++ b/SOURCES/0246-fsck-fstab-generator-be-lenient-about-missing-fsck.-.patch
@@ -0,0 +1,212 @@
+From c9e49e522d609f39ab77cbab18b8f1389692e1b8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 12 Nov 2013 00:53:59 -0500
+Subject: [PATCH] fsck,fstab-generator: be lenient about missing fsck.<type>
+
+If fstab contains 1 for passno, treat this as an error, but only warn
+briefly. If fstab doesn't contain this information, don't complain at
+all.
+
+Patch is complicated a bit by the fact that we might have the fstype specified
+in fstab or on /proc/cmdline, in which case we can check if we have the appropriate
+fsck tool, or not specified, or specified as auto, in which case we have to look
+and check the type of the filesystem ourselves. It cannot be done before the
+device appears, so it is too early in the generator phase, and it must be done
+directly in fsck service.
+
+(cherry picked from commit 94192cdaf652c9717f15274504ed315126c07a93)
+
+Resolves: #1098310
+---
+ src/fsck/fsck.c | 40 ++++++++++++++----
+ src/fstab-generator/fstab-generator.c | 77 +++++++++++++++++++++++------------
+ 2 files changed, 82 insertions(+), 35 deletions(-)
+
+diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
+index 9b4e555..1189fe7 100644
+--- a/src/fsck/fsck.c
++++ b/src/fsck/fsck.c
+@@ -244,10 +244,11 @@ int main(int argc, char *argv[]) {
+ siginfo_t status;
+ _cleanup_udev_unref_ struct udev *udev = NULL;
+ _cleanup_udev_device_unref_ struct udev_device *udev_device = NULL;
+- const char *device;
++ const char *device, *type;
+ bool root_directory;
+ int progress_pipe[2] = { -1, -1 };
+ char dash_c[2+10+1];
++ struct stat st;
+
+ if (argc > 2) {
+ log_error("This program expects one or no arguments.");
+@@ -266,11 +267,27 @@ int main(int argc, char *argv[]) {
+ if (!arg_force && arg_skip)
+ return 0;
+
++ udev = udev_new();
++ if (!udev) {
++ log_oom();
++ return EXIT_FAILURE;
++ }
++
+ if (argc > 1) {
+ device = argv[1];
+ root_directory = false;
++
++ if (stat(device, &st) < 0) {
++ log_error("Failed to stat '%s': %m", device);
++ return EXIT_FAILURE;
++ }
++
++ udev_device = udev_device_new_from_devnum(udev, 'b', st.st_rdev);
++ if (!udev_device) {
++ log_error("Failed to detect device %s", device);
++ return EXIT_FAILURE;
++ }
+ } else {
+- struct stat st;
+ struct timespec times[2];
+
+ /* Find root device */
+@@ -292,12 +309,6 @@ int main(int argc, char *argv[]) {
+ return EXIT_SUCCESS;
+ }
+
+- udev = udev_new();
+- if (!udev) {
+- log_oom();
+- return EXIT_FAILURE;
+- }
+-
+ udev_device = udev_device_new_from_devnum(udev, 'b', st.st_dev);
+ if (!udev_device) {
+ log_error("Failed to detect root device.");
+@@ -313,6 +324,19 @@ int main(int argc, char *argv[]) {
+ root_directory = true;
+ }
+
++ type = udev_device_get_property_value(udev_device, "ID_FS_TYPE");
++ if (type) {
++ const char *checker = strappenda("/sbin/fsck.", type);
++ r = access(checker, X_OK);
++ if (r < 0) {
++ if (errno == ENOENT) {
++ log_info("%s doesn't exist, not checking file system.", checker);
++ return EXIT_SUCCESS;
++ } else
++ log_warning("%s cannot be used: %m", checker);
++ }
++ }
++
+ if (arg_show_progress)
+ if (pipe(progress_pipe) < 0) {
+ log_error("pipe(): %m");
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index 78d7609..fa23ac9 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -147,6 +147,52 @@ static bool mount_in_initrd(struct mntent *me) {
+ streq(me->mnt_dir, "/usr");
+ }
+
++static int add_fsck(FILE *f, const char *what, const char *where, const char *type, int passno) {
++ assert(f);
++
++ if (passno == 0)
++ return 0;
++
++ if (type && !streq(type, "auto")) {
++ int r;
++ const char *checker;
++
++ checker = strappenda("/sbin/fsck.", type);
++ r = access(checker, X_OK);
++ if (r < 0) {
++ log_warning("Checking was requested for %s, but %s cannot be used: %m", what, checker);
++
++ /* treat missing check as essentially OK */
++ return errno == ENOENT ? 0 : -errno;
++ }
++ }
++
++ if (streq(where, "/")) {
++ char *lnk;
++
++ lnk = strappenda(arg_dest, "/" SPECIAL_LOCAL_FS_TARGET ".wants/systemd-fsck-root.service");
++ mkdir_parents_label(lnk, 0755);
++ if (symlink("systemd-fsck-root.service", lnk) < 0) {
++ log_error("Failed to create symlink %s: %m", lnk);
++ return -errno;
++ }
++ } else {
++ _cleanup_free_ char *fsck = NULL;
++
++ fsck = unit_name_from_path_instance("systemd-fsck", what, ".service");
++ if (!fsck)
++ return log_oom();
++
++ fprintf(f,
++ "Requires=%s\n"
++ "After=%s\n",
++ fsck,
++ fsck);
++ }
++
++ return 0;
++}
++
+ static int add_mount(
+ const char *what,
+ const char *where,
+@@ -162,6 +208,7 @@ static int add_mount(
+ *name = NULL, *unit = NULL, *lnk = NULL,
+ *automount_name = NULL, *automount_unit = NULL;
+ _cleanup_fclose_ FILE *f = NULL;
++ int r;
+
+ assert(what);
+ assert(where);
+@@ -209,32 +256,9 @@ static int add_mount(
+ "Before=%s\n",
+ post);
+
+- if (passno > 0) {
+- if (streq(where, "/")) {
+- lnk = strjoin(arg_dest, "/", SPECIAL_LOCAL_FS_TARGET, ".wants/", "systemd-fsck-root.service", NULL);
+- if (!lnk)
+- return log_oom();
+-
+- mkdir_parents_label(lnk, 0755);
+- if (symlink("systemd-fsck-root.service", lnk) < 0) {
+- log_error("Failed to create symlink %s: %m", lnk);
+- return -errno;
+- }
+- } else {
+- _cleanup_free_ char *fsck = NULL;
+-
+- fsck = unit_name_from_path_instance("systemd-fsck", what, ".service");
+- if (!fsck)
+- return log_oom();
+-
+- fprintf(f,
+- "Requires=%s\n"
+- "After=%s\n",
+- fsck,
+- fsck);
+- }
+- }
+-
++ r = add_fsck(f, what, where, type, passno);
++ if (r < 0)
++ return r;
+
+ fprintf(f,
+ "\n"
+@@ -260,7 +284,6 @@ static int add_mount(
+
+ if (!noauto) {
+ if (post) {
+- free(lnk);
+ lnk = strjoin(arg_dest, "/", post, nofail || automount ? ".wants/" : ".requires/", name, NULL);
+ if (!lnk)
+ return log_oom();
diff --git a/SOURCES/0247-rules-60-persistent-storage-add-nvme-pcie-ssd-scsi_i.patch b/SOURCES/0247-rules-60-persistent-storage-add-nvme-pcie-ssd-scsi_i.patch
new file mode 100644
index 0000000..d883427
--- /dev/null
+++ b/SOURCES/0247-rules-60-persistent-storage-add-nvme-pcie-ssd-scsi_i.patch
@@ -0,0 +1,24 @@
+From 5d050e50b2028d3b29f2ecd7a6e5fe0ab543c1df Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Mon, 28 Jul 2014 16:31:32 +0200
+Subject: [PATCH] rules/60-persistent-storage: add nvme pcie ssd scsi_id ENV
+
+Resolves: #1042990
+---
+ rules/60-persistent-storage.rules | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
+index a4d009a..c47c130 100644
+--- a/rules/60-persistent-storage.rules
++++ b/rules/60-persistent-storage.rules
+@@ -42,6 +42,9 @@ KERNEL=="cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}!="?*", IMPORT{program}="s
+ KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}"
+ KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}-part%n"
+
++# NVMe
++KERNEL=="nvme*", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $tempnode"
++
+ # firewire
+ KERNEL=="sd*[!0-9]|sr*", ATTRS{ieee1394_id}=="?*", SYMLINK+="disk/by-id/ieee1394-$attr{ieee1394_id}"
+ KERNEL=="sd*[0-9]", ATTRS{ieee1394_id}=="?*", SYMLINK+="disk/by-id/ieee1394-$attr{ieee1394_id}-part%n"
diff --git a/SOURCES/0248-cgls-fix-running-with-M-option.patch b/SOURCES/0248-cgls-fix-running-with-M-option.patch
new file mode 100644
index 0000000..f0c728e
--- /dev/null
+++ b/SOURCES/0248-cgls-fix-running-with-M-option.patch
@@ -0,0 +1,166 @@
+From 2b7fc0e2a0a680fe61041e569eda50f06c3f8768 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Mon, 28 Jul 2014 18:18:58 +0200
+Subject: [PATCH] cgls: fix running with -M option
+
+systemd-machined doesn't store cgroup path in a state file anymore.
+Let's figure it out from the scope.
+
+Resolves: #1085455
+---
+ Makefile.am | 8 +++++-
+ src/cgls/cgls.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 91 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index fa2fba6..a9fb792 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1830,8 +1830,14 @@ systemd_reply_password_LDADD = \
+ systemd_cgls_SOURCES = \
+ src/cgls/cgls.c
+
++systemd_cgls_CFLAGS = \
++ $(AM_CFLAGS) \
++ $(DBUS_CFLAGS)
++
+ systemd_cgls_LDADD = \
+- libsystemd-shared.la
++ libsystemd-shared.la \
++ libsystemd-dbus.la \
++ libudev.la
+
+ # ------------------------------------------------------------------------------
+ systemd_cgtop_SOURCES = \
+diff --git a/src/cgls/cgls.c b/src/cgls/cgls.c
+index c689b5c..f678657 100644
+--- a/src/cgls/cgls.c
++++ b/src/cgls/cgls.c
+@@ -19,6 +19,7 @@
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
++#include <dbus/dbus.h>
+ #include <limits.h>
+ #include <stdio.h>
+ #include <unistd.h>
+@@ -35,6 +36,8 @@
+ #include "build.h"
+ #include "output-mode.h"
+ #include "fileio.h"
++#include "dbus-common.h"
++#include "unit-name.h"
+
+ static bool arg_no_pager = false;
+ static bool arg_kernel_threads = false;
+@@ -127,6 +130,10 @@ int main(int argc, char *argv[]) {
+ int r = 0, retval = EXIT_FAILURE;
+ int output_flags;
+ char _cleanup_free_ *root = NULL;
++ DBusConnection *bus = NULL;
++ DBusError error;
++
++ dbus_error_init(&error);
+
+ log_parse_environment();
+ log_open();
+@@ -147,6 +154,14 @@ int main(int argc, char *argv[]) {
+ }
+ }
+
++ bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
++
++ if (!bus) {
++ printf("Failed to get D-Bus connection: %s", error.message);
++ retval = EXIT_FAILURE;
++ goto finish;
++ }
++
+ output_flags =
+ arg_all * OUTPUT_SHOW_ALL |
+ (arg_full > 0) * OUTPUT_FULL_WIDTH;
+@@ -189,8 +204,67 @@ int main(int argc, char *argv[]) {
+ } else {
+ if (arg_machine) {
+ char *m;
++ const char *cgroup;
++ const char *property = "ControlGroup";
++ const char *interface = "org.freedesktop.systemd1.Scope";
++ _cleanup_free_ char *scope = NULL;
++ _cleanup_free_ char *path = NULL;
++ _cleanup_dbus_message_unref_ DBusMessage *reply = NULL;
++ DBusMessageIter iter, sub;
++
+ m = strappenda("/run/systemd/machines/", arg_machine);
+- r = parse_env_file(m, NEWLINE, "CGROUP", &root, NULL);
++ r = parse_env_file(m, NEWLINE, "SCOPE", &scope, NULL);
++
++ if (r < 0) {
++ log_error("Failed to get machine path: %s", strerror(-r));
++ goto finish;
++ }
++
++ path = unit_dbus_path_from_name(scope);
++ if (!path) {
++ r = log_oom();
++ goto finish;
++ }
++
++ r = bus_method_call_with_reply(
++ bus,
++ "org.freedesktop.systemd1",
++ path,
++ "org.freedesktop.DBus.Properties",
++ "Get",
++ &reply,
++ &error,
++ DBUS_TYPE_STRING, &interface,
++ DBUS_TYPE_STRING, &property,
++ DBUS_TYPE_INVALID);
++ if (r < 0) {
++ log_error("Failed to query ControlGroup: %s", bus_error(&error, r));
++ dbus_error_free(&error);
++ goto finish;
++ }
++
++ if (!dbus_message_iter_init(reply, &iter) ||
++ dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_VARIANT) {
++ log_error("Failed to parse reply.");
++ r = -EINVAL;
++ goto finish;
++ }
++
++ dbus_message_iter_recurse(&iter, &sub);
++ if (dbus_message_iter_get_arg_type(&sub) != DBUS_TYPE_STRING) {
++ log_error("Failed to parse reply.");
++ r = -EINVAL;
++ goto finish;
++ }
++
++ dbus_message_iter_get_basic(&sub, &cgroup);
++
++ root = strdup(cgroup);
++ if (!root) {
++ r = log_oom();
++ goto finish;
++ }
++
+ } else
+ r = cg_get_root_path(&root);
+ if (r < 0) {
+@@ -211,6 +285,15 @@ int main(int argc, char *argv[]) {
+ retval = EXIT_SUCCESS;
+
+ finish:
++
++ if (bus) {
++ dbus_connection_flush(bus);
++ dbus_connection_close(bus);
++ dbus_connection_unref(bus);
++ }
++
++ dbus_error_free(&error);
++ dbus_shutdown();
+ pager_close();
+
+ return retval;
diff --git a/SOURCES/0249-units-when-spawning-a-getty-configure-TERM-explicitl.patch b/SOURCES/0249-units-when-spawning-a-getty-configure-TERM-explicitl.patch
new file mode 100644
index 0000000..a220c7b
--- /dev/null
+++ b/SOURCES/0249-units-when-spawning-a-getty-configure-TERM-explicitl.patch
@@ -0,0 +1,60 @@
+From fa600b8b075ad4c717bd5f60fd3c6b5545cc75c5 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 18 Dec 2013 17:48:31 +0100
+Subject: [PATCH] units: when spawning a getty configure TERM explicitly
+
+This way we can make use of our logic to automatically determine an
+appropriate TERM for a specific tty.
+
+Conflicts:
+ units/console-getty.service.m4.in
+ units/container-getty@.service.m4.in
+
+(cherry picked from commit ccf22d4a104e6ed2666d6c5b4031981a84787790)
+
+Related: #1075729
+---
+ units/console-getty.service.m4.in | 2 +-
+ units/getty@.service.m4 | 2 +-
+ units/serial-getty@.service.m4 | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in
+index 2fd9dd8..8ac51a4 100644
+--- a/units/console-getty.service.m4.in
++++ b/units/console-getty.service.m4.in
+@@ -15,7 +15,7 @@ After=rc-local.service
+ Before=getty.target
+
+ [Service]
+-ExecStart=-/sbin/agetty --noclear -s console 115200,38400,9600
++ExecStart=-/sbin/agetty --noclear --keep-baud console 115200,38400,9600 $TERM
+ Type=idle
+ Restart=always
+ RestartSec=0
+diff --git a/units/getty@.service.m4 b/units/getty@.service.m4
+index 253da85..aa853b8 100644
+--- a/units/getty@.service.m4
++++ b/units/getty@.service.m4
+@@ -27,7 +27,7 @@ ConditionPathExists=/dev/tty0
+
+ [Service]
+ # the VT is cleared by TTYVTDisallocate
+-ExecStart=-/sbin/agetty --noclear %I
++ExecStart=-/sbin/agetty --noclear %I $TERM
+ Type=idle
+ Restart=always
+ RestartSec=0
+diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4
+index aea078f..e94cdb4 100644
+--- a/units/serial-getty@.service.m4
++++ b/units/serial-getty@.service.m4
+@@ -22,7 +22,7 @@ Before=getty.target
+ IgnoreOnIsolate=yes
+
+ [Service]
+-ExecStart=-/sbin/agetty --keep-baud %I 115200,38400,9600
++ExecStart=-/sbin/agetty --keep-baud %I 115200,38400,9600 $TERM
+ Type=idle
+ Restart=always
+ RestartSec=0
diff --git a/SOURCES/0250-getty-Start-getty-on-3270-terminals-available-on-Lin.patch b/SOURCES/0250-getty-Start-getty-on-3270-terminals-available-on-Lin.patch
new file mode 100644
index 0000000..8bc3414
--- /dev/null
+++ b/SOURCES/0250-getty-Start-getty-on-3270-terminals-available-on-Lin.patch
@@ -0,0 +1,84 @@
+From 39456b9f6e692a2385bf1288a53d02dd9abac8d5 Mon Sep 17 00:00:00 2001
+From: Hendrik Brueckner <brueckner@redhat.com>
+Date: Tue, 11 Mar 2014 18:41:09 +0100
+Subject: [PATCH] getty: Start getty on 3270 terminals available on Linux on
+ System z
+
+Add the first 3270 terminal device that is associated with the Linux preferred
+console to the list of virtualization consoles. This is required to
+automatically start a getty if the conmode=3270 kernel parameter is specified
+for Linux on z/VM instances. Note that a queued upstream patch also enable
+the 3270 terminal device if it is associated with the Linux preferred console.
+How
+
+To successfully start agetty on a 3270 terminal, a change in the agetty
+parameter order is required. Previously, agetty would started like this:
+
+ /sbin/agetty --keep-baud 3270/tty1 115200,38400,9600 TERM
+
+The agetty program interprets the "3270/tty1" as baud rate and fails to start
+with the "bad speed: 3270/tty1" error message. Fixing this in agetty is more
+complex rather than reordering the command line parameters like this:
+
+ /sbin/agetty --keep-baud 115200,38400,9600 3270/tty1 TERM
+
+According to agetty sources and "agetty --help", agetty accepts the "tty",
+"baudrate tty", and "tty baudrate" specifications.
+
+P.S. The "tty: Set correct tty name in 'active' sysfs attribute" introduces
+ a change to display the terminal device which is associated with the
+ Linux preferred console. This change helps to let systemd handle this
+ particular case only. Without the changes of this commit, no additional
+ 3270 terminal device can be managed by systemd.
+
+ https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?id=723abd87f6e536f1353c8f64f621520bc29523a3
+
+(cherry picked from commit fc6c7fe9becdd70ae6b671c396f2ad2db0b71cd7)
+
+Resolves: #1075729
+---
+ rules/99-systemd.rules.in | 2 +-
+ src/getty-generator/getty-generator.c | 3 ++-
+ units/serial-getty@.service.m4 | 2 +-
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
+index 0471719..308a074 100644
+--- a/rules/99-systemd.rules.in
++++ b/rules/99-systemd.rules.in
+@@ -7,7 +7,7 @@
+
+ ACTION=="remove", GOTO="systemd_end"
+
+-SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*", TAG+="systemd"
++SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*|3270/tty[0-9]*", TAG+="systemd"
+
+ KERNEL=="vport*", TAG+="systemd"
+
+diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c
+index 40374b5..5a1997f 100644
+--- a/src/getty-generator/getty-generator.c
++++ b/src/getty-generator/getty-generator.c
+@@ -93,7 +93,8 @@ int main(int argc, char *argv[]) {
+ "xvc0\0"
+ "hvsi0\0"
+ "sclp_line0\0"
+- "ttysclp0\0";
++ "ttysclp0\0"
++ "3270!tty1\0";
+
+ int r = EXIT_SUCCESS;
+ char *active;
+diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4
+index e94cdb4..4ac51e7 100644
+--- a/units/serial-getty@.service.m4
++++ b/units/serial-getty@.service.m4
+@@ -22,7 +22,7 @@ Before=getty.target
+ IgnoreOnIsolate=yes
+
+ [Service]
+-ExecStart=-/sbin/agetty --keep-baud %I 115200,38400,9600 $TERM
++ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
+ Type=idle
+ Restart=always
+ RestartSec=0
diff --git a/SOURCES/0251-core-Added-support-for-ERRNO-NOTIFY_SOCKET-message-p.patch b/SOURCES/0251-core-Added-support-for-ERRNO-NOTIFY_SOCKET-message-p.patch
new file mode 100644
index 0000000..fce708d
--- /dev/null
+++ b/SOURCES/0251-core-Added-support-for-ERRNO-NOTIFY_SOCKET-message-p.patch
@@ -0,0 +1,126 @@
+From 4323a5406bb40c76076814fd998e09c58b433e7d Mon Sep 17 00:00:00 2001
+From: Miguel Angel Ajo <mangelajo@redhat.com>
+Date: Mon, 7 Jul 2014 14:20:36 +0200
+Subject: [PATCH] core: Added support for ERRNO NOTIFY_SOCKET message parsing
+
+Added StatusErrno dbus property along StatusText to allow notification of
+numeric status condition while degraded service operation or any other special
+situation.
+
+(cherry picked from commit 4774e357268e4a1e9fa82adb0563a538932a4c8e)
+
+Resolves: #1106457
+---
+ src/core/dbus-service.c | 3 +++
+ src/core/service.c | 33 +++++++++++++++++++++++++++++----
+ src/core/service.h | 1 +
+ 3 files changed, 33 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c
+index 696c446..edfc7ff 100644
+--- a/src/core/dbus-service.c
++++ b/src/core/dbus-service.c
+@@ -64,6 +64,7 @@
+ " <property name=\"ControlPID\" type=\"u\" access=\"read\"/>\n" \
+ " <property name=\"BusName\" type=\"s\" access=\"read\"/>\n" \
+ " <property name=\"StatusText\" type=\"s\" access=\"read\"/>\n" \
++ " <property name=\"StatusErrno\" type=\"i\" access=\"read\"/>\n" \
+ " <property name=\"Result\" type=\"s\" access=\"read\"/>\n" \
+ " </interface>\n"
+
+@@ -96,6 +97,7 @@ const char bus_service_invalidating_properties[] =
+ "MainPID\0"
+ "ControlPID\0"
+ "StatusText\0"
++ "StatusErrno\0"
+ "Result\0";
+
+ static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_service_append_type, service_type, ServiceType);
+@@ -144,6 +146,7 @@ static const BusProperty bus_service_properties[] = {
+ { "ControlPID", bus_property_append_pid, "u", offsetof(Service, control_pid) },
+ { "BusName", bus_property_append_string, "s", offsetof(Service, bus_name), true },
+ { "StatusText", bus_property_append_string, "s", offsetof(Service, status_text), true },
++ { "StatusErrno", bus_property_append_int, "i", offsetof(Service, status_errno) },
+ { "Result", bus_service_append_service_result,"s", offsetof(Service, result) },
+ {}
+ };
+diff --git a/src/core/service.c b/src/core/service.c
+index f6fdbbc..3f6c8ac 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -3443,6 +3443,7 @@ static void service_timer_event(Unit *u, uint64_t elapsed, Watch* w) {
+ static void service_notify_message(Unit *u, pid_t pid, char **tags) {
+ Service *s = SERVICE(u);
+ const char *e;
++ bool notify_dbus = false;
+
+ assert(u);
+
+@@ -3478,6 +3479,7 @@ static void service_notify_message(Unit *u, pid_t pid, char **tags) {
+ "%s: got %s", u->id, e);
+ service_set_main_pid(s, pid);
+ unit_watch_pid(UNIT(s), pid);
++ notify_dbus = true;
+ }
+ }
+
+@@ -3516,12 +3518,34 @@ static void service_notify_message(Unit *u, pid_t pid, char **tags) {
+
+ free(s->status_text);
+ s->status_text = t;
+- } else {
++ } else
++ t = NULL;
++
++ if (!streq_ptr(s->status_text, t)) {
+ free(s->status_text);
+- s->status_text = NULL;
+- }
++ s->status_text = t;
++ notify_dbus = true;
++ } else
++ free(t);
++ }
++
++ /* Interpret ERRNO= */
++ e = strv_find_prefix(tags, "ERRNO=");
++ if (e) {
++ int status_errno;
+
++ if (safe_atoi(e + 6, &status_errno) < 0)
++ log_warning_unit(u->id, "Failed to parse ERRNO= field in notification message: %s", e);
++ else {
++ log_debug_unit(u->id, "%s: got %s", u->id, e);
++
++ if (s->status_errno != status_errno) {
++ s->status_errno = status_errno;
++ notify_dbus = true;
++ }
++ }
+ }
++
+ if (strv_find(tags, "WATCHDOG=1")) {
+ log_debug_unit(u->id,
+ "%s: got WATCHDOG=1", u->id);
+@@ -3530,7 +3554,8 @@ static void service_notify_message(Unit *u, pid_t pid, char **tags) {
+ }
+
+ /* Notify clients about changed status or main pid */
+- unit_add_to_dbus_queue(u);
++ if (notify_dbus)
++ unit_add_to_dbus_queue(u);
+ }
+
+ #ifdef HAVE_SYSV_COMPAT
+diff --git a/src/core/service.h b/src/core/service.h
+index ce5b5e0..fa4ef2b 100644
+--- a/src/core/service.h
++++ b/src/core/service.h
+@@ -187,6 +187,7 @@ struct Service {
+ char *bus_name;
+
+ char *status_text;
++ int status_errno;
+
+ RateLimit start_limit;
+ StartLimitAction start_limit_action;
diff --git a/SOURCES/0252-service-don-t-accept-negative-ERRNO-notification-mes.patch b/SOURCES/0252-service-don-t-accept-negative-ERRNO-notification-mes.patch
new file mode 100644
index 0000000..2e2d570
--- /dev/null
+++ b/SOURCES/0252-service-don-t-accept-negative-ERRNO-notification-mes.patch
@@ -0,0 +1,25 @@
+From 865e6e46f235bc9c58e61024696fff216e7a2182 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 7 Jul 2014 17:32:44 +0200
+Subject: [PATCH] service: don't accept negative ERRNO= notification messages
+
+(cherry picked from commit 2040ccf171404b709acb0ecf1d1f17b87c5d05f0)
+
+Related: #1106457
+---
+ src/core/service.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 3f6c8ac..814019d 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -3534,7 +3534,7 @@ static void service_notify_message(Unit *u, pid_t pid, char **tags) {
+ if (e) {
+ int status_errno;
+
+- if (safe_atoi(e + 6, &status_errno) < 0)
++ if (safe_atoi(e + 6, &status_errno) < 0 || status_errno < 0)
+ log_warning_unit(u->id, "Failed to parse ERRNO= field in notification message: %s", e);
+ else {
+ log_debug_unit(u->id, "%s: got %s", u->id, e);
diff --git a/SOURCES/0253-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch b/SOURCES/0253-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch
new file mode 100644
index 0000000..4670661
--- /dev/null
+++ b/SOURCES/0253-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch
@@ -0,0 +1,610 @@
+From 6744ef720b34a87ff69acb8535cf5e83db6f5e8b Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 24 Jun 2014 14:50:26 +0200
+Subject: [PATCH] socket: add SocketUser= and SocketGroup= for chown()ing
+ sockets in the file system
+
+This is relatively complex, as we cannot invoke NSS from PID 1, and thus
+need to fork a helper process temporarily.
+
+(cherry picked from commit 3900e5fdff688dc3c273f177d9d913b7389d5561)
+
+Resolves: #1111761
+---
+ man/systemd.socket.xml | 38 ++++--
+ src/core/dbus-socket.c | 8 +-
+ src/core/load-fragment-gperf.gperf.m4 | 4 +-
+ src/core/socket.c | 220 +++++++++++++++++++++++++++-------
+ src/core/socket.h | 5 +
+ src/shared/exit-status.c | 4 +
+ src/shared/exit-status.h | 3 +-
+ 7 files changed, 224 insertions(+), 58 deletions(-)
+
+diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
+index 570a6fb..d146b3b 100644
+--- a/man/systemd.socket.xml
++++ b/man/systemd.socket.xml
+@@ -372,16 +372,21 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term><varname>DirectoryMode=</varname></term>
+- <listitem><para>If listening on a file
+- system socket or FIFO, the parent
+- directories are automatically created
+- if needed. This option specifies the
+- file system access mode used when
+- creating these directories. Takes an
+- access mode in octal
+- notation. Defaults to
+- 0755.</para></listitem>
++ <term><varname>SocketUser=</varname></term>
++ <term><varname>SocketGroup=</varname></term>
++
++ <listitem><para>Takes a UNIX
++ user/group name. When specified
++ all AF_UNIX sockets and FIFO nodes in
++ the file system are owned by the
++ specified user and group. If unset
++ (the default), the nodes are owned by
++ the root user/group (if run in system
++ context) or the invoking user/group
++ (if run in user context). If only a
++ user is specified but no group, then
++ the group is derived from the user's
++ default group.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+@@ -396,6 +401,19 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term><varname>DirectoryMode=</varname></term>
++ <listitem><para>If listening on a file
++ system socket or FIFO, the parent
++ directories are automatically created
++ if needed. This option specifies the
++ file system access mode used when
++ creating these directories. Takes an
++ access mode in octal
++ notation. Defaults to
++ 0755.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term><varname>Accept=</varname></term>
+ <listitem><para>Takes a boolean
+ argument. If true, a service instance
+diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
+index 30c4b63..870bcdc 100644
+--- a/src/core/dbus-socket.c
++++ b/src/core/dbus-socket.c
+@@ -44,8 +44,10 @@
+ BUS_CGROUP_CONTEXT_INTERFACE \
+ " <property name=\"ControlPID\" type=\"u\" access=\"read\"/>\n" \
+ " <property name=\"BindToDevice\" type=\"s\" access=\"read\"/>\n" \
+- " <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \
++ " <property name=\"SocketUser\" type=\"s\" access=\"read\"/>\n" \
++ " <property name=\"SocketGroup\" type=\"s\" access=\"read\"/>\n" \
+ " <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \
++ " <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \
+ " <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \
+ " <property name=\"KeepAlive\" type=\"b\" access=\"read\"/>\n" \
+ " <property name=\"Priority\" type=\"i\" access=\"read\"/>\n" \
+@@ -172,8 +174,10 @@ static const BusProperty bus_socket_properties[] = {
+ BUS_EXEC_COMMAND_PROPERTY("ExecStopPost", offsetof(Socket, exec_command[SOCKET_EXEC_STOP_POST]), true ),
+ { "ControlPID", bus_property_append_pid, "u", offsetof(Socket, control_pid) },
+ { "BindToDevice", bus_property_append_string, "s", offsetof(Socket, bind_to_device), true },
+- { "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) },
++ { "SocketUser", bus_property_append_string, "s", offsetof(Socket, user), true },
++ { "SocketGroup", bus_property_append_string, "s", offsetof(Socket, group), true },
+ { "SocketMode", bus_property_append_mode, "u", offsetof(Socket, socket_mode) },
++ { "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) },
+ { "Accept", bus_property_append_bool, "b", offsetof(Socket, accept) },
+ { "KeepAlive", bus_property_append_bool, "b", offsetof(Socket, keep_alive) },
+ { "Priority", bus_property_append_int, "i", offsetof(Socket, priority) },
+diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
+index d65bcc1..0991cb9 100644
+--- a/src/core/load-fragment-gperf.gperf.m4
++++ b/src/core/load-fragment-gperf.gperf.m4
+@@ -193,8 +193,10 @@ Socket.ExecStartPost, config_parse_exec, SOCKET_EXEC
+ Socket.ExecStopPre, config_parse_exec, SOCKET_EXEC_STOP_PRE, offsetof(Socket, exec_command)
+ Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC_STOP_POST, offsetof(Socket, exec_command)
+ Socket.TimeoutSec, config_parse_sec, 0, offsetof(Socket, timeout_usec)
+-Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
++Socket.SocketUser, config_parse_unit_string_printf, 0, offsetof(Socket, user)
++Socket.SocketGroup, config_parse_unit_string_printf, 0, offsetof(Socket, group)
+ Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode)
++Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
+ Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept)
+ Socket.MaxConnections, config_parse_unsigned, 0, offsetof(Socket, max_connections)
+ Socket.KeepAlive, config_parse_bool, 0, offsetof(Socket, keep_alive)
+diff --git a/src/core/socket.c b/src/core/socket.c
+index e673f38..32e0d35 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -54,6 +54,7 @@
+ static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
+ [SOCKET_DEAD] = UNIT_INACTIVE,
+ [SOCKET_START_PRE] = UNIT_ACTIVATING,
++ [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
+ [SOCKET_START_POST] = UNIT_ACTIVATING,
+ [SOCKET_LISTENING] = UNIT_ACTIVE,
+ [SOCKET_RUNNING] = UNIT_ACTIVE,
+@@ -147,6 +148,8 @@ static void socket_done(Unit *u) {
+ free(s->smack);
+ free(s->smack_ip_in);
+ free(s->smack_ip_out);
++ free(s->user);
++ free(s->group);
+
+ unit_unwatch_timer(u, &s->timer_watch);
+ }
+@@ -527,6 +530,16 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
+ "%sSmackLabelIPOut: %s\n",
+ prefix, s->smack_ip_out);
+
++ if (s->user)
++ fprintf(f,
++ "%sOwnerUser: %s\n",
++ prefix, s->user);
++
++ if (s->group)
++ fprintf(f,
++ "%sOwnerGroup: %s\n",
++ prefix, s->user);
++
+ LIST_FOREACH(port, p, s->ports) {
+
+ if (p->type == SOCKET_SOCKET) {
+@@ -1100,6 +1113,7 @@ static void socket_set_state(Socket *s, SocketState state) {
+ s->state = state;
+
+ if (state != SOCKET_START_PRE &&
++ state != SOCKET_START_CHOWN &&
+ state != SOCKET_START_POST &&
+ state != SOCKET_STOP_PRE &&
+ state != SOCKET_STOP_PRE_SIGTERM &&
+@@ -1116,7 +1130,8 @@ static void socket_set_state(Socket *s, SocketState state) {
+ if (state != SOCKET_LISTENING)
+ socket_unwatch_fds(s);
+
+- if (state != SOCKET_START_POST &&
++ if (state != SOCKET_START_CHOWN &&
++ state != SOCKET_START_POST &&
+ state != SOCKET_LISTENING &&
+ state != SOCKET_RUNNING &&
+ state != SOCKET_STOP_PRE &&
+@@ -1143,6 +1158,7 @@ static int socket_coldplug(Unit *u) {
+ if (s->deserialized_state != s->state) {
+
+ if (s->deserialized_state == SOCKET_START_PRE ||
++ s->deserialized_state == SOCKET_START_CHOWN ||
+ s->deserialized_state == SOCKET_START_POST ||
+ s->deserialized_state == SOCKET_STOP_PRE ||
+ s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
+@@ -1163,7 +1179,8 @@ static int socket_coldplug(Unit *u) {
+ return r;
+ }
+
+- if (s->deserialized_state == SOCKET_START_POST ||
++ if (s->deserialized_state == SOCKET_START_CHOWN ||
++ s->deserialized_state == SOCKET_START_POST ||
+ s->deserialized_state == SOCKET_LISTENING ||
+ s->deserialized_state == SOCKET_RUNNING ||
+ s->deserialized_state == SOCKET_STOP_PRE ||
+@@ -1185,7 +1202,7 @@ static int socket_coldplug(Unit *u) {
+ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
+ pid_t pid;
+ int r;
+- char **argv;
++ _cleanup_strv_free_ char **argv = NULL;
+
+ assert(s);
+ assert(c);
+@@ -1216,11 +1233,11 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
+ NULL,
+ &pid);
+
+- strv_free(argv);
+ if (r < 0)
+ goto fail;
+
+- if ((r = unit_watch_pid(UNIT(s), pid)) < 0)
++ r = unit_watch_pid(UNIT(s), pid);
++ if (r < 0)
+ /* FIXME: we need to do something here */
+ goto fail;
+
+@@ -1234,6 +1251,88 @@ fail:
+ return r;
+ }
+
++static int socket_chown(Socket *s, pid_t *_pid) {
++ pid_t pid;
++ int r;
++
++ r = unit_watch_timer(UNIT(s), CLOCK_MONOTONIC, true, s->timeout_usec, &s->timer_watch);
++ if (r < 0)
++ goto fail;
++
++ pid = fork();
++ if (pid < 0)
++ return -errno;
++
++ if (pid == 0) {
++ SocketPort *p;
++ uid_t uid = (uid_t) -1;
++ gid_t gid = (gid_t) -1;
++ int ret;
++
++ default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
++ ignore_signals(SIGPIPE, -1);
++ log_forget_fds();
++
++ if (!isempty(s->user)) {
++ const char *user = s->user;
++
++ r = get_user_creds(&user, &uid, &gid, NULL, NULL);
++ if (r < 0) {
++ ret = EXIT_USER;
++ goto fail_child;
++ }
++ }
++
++ if (!isempty(s->group)) {
++ const char *group = s->group;
++
++ r = get_group_creds(&group, &gid);
++ if (r < 0) {
++ ret = EXIT_GROUP;
++ goto fail_child;
++ }
++ }
++
++ LIST_FOREACH(port, p, s->ports) {
++ const char *path = NULL;
++
++ if (p->type == SOCKET_SOCKET)
++ path = socket_address_get_path(&p->address);
++ else if (p->type == SOCKET_FIFO)
++ path = p->path;
++
++ if (!path)
++ continue;
++
++ if (chown(path, uid, gid) < 0) {
++ r = -errno;
++ ret = EXIT_CHOWN;
++ goto fail_child;
++ }
++ }
++
++ _exit(0);
++
++ fail_child:
++ log_open();
++ log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
++
++ _exit(ret);
++ }
++
++ r = unit_watch_pid(UNIT(s), pid);
++ if (r < 0)
++ goto fail;
++
++ *_pid = pid;
++
++ return 0;
++
++fail:
++ unit_unwatch_timer(UNIT(s), &s->timer_watch);
++ return r;
++}
++
+ static void socket_enter_dead(Socket *s, SocketResult f) {
+ assert(s);
+
+@@ -1256,9 +1355,11 @@ static void socket_enter_stop_post(Socket *s, SocketResult f) {
+ socket_unwatch_control_pid(s);
+
+ s->control_command_id = SOCKET_EXEC_STOP_POST;
++ s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
+
+- if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST])) {
+- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
++ if (s->control_command) {
++ r = socket_spawn(s, s->control_command, &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+ socket_set_state(s, SOCKET_STOP_POST);
+@@ -1326,9 +1427,11 @@ static void socket_enter_stop_pre(Socket *s, SocketResult f) {
+ socket_unwatch_control_pid(s);
+
+ s->control_command_id = SOCKET_EXEC_STOP_PRE;
++ s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
+
+- if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE])) {
+- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
++ if (s->control_command) {
++ r = socket_spawn(s, s->control_command, &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+ socket_set_state(s, SOCKET_STOP_PRE);
+@@ -1376,15 +1479,13 @@ static void socket_enter_start_post(Socket *s) {
+ }
+
+ socket_unwatch_control_pid(s);
+-
+ s->control_command_id = SOCKET_EXEC_START_POST;
++ s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
+
+- if ((s->control_command = s->exec_command[SOCKET_EXEC_START_POST])) {
++ if (s->control_command) {
+ r = socket_spawn(s, s->control_command, &s->control_pid);
+ if (r < 0) {
+- log_warning_unit(UNIT(s)->id,
+- "%s failed to run 'start-post' task: %s",
+- UNIT(s)->id, strerror(-r));
++ log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
+ goto fail;
+ }
+
+@@ -1398,6 +1499,38 @@ fail:
+ socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
+ }
+
++static void socket_enter_start_chown(Socket *s) {
++ int r;
++
++ assert(s);
++
++ r = socket_open_fds(s);
++ if (r < 0) {
++ log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
++ goto fail;
++ }
++
++ if (!isempty(s->user) || !isempty(s->group)) {
++ socket_unwatch_control_pid(s);
++ s->control_command_id = SOCKET_EXEC_START_CHOWN;
++ s->control_command = NULL;
++
++ r = socket_chown(s, &s->control_pid);
++ if (r < 0) {
++ log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
++ goto fail;
++ }
++
++ socket_set_state(s, SOCKET_START_CHOWN);
++ } else
++ socket_enter_start_post(s);
++
++ return;
++
++fail:
++ socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
++}
++
+ static void socket_enter_start_pre(Socket *s) {
+ int r;
+ assert(s);
+@@ -1405,21 +1538,21 @@ static void socket_enter_start_pre(Socket *s) {
+ socket_unwatch_control_pid(s);
+
+ s->control_command_id = SOCKET_EXEC_START_PRE;
++ s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
+
+- if ((s->control_command = s->exec_command[SOCKET_EXEC_START_PRE])) {
+- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
++ if (s->control_command) {
++ r = socket_spawn(s, s->control_command, &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+ socket_set_state(s, SOCKET_START_PRE);
+ } else
+- socket_enter_start_post(s);
++ socket_enter_start_chown(s);
+
+ return;
+
+ fail:
+- log_warning_unit(UNIT(s)->id,
+- "%s failed to run 'start-pre' task: %s",
+- UNIT(s)->id, strerror(-r));
++ log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
+ socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
+ }
+
+@@ -1609,6 +1742,7 @@ static int socket_start(Unit *u) {
+ return -EAGAIN;
+
+ if (s->state == SOCKET_START_PRE ||
++ s->state == SOCKET_START_CHOWN ||
+ s->state == SOCKET_START_POST)
+ return 0;
+
+@@ -1669,6 +1803,7 @@ static int socket_stop(Unit *u) {
+ /* If there's already something running we go directly into
+ * kill mode. */
+ if (s->state == SOCKET_START_PRE ||
++ s->state == SOCKET_START_CHOWN ||
+ s->state == SOCKET_START_POST) {
+ socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
+ return -EAGAIN;
+@@ -2098,11 +2233,18 @@ static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+
+ case SOCKET_START_PRE:
+ if (f == SOCKET_SUCCESS)
+- socket_enter_start_post(s);
++ socket_enter_start_chown(s);
+ else
+ socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
+ break;
+
++ case SOCKET_START_CHOWN:
++ if (f == SOCKET_SUCCESS)
++ socket_enter_start_post(s);
++ else
++ socket_enter_stop_pre(s, f);
++ break;
++
+ case SOCKET_START_POST:
+ if (f == SOCKET_SUCCESS)
+ socket_enter_listening(s);
+@@ -2141,65 +2283,53 @@ static void socket_timer_event(Unit *u, uint64_t elapsed, Watch *w) {
+ switch (s->state) {
+
+ case SOCKET_START_PRE:
+- log_warning_unit(u->id,
+- "%s starting timed out. Terminating.", u->id);
++ log_warning_unit(u->id, "%s starting timed out. Terminating.", u->id);
+ socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
+ break;
+
++ case SOCKET_START_CHOWN:
+ case SOCKET_START_POST:
+- log_warning_unit(u->id,
+- "%s starting timed out. Stopping.", u->id);
++ log_warning_unit(u->id, "%s starting timed out. Stopping.", u->id);
+ socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
+ break;
+
+ case SOCKET_STOP_PRE:
+- log_warning_unit(u->id,
+- "%s stopping timed out. Terminating.", u->id);
++ log_warning_unit(u->id, "%s stopping timed out. Terminating.", u->id);
+ socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
+ break;
+
+ case SOCKET_STOP_PRE_SIGTERM:
+ if (s->kill_context.send_sigkill) {
+- log_warning_unit(u->id,
+- "%s stopping timed out. Killing.", u->id);
++ log_warning_unit(u->id, "%s stopping timed out. Killing.", u->id);
+ socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
+ } else {
+- log_warning_unit(u->id,
+- "%s stopping timed out. Skipping SIGKILL. Ignoring.",
+- u->id);
++ log_warning_unit(u->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", u->id);
+ socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
+ }
+ break;
+
+ case SOCKET_STOP_PRE_SIGKILL:
+- log_warning_unit(u->id,
+- "%s still around after SIGKILL. Ignoring.", u->id);
++ log_warning_unit(u->id, "%s still around after SIGKILL. Ignoring.", u->id);
+ socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
+ break;
+
+ case SOCKET_STOP_POST:
+- log_warning_unit(u->id,
+- "%s stopping timed out (2). Terminating.", u->id);
++ log_warning_unit(u->id, "%s stopping timed out (2). Terminating.", u->id);
+ socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
+ break;
+
+ case SOCKET_FINAL_SIGTERM:
+ if (s->kill_context.send_sigkill) {
+- log_warning_unit(u->id,
+- "%s stopping timed out (2). Killing.", u->id);
++ log_warning_unit(u->id, "%s stopping timed out (2). Killing.", u->id);
+ socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
+ } else {
+- log_warning_unit(u->id,
+- "%s stopping timed out (2). Skipping SIGKILL. Ignoring.",
+- u->id);
++ log_warning_unit(u->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", u->id);
+ socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
+ }
+ break;
+
+ case SOCKET_FINAL_SIGKILL:
+- log_warning_unit(u->id,
+- "%s still around after SIGKILL (2). Entering failed mode.",
+- u->id);
++ log_warning_unit(u->id, "%s still around after SIGKILL (2). Entering failed mode.", u->id);
+ socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
+ break;
+
+@@ -2333,6 +2463,7 @@ static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) {
+ static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
+ [SOCKET_DEAD] = "dead",
+ [SOCKET_START_PRE] = "start-pre",
++ [SOCKET_START_CHOWN] = "start-chown",
+ [SOCKET_START_POST] = "start-post",
+ [SOCKET_LISTENING] = "listening",
+ [SOCKET_RUNNING] = "running",
+@@ -2349,6 +2480,7 @@ DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
+
+ static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
+ [SOCKET_EXEC_START_PRE] = "StartPre",
++ [SOCKET_EXEC_START_CHOWN] = "StartChown",
+ [SOCKET_EXEC_START_POST] = "StartPost",
+ [SOCKET_EXEC_STOP_PRE] = "StopPre",
+ [SOCKET_EXEC_STOP_POST] = "StopPost"
+diff --git a/src/core/socket.h b/src/core/socket.h
+index 3d7eadc..6a24883 100644
+--- a/src/core/socket.h
++++ b/src/core/socket.h
+@@ -32,6 +32,7 @@ typedef struct Socket Socket;
+ typedef enum SocketState {
+ SOCKET_DEAD,
+ SOCKET_START_PRE,
++ SOCKET_START_CHOWN,
+ SOCKET_START_POST,
+ SOCKET_LISTENING,
+ SOCKET_RUNNING,
+@@ -48,6 +49,7 @@ typedef enum SocketState {
+
+ typedef enum SocketExecCommand {
+ SOCKET_EXEC_START_PRE,
++ SOCKET_EXEC_START_CHOWN,
+ SOCKET_EXEC_START_POST,
+ SOCKET_EXEC_STOP_PRE,
+ SOCKET_EXEC_STOP_POST,
+@@ -151,6 +153,9 @@ struct Socket {
+ char *smack;
+ char *smack_ip_in;
+ char *smack_ip_out;
++
++ char *user;
++ char *group;
+ };
+
+ /* Called from the service code when collecting fds */
+diff --git a/src/shared/exit-status.c b/src/shared/exit-status.c
+index 45131f2..f15fdba 100644
+--- a/src/shared/exit-status.c
++++ b/src/shared/exit-status.c
+@@ -130,6 +130,10 @@ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) {
+
+ case EXIT_SECCOMP:
+ return "SECCOMP";
++
++ case EXIT_CHOWN:
++ return "CHOWN";
++
+ }
+ }
+
+diff --git a/src/shared/exit-status.h b/src/shared/exit-status.h
+index 1f035a3..52dd3d0 100644
+--- a/src/shared/exit-status.h
++++ b/src/shared/exit-status.h
+@@ -67,7 +67,8 @@ typedef enum ExitStatus {
+ EXIT_NETWORK,
+ EXIT_NAMESPACE,
+ EXIT_NO_NEW_PRIVILEGES,
+- EXIT_SECCOMP
++ EXIT_SECCOMP,
++ EXIT_CHOWN
+ } ExitStatus;
+
+ typedef enum ExitStatusLevel {
diff --git a/SOURCES/0254-selinux-Check-access-vector-for-enable-and-disable-p.patch b/SOURCES/0254-selinux-Check-access-vector-for-enable-and-disable-p.patch
new file mode 100644
index 0000000..05bd7d7
--- /dev/null
+++ b/SOURCES/0254-selinux-Check-access-vector-for-enable-and-disable-p.patch
@@ -0,0 +1,83 @@
+From 1ea0879cf79412e27b8becdb2bbc7e0abd301a66 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Tue, 12 Aug 2014 12:58:47 +0200
+Subject: [PATCH] selinux: Check access vector for enable and disable perm for
+ each unit file
+
+---
+ src/core/dbus-manager.c | 28 ++++++++++++++++++++++++----
+ 1 file changed, 24 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 6d16c2a..cebc730 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -1581,6 +1581,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+ dbus_message_is_method_call(message, "org.freedesktop.systemd1.Manager", "SetDefaultTarget")) {
+
+ char **l = NULL;
++ char **i;
+ DBusMessageIter iter;
+ UnitFileScope scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
+ UnitFileChange *changes = NULL;
+@@ -1588,8 +1589,6 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+ dbus_bool_t runtime, force;
+ int carries_install_info = -1;
+
+- SELINUX_ACCESS_CHECK(connection, message, streq(member, "MaskUnitFiles") ? "disable" : "enable");
+-
+ if (!dbus_message_iter_init(message, &iter))
+ goto oom;
+
+@@ -1601,6 +1600,17 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+ return bus_send_error_reply(connection, message, NULL, r);
+ }
+
++ STRV_FOREACH(i, l) {
++ Unit *u;
++
++ r = manager_load_unit(m, *i, NULL, NULL, &u);
++ if (r < 0) {
++ dbus_set_error(&error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s does not exist.", *i);
++ return bus_send_error_reply(connection, message, &error, -ENOENT);
++ }
++ SELINUX_UNIT_ACCESS_CHECK(u, connection, message, streq(member, "MaskUnitFiles") ? "disable" : "enable");
++ }
++
+ if (!dbus_message_iter_next(&iter) ||
+ bus_iter_get_basic_and_next(&iter, DBUS_TYPE_BOOLEAN, &runtime, true) < 0 ||
+ bus_iter_get_basic_and_next(&iter, DBUS_TYPE_BOOLEAN, &force, false) < 0) {
+@@ -1644,14 +1654,13 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+ dbus_message_is_method_call(message, "org.freedesktop.systemd1.Manager", "UnmaskUnitFiles")) {
+
+ char **l = NULL;
++ char **i;
+ DBusMessageIter iter;
+ UnitFileScope scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
+ UnitFileChange *changes = NULL;
+ unsigned n_changes = 0;
+ dbus_bool_t runtime;
+
+- SELINUX_ACCESS_CHECK(connection, message, streq(member, "UnmaskUnitFiles") ? "enable" : "disable");
+-
+ if (!dbus_message_iter_init(message, &iter))
+ goto oom;
+
+@@ -1669,6 +1678,17 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+ return bus_send_error_reply(connection, message, NULL, -EIO);
+ }
+
++ STRV_FOREACH(i, l) {
++ Unit *u;
++
++ r = manager_load_unit(m, *i, NULL, NULL, &u);
++ if (r < 0) {
++ dbus_set_error(&error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s does not exist.", *i);
++ return bus_send_error_reply(connection, message, &error, -ENOENT);
++ }
++ SELINUX_UNIT_ACCESS_CHECK(u, connection, message, streq(member, "UnmaskUnitFiles") ? "enable" : "disable");
++ }
++
+ if (streq(member, "DisableUnitFiles"))
+ r = unit_file_disable(scope, runtime, NULL, l, &changes, &n_changes);
+ else if (streq(member, "UnmaskUnitFiles"))
diff --git a/SOURCES/0255-systemctl-show-StatusErrno-value-in-systemctl-status.patch b/SOURCES/0255-systemctl-show-StatusErrno-value-in-systemctl-status.patch
new file mode 100644
index 0000000..527e21e
--- /dev/null
+++ b/SOURCES/0255-systemctl-show-StatusErrno-value-in-systemctl-status.patch
@@ -0,0 +1,45 @@
+From eb075b31eb70910508309c6319d0cc37d454ff59 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 7 Jul 2014 17:33:26 +0200
+Subject: [PATCH] systemctl: show StatusErrno value in "systemctl status"
+
+(cherry picked from commit b4af5a803aa71a57733ca46fef29b7afb20a626c)
+
+Conflicts:
+ src/systemctl/systemctl.c
+
+Related: #1106457
+---
+ src/systemctl/systemctl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index d29133c..c738daf 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -2480,6 +2480,7 @@ typedef struct UnitStatusInfo {
+ const char *status_text;
+ const char *pid_file;
+ bool running:1;
++ int status_errno;
+
+ usec_t start_timestamp;
+ usec_t exit_timestamp;
+@@ -2751,6 +2752,8 @@ static void print_status_info(UnitStatusInfo *i,
+
+ if (i->status_text)
+ printf(" Status: \"%s\"\n", i->status_text);
++ if (i->status_errno > 0)
++ printf(" Error: %i (%s)\n", i->status_errno, strerror(i->status_errno));
+
+ if (i->control_group &&
+ (i->main_pid > 0 || i->control_pid > 0 || cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, i->control_group, false) == 0)) {
+@@ -2963,6 +2966,8 @@ static int status_property(const char *name, DBusMessageIter *iter, UnitStatusIn
+ i->exit_code = (int) j;
+ else if (streq(name, "ExecMainStatus"))
+ i->exit_status = (int) j;
++ else if (streq(name, "StatusErrno"))
++ i->status_errno = (int) j;
+
+ break;
+ }
diff --git a/SOURCES/0256-service-flush-status-text-and-errno-values-each-time.patch b/SOURCES/0256-service-flush-status-text-and-errno-values-each-time.patch
new file mode 100644
index 0000000..28b558a
--- /dev/null
+++ b/SOURCES/0256-service-flush-status-text-and-errno-values-each-time.patch
@@ -0,0 +1,30 @@
+From 5078832417b89cfe92ad87133ecb4179a995db31 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 7 Jul 2014 17:33:46 +0200
+Subject: [PATCH] service: flush status text and errno values each time a
+ service is started
+
+We shouldn't show status texts from previous service starts
+
+(cherry picked from commit 8cfdb077b8e3da1c47fc1d735d051f21f33144c1)
+
+Related: #1106457
+---
+ src/core/service.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 814019d..a6d046c 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -2579,6 +2579,10 @@ static int service_start(Unit *u) {
+ s->main_pid_alien = false;
+ s->forbid_restart = false;
+
++ free(s->status_text);
++ s->status_text = NULL;
++ s->status_errno = 0;
++
+ service_enter_start_pre(s);
+ return 0;
+ }
diff --git a/SOURCES/0257-service-don-t-free-status_text-twice.patch b/SOURCES/0257-service-don-t-free-status_text-twice.patch
new file mode 100644
index 0000000..fc2db4d
--- /dev/null
+++ b/SOURCES/0257-service-don-t-free-status_text-twice.patch
@@ -0,0 +1,24 @@
+From 3b6a01f5fc0a4770d9c55a1c7fb1addc231f3021 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 18 Aug 2014 16:12:45 +0200
+Subject: [PATCH] service: don't free status_text twice
+
+Related: #1106457
+---
+ src/core/service.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index a6d046c..4366e1b 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -3519,9 +3519,6 @@ static void service_notify_message(Unit *u, pid_t pid, char **tags) {
+
+ log_debug_unit(u->id,
+ "%s: got %s", u->id, e);
+-
+- free(s->status_text);
+- s->status_text = t;
+ } else
+ t = NULL;
+
diff --git a/SOURCES/0258-util-add-files_same-helper-function.patch b/SOURCES/0258-util-add-files_same-helper-function.patch
new file mode 100644
index 0000000..5f34fda
--- /dev/null
+++ b/SOURCES/0258-util-add-files_same-helper-function.patch
@@ -0,0 +1,71 @@
+From b6fbffe3d4a9435cc8560ee0271c7e6e763e89c1 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Thu, 6 Mar 2014 09:12:57 +0100
+Subject: [PATCH] util: add files_same() helper function
+
+files_same() returns
+ 1, if the files are the same
+ 0, if the files have different inode/dev numbers
+ errno, for any stat error
+
+ (cherry picked from commit 9d9951a460a90ef0e1e0384742cefdcf85193f8c)
+
+ Related: #1111199
+---
+ src/shared/util.c | 24 ++++++++++++++++--------
+ src/shared/util.h | 2 ++
+ 2 files changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/src/shared/util.c b/src/shared/util.c
+index 2974c2a..fb1e6d1 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -3311,19 +3311,27 @@ bool on_tty(void) {
+ return cached_on_tty;
+ }
+
+-int running_in_chroot(void) {
+- struct stat a = {}, b = {};
++int files_same(const char *filea, const char *fileb) {
++ struct stat a, b;
+
+- /* Only works as root */
+- if (stat("/proc/1/root", &a) < 0)
++ if (stat(filea, &a) < 0)
+ return -errno;
+
+- if (stat("/", &b) < 0)
++ if (stat(fileb, &b) < 0)
+ return -errno;
+
+- return
+- a.st_dev != b.st_dev ||
+- a.st_ino != b.st_ino;
++ return a.st_dev == b.st_dev &&
++ a.st_ino == b.st_ino;
++}
++
++int running_in_chroot(void) {
++ int ret;
++
++ ret = files_same("/proc/1/root", "/");
++ if (ret < 0)
++ return ret;
++
++ return ret == 0;
+ }
+
+ char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
+diff --git a/src/shared/util.h b/src/shared/util.h
+index e577ef0..631a385 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -403,6 +403,8 @@ static inline const char *ansi_highlight_off(void) {
+ return on_tty() ? ANSI_HIGHLIGHT_OFF : "";
+ }
+
++int files_same(const char *filea, const char *fileb);
++
+ int running_in_chroot(void);
+
+ char *ellipsize(const char *s, size_t length, unsigned percent);
diff --git a/SOURCES/0259-systemctl-for-switch-root-check-if-we-switch-to-a-sy.patch b/SOURCES/0259-systemctl-for-switch-root-check-if-we-switch-to-a-sy.patch
new file mode 100644
index 0000000..e465adb
--- /dev/null
+++ b/SOURCES/0259-systemctl-for-switch-root-check-if-we-switch-to-a-sy.patch
@@ -0,0 +1,109 @@
+From cad8ec5980d63253586d9f884649c45eed0667a1 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Thu, 6 Mar 2014 16:35:02 +0100
+Subject: [PATCH] systemctl: for switch-root check, if we switch to a systemd
+ init
+
+If "systemctl switch-root" is called with a specific "INIT" or
+/proc/cmdline contains "init=", then systemd would not serialize
+itsself.
+
+Let systemctl check, if the new init is in the standard systemd
+installation path and if so, clear the INIT parameter,
+to let systemd serialize itsself.
+
+Conflicts:
+ src/systemctl/systemctl.c
+
+(cherry picked from commit f39d4a08e746e703d562076a0f622eb91dbdcd3e)
+
+Related: #1111199
+---
+ src/shared/util.h | 13 +++++++++++++
+ src/systemctl/systemctl.c | 35 ++++++++++++++++++++++++++---------
+ 2 files changed, 39 insertions(+), 9 deletions(-)
+
+diff --git a/src/shared/util.h b/src/shared/util.h
+index 631a385..d11fa07 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -726,6 +726,19 @@ int unlink_noerrno(const char *path);
+ _c_; \
+ })
+
++#define strappenda3(a, b, c) \
++ ({ \
++ const char *_a_ = (a), *_b_ = (b), *_c_ = (c); \
++ char *_d_; \
++ size_t _x_, _y_, _z_; \
++ _x_ = strlen(_a_); \
++ _y_ = strlen(_b_); \
++ _z_ = strlen(_c_); \
++ _d_ = alloca(_x_ + _y_ + _z_ + 1); \
++ strcpy(stpcpy(stpcpy(_d_, _a_), _b_), _c_); \
++ _d_; \
++ })
++
+ #define procfs_file_alloca(pid, field) \
+ ({ \
+ pid_t _pid_ = (pid); \
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index c738daf..1ca4fd3 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -4143,9 +4143,10 @@ static int show_enviroment(DBusConnection *bus, char **args) {
+ }
+
+ static int switch_root(DBusConnection *bus, char **args) {
++ _cleanup_free_ char *cmdline_init = NULL;
++ const char *root, *init;
+ unsigned l;
+- const char *root;
+- _cleanup_free_ char *init = NULL;
++ int r;
+
+ l = strv_length(args);
+ if (l < 2 || l > 3) {
+@@ -4156,19 +4157,35 @@ static int switch_root(DBusConnection *bus, char **args) {
+ root = args[1];
+
+ if (l >= 3)
+- init = strdup(args[2]);
++ init = args[2];
+ else {
+- parse_env_file("/proc/cmdline", WHITESPACE,
+- "init", &init,
+- NULL);
++ r = parse_env_file("/proc/cmdline", WHITESPACE,
++ "init", &cmdline_init,
++ NULL);
++ if (r < 0)
++ log_debug("Failed to parse /proc/cmdline: %s", strerror(-r));
+
+- if (!init)
+- init = strdup("");
++ init = cmdline_init;
+ }
+ if (!init)
+ return log_oom();
+
+- log_debug("switching root - root: %s; init: %s", root, init);
++ if (isempty(init))
++ init = NULL;
++
++ if (init) {
++ const char *root_systemd_path = NULL, *root_init_path = NULL;
++
++ root_systemd_path = strappenda(root, "/" SYSTEMD_BINARY_PATH);
++ root_init_path = strappenda3(root, "/", init);
++
++ /* If the passed init is actually the same as the
++ * systemd binary, then let's suppress it. */
++ if (files_same(root_init_path, root_systemd_path) > 0)
++ init = NULL;
++ }
++
++ log_debug("Switching root - root: %s; init: %s", root, strna(init));
+
+ return bus_method_call_with_reply(
+ bus,
diff --git a/SOURCES/0260-shared-include-root-when-canonicalizing-conf-paths.patch b/SOURCES/0260-shared-include-root-when-canonicalizing-conf-paths.patch
new file mode 100644
index 0000000..0f85289
--- /dev/null
+++ b/SOURCES/0260-shared-include-root-when-canonicalizing-conf-paths.patch
@@ -0,0 +1,197 @@
+From b7f7813318b370d9ecf3833f92c5258d362d9441 Mon Sep 17 00:00:00 2001
+From: Michael Marineau <michael.marineau@coreos.com>
+Date: Fri, 31 Jan 2014 15:35:04 -0800
+Subject: [PATCH] shared: include root when canonicalizing conf paths
+
+The conf_files_list family accepts an alternate root path to prefix all
+directories in the list but path_strv_canonicalize_uniq doesn't use it.
+This results in the suspicious behavior of resolving directory symlinks
+based on the contents of / instead of the alternate root.
+
+This adds a prefix argument to path_strv_canonicalize which will now
+prepend the prefix, if given, to every path in the list. To avoid
+answering what a relative path means when called with a root prefix
+path_strv_canonicalize is now path_strv_canonicalize_absolute and only
+considers absolute paths. Fortunately all users of already call
+path_strv_canonicalize with a list of absolute paths.
+
+(cherry picked from commit 112cfb181453e38d3ef4a74fba23abbb53392002)
+
+Related: #1111199
+---
+ src/shared/conf-files.c | 10 +++-------
+ src/shared/path-lookup.c | 6 +++---
+ src/shared/path-util.c | 29 +++++++++++++++++++----------
+ src/shared/path-util.h | 4 ++--
+ src/shared/util.c | 2 +-
+ src/udev/udev-rules.c | 2 +-
+ 6 files changed, 29 insertions(+), 24 deletions(-)
+
+diff --git a/src/shared/conf-files.c b/src/shared/conf-files.c
+index ed4070c..3d5b1df 100644
+--- a/src/shared/conf-files.c
++++ b/src/shared/conf-files.c
+@@ -37,12 +37,8 @@
+ #include "hashmap.h"
+ #include "conf-files.h"
+
+-static int files_add(Hashmap *h, const char *root, const char *path, const char *suffix) {
++static int files_add(Hashmap *h, const char *dirpath, const char *suffix) {
+ _cleanup_closedir_ DIR *dir = NULL;
+- _cleanup_free_ char *dirpath = NULL;
+-
+- if (asprintf(&dirpath, "%s%s", root ? root : "", path) < 0)
+- return -ENOMEM;
+
+ dir = opendir(dirpath);
+ if (!dir) {
+@@ -104,7 +100,7 @@ static int conf_files_list_strv_internal(char ***strv, const char *suffix, const
+ assert(suffix);
+
+ /* This alters the dirs string array */
+- if (!path_strv_canonicalize_uniq(dirs))
++ if (!path_strv_canonicalize_absolute_uniq(dirs, root))
+ return -ENOMEM;
+
+ fh = hashmap_new(string_hash_func, string_compare_func);
+@@ -112,7 +108,7 @@ static int conf_files_list_strv_internal(char ***strv, const char *suffix, const
+ return -ENOMEM;
+
+ STRV_FOREACH(p, dirs) {
+- r = files_add(fh, root, *p, suffix);
++ r = files_add(fh, *p, suffix);
+ if (r == -ENOMEM) {
+ hashmap_free_free(fh);
+ return r;
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index 1a47ea9..03c1380 100644
+--- a/src/shared/path-lookup.c
++++ b/src/shared/path-lookup.c
+@@ -316,7 +316,7 @@ int lookup_paths_init(
+ }
+ }
+
+- if (!path_strv_canonicalize(p->unit_path))
++ if (!path_strv_canonicalize_absolute(p->unit_path, NULL))
+ return -ENOMEM;
+
+ strv_uniq(p->unit_path);
+@@ -372,10 +372,10 @@ int lookup_paths_init(
+ return -ENOMEM;
+ }
+
+- if (!path_strv_canonicalize(p->sysvinit_path))
++ if (!path_strv_canonicalize_absolute(p->sysvinit_path, NULL))
+ return -ENOMEM;
+
+- if (!path_strv_canonicalize(p->sysvrcnd_path))
++ if (!path_strv_canonicalize_absolute(p->sysvrcnd_path, NULL))
+ return -ENOMEM;
+
+ strv_uniq(p->sysvinit_path);
+diff --git a/src/shared/path-util.c b/src/shared/path-util.c
+index 45099ee..de291a5 100644
+--- a/src/shared/path-util.c
++++ b/src/shared/path-util.c
+@@ -165,7 +165,7 @@ char **path_strv_make_absolute_cwd(char **l) {
+ return l;
+ }
+
+-char **path_strv_canonicalize(char **l) {
++char **path_strv_canonicalize_absolute(char **l, const char *prefix) {
+ char **s;
+ unsigned k = 0;
+ bool enomem = false;
+@@ -180,13 +180,21 @@ char **path_strv_canonicalize(char **l) {
+ STRV_FOREACH(s, l) {
+ char *t, *u;
+
+- t = path_make_absolute_cwd(*s);
+- free(*s);
+- *s = NULL;
+-
+- if (!t) {
+- enomem = true;
++ if (!path_is_absolute(*s))
+ continue;
++
++ if (prefix) {
++ t = strappend(prefix, *s);
++ free(*s);
++ *s = NULL;
++
++ if (!t) {
++ enomem = true;
++ continue;
++ }
++ } else {
++ t = *s;
++ *s = NULL;
+ }
+
+ errno = 0;
+@@ -196,7 +204,7 @@ char **path_strv_canonicalize(char **l) {
+ u = t;
+ else {
+ free(t);
+- if (errno == ENOMEM || !errno)
++ if (errno == ENOMEM || errno == 0)
+ enomem = true;
+
+ continue;
+@@ -215,11 +223,12 @@ char **path_strv_canonicalize(char **l) {
+ return l;
+ }
+
+-char **path_strv_canonicalize_uniq(char **l) {
++char **path_strv_canonicalize_absolute_uniq(char **l, const char *prefix) {
++
+ if (strv_isempty(l))
+ return l;
+
+- if (!path_strv_canonicalize(l))
++ if (!path_strv_canonicalize_absolute(l, prefix))
+ return NULL;
+
+ return strv_uniq(l);
+diff --git a/src/shared/path-util.h b/src/shared/path-util.h
+index 0a42de7..c69cd1f 100644
+--- a/src/shared/path-util.h
++++ b/src/shared/path-util.h
+@@ -43,8 +43,8 @@ char* path_startswith(const char *path, const char *prefix) _pure_;
+ bool path_equal(const char *a, const char *b) _pure_;
+
+ char** path_strv_make_absolute_cwd(char **l);
+-char** path_strv_canonicalize(char **l);
+-char** path_strv_canonicalize_uniq(char **l);
++char** path_strv_canonicalize_absolute(char **l, const char *prefix);
++char** path_strv_canonicalize_absolute_uniq(char **l, const char *prefix);
+
+ int path_is_mount_point(const char *path, bool allow_symlink);
+ int path_is_read_only_fs(const char *path);
+diff --git a/src/shared/util.c b/src/shared/util.c
+index fb1e6d1..a5163fb 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -5681,7 +5681,7 @@ static int search_and_fopen_internal(const char *path, const char *mode, char **
+ assert(mode);
+ assert(_f);
+
+- if (!path_strv_canonicalize_uniq(search))
++ if (!path_strv_canonicalize_absolute_uniq(search, NULL))
+ return -ENOMEM;
+
+ STRV_FOREACH(i, search) {
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index 6f8b127..9092b08 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -1630,7 +1630,7 @@ struct udev_rules *udev_rules_new(struct udev *udev, int resolve_names)
+ log_error("failed to build config directory array");
+ return udev_rules_unref(rules);
+ }
+- if (!path_strv_canonicalize(rules->dirs)) {
++ if (!path_strv_canonicalize_absolute(rules->dirs, NULL)) {
+ log_error("failed to canonicalize config directories\n");
+ return udev_rules_unref(rules);
+ }
diff --git a/SOURCES/0261-shared-add-root-argument-to-search_and_fopen.patch b/SOURCES/0261-shared-add-root-argument-to-search_and_fopen.patch
new file mode 100644
index 0000000..a9c965e
--- /dev/null
+++ b/SOURCES/0261-shared-add-root-argument-to-search_and_fopen.patch
@@ -0,0 +1,144 @@
+From 123a76e6190cb2a4669d39e12983f46e27b11163 Mon Sep 17 00:00:00 2001
+From: Michael Marineau <michael.marineau@coreos.com>
+Date: Thu, 13 Mar 2014 21:32:12 -0700
+Subject: [PATCH] shared: add root argument to search_and_fopen
+
+This adds the same root argument to search_and_fopen that
+conf_files_list already has. Tools that use those two functions as a
+pair can now be easily modified to load configuration files from an
+alternate root filesystem tree.
+
+Conflicts:
+ src/shared/util.h
+
+(cherry picked from commit 4cf7ea556aa1e74f9b34d4467f36d46a1bb25da3)
+
+Related: #1111199
+---
+ src/binfmt/binfmt.c | 2 +-
+ src/modules-load/modules-load.c | 2 +-
+ src/shared/util.c | 12 ++++++------
+ src/shared/util.h | 4 ++--
+ src/sysctl/sysctl.c | 2 +-
+ src/tmpfiles/tmpfiles.c | 2 +-
+ 6 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
+index 5a42b3d..3fff89a 100644
+--- a/src/binfmt/binfmt.c
++++ b/src/binfmt/binfmt.c
+@@ -85,7 +85,7 @@ static int apply_file(const char *path, bool ignore_enoent) {
+
+ assert(path);
+
+- r = search_and_fopen_nulstr(path, "re", conf_file_dirs, &f);
++ r = search_and_fopen_nulstr(path, "re", NULL, conf_file_dirs, &f);
+ if (r < 0) {
+ if (ignore_enoent && r == -ENOENT)
+ return 0;
+diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c
+index 49ee420..cba7c55 100644
+--- a/src/modules-load/modules-load.c
++++ b/src/modules-load/modules-load.c
+@@ -181,7 +181,7 @@ static int apply_file(struct kmod_ctx *ctx, const char *path, bool ignore_enoent
+ assert(ctx);
+ assert(path);
+
+- r = search_and_fopen_nulstr(path, "re", conf_file_dirs, &f);
++ r = search_and_fopen_nulstr(path, "re", NULL, conf_file_dirs, &f);
+ if (r < 0) {
+ if (ignore_enoent && r == -ENOENT)
+ return 0;
+diff --git a/src/shared/util.c b/src/shared/util.c
+index a5163fb..e313ea9 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -5674,14 +5674,14 @@ int on_ac_power(void) {
+ return found_online || !found_offline;
+ }
+
+-static int search_and_fopen_internal(const char *path, const char *mode, char **search, FILE **_f) {
++static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
+ char **i;
+
+ assert(path);
+ assert(mode);
+ assert(_f);
+
+- if (!path_strv_canonicalize_absolute_uniq(search, NULL))
++ if (!path_strv_canonicalize_absolute_uniq(search, root))
+ return -ENOMEM;
+
+ STRV_FOREACH(i, search) {
+@@ -5705,7 +5705,7 @@ static int search_and_fopen_internal(const char *path, const char *mode, char **
+ return -ENOENT;
+ }
+
+-int search_and_fopen(const char *path, const char *mode, const char **search, FILE **_f) {
++int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
+ _cleanup_strv_free_ char **copy = NULL;
+
+ assert(path);
+@@ -5728,10 +5728,10 @@ int search_and_fopen(const char *path, const char *mode, const char **search, FI
+ if (!copy)
+ return -ENOMEM;
+
+- return search_and_fopen_internal(path, mode, copy, _f);
++ return search_and_fopen_internal(path, mode, root, copy, _f);
+ }
+
+-int search_and_fopen_nulstr(const char *path, const char *mode, const char *search, FILE **_f) {
++int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
+ _cleanup_strv_free_ char **s = NULL;
+
+ if (path_is_absolute(path)) {
+@@ -5750,7 +5750,7 @@ int search_and_fopen_nulstr(const char *path, const char *mode, const char *sear
+ if (!s)
+ return -ENOMEM;
+
+- return search_and_fopen_internal(path, mode, s, _f);
++ return search_and_fopen_internal(path, mode, root, s, _f);
+ }
+
+ int create_tmp_dir(char template[], char** dir_name) {
+diff --git a/src/shared/util.h b/src/shared/util.h
+index d11fa07..3f30917 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -628,8 +628,8 @@ char *strip_tab_ansi(char **p, size_t *l);
+
+ int on_ac_power(void);
+
+-int search_and_fopen(const char *path, const char *mode, const char **search, FILE **_f);
+-int search_and_fopen_nulstr(const char *path, const char *mode, const char *search, FILE **_f);
++int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f);
++int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f);
+ int create_tmp_dir(char template[], char** dir_name);
+
+ #define FOREACH_LINE(line, f, on_error) \
+diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
+index 878c923..a9d4d53 100644
+--- a/src/sysctl/sysctl.c
++++ b/src/sysctl/sysctl.c
+@@ -123,7 +123,7 @@ static int parse_file(Hashmap *sysctl_options, const char *path, bool ignore_eno
+
+ assert(path);
+
+- r = search_and_fopen_nulstr(path, "re", conf_file_dirs, &f);
++ r = search_and_fopen_nulstr(path, "re", NULL, conf_file_dirs, &f);
+ if (r < 0) {
+ if (ignore_enoent && r == -ENOENT)
+ return 0;
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index 309fa07..32f9088 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -1368,7 +1368,7 @@ static int read_config_file(const char *fn, bool ignore_enoent) {
+
+ assert(fn);
+
+- r = search_and_fopen_nulstr(fn, "re", conf_file_dirs, &f);
++ r = search_and_fopen_nulstr(fn, "re", NULL, conf_file_dirs, &f);
+ if (r < 0) {
+ if (ignore_enoent && r == -ENOENT)
+ return 0;
diff --git a/SOURCES/0262-machine-id-add-root-option-to-operate-on-an-alternat.patch b/SOURCES/0262-machine-id-add-root-option-to-operate-on-an-alternat.patch
new file mode 100644
index 0000000..08ff1fd
--- /dev/null
+++ b/SOURCES/0262-machine-id-add-root-option-to-operate-on-an-alternat.patch
@@ -0,0 +1,264 @@
+From 99c06d718c91c91d0992869777c15b457f95443a Mon Sep 17 00:00:00 2001
+From: Greg KH <gregkh@linuxfoundation.org>
+Date: Fri, 14 Mar 2014 04:43:04 +0000
+Subject: [PATCH] machine-id: add --root option to operate on an alternate fs
+ tree
+
+This makes it possible to initialize the /etc/machine-id file on an
+arbitrary filesystem hierarchy. This helps systems that wish to run
+this at image creation time in a subdirectory, or from initramfs before
+pivot-root is called.
+
+[tomegun: converted to using _cleanup_free_ macros]
+
+Conflicts:
+ man/systemd-machine-id-setup.xml
+ src/machine-id-setup/machine-id-setup-main.c
+
+(cherry picked from commit 92f2f92edcad46ce4098ee26504edca0a1dad68e)
+
+Related: #1111199
+---
+ man/systemd-machine-id-setup.xml | 23 +++++++--------
+ src/core/machine-id-setup.c | 44 ++++++++++++++++++----------
+ src/core/machine-id-setup.h | 2 +-
+ src/core/main.c | 2 +-
+ src/machine-id-setup/machine-id-setup-main.c | 17 ++++++++---
+ 5 files changed, 53 insertions(+), 35 deletions(-)
+
+diff --git a/man/systemd-machine-id-setup.xml b/man/systemd-machine-id-setup.xml
+index 7b3aa7e..b879b40 100644
+--- a/man/systemd-machine-id-setup.xml
++++ b/man/systemd-machine-id-setup.xml
+@@ -21,7 +21,8 @@
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ -->
+
+-<refentry id="systemd-machine-id-setup">
++<refentry id="systemd-machine-id-setup"
++ xmlns:xi="http://www.w3.org/2001/XInclude">
+
+ <refentryinfo>
+ <title>systemd-machine-id-setup</title>
+@@ -96,19 +97,15 @@
+
+ <variablelist>
+ <varlistentry>
+- <term><option>-h</option></term>
+- <term><option>--help</option></term>
+-
+- <listitem><para>Prints a short help
+- text and exits.</para></listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term><option>--version</option></term>
+-
+- <listitem><para>Prints a short version
+- string and exits.</para></listitem>
++ <term><option>--root=ROOT</option></term>
++ <listitem><para>Takes a directory path
++ as an argument. All paths will be
++ prefixed with the given alternate ROOT
++ path, including config search paths.
++ </para></listitem>
+ </varlistentry>
++ <xi:include href="standard-options.xml" xpointer="help" />
++ <xi:include href="standard-options.xml" xpointer="version" />
+ </variablelist>
+
+ </refsect1>
+diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
+index 18e015f..291930e 100644
+--- a/src/core/machine-id-setup.c
++++ b/src/core/machine-id-setup.c
+@@ -59,18 +59,22 @@ static int shorten_uuid(char destination[36], const char *source) {
+ return -EINVAL;
+ }
+
+-static int generate(char id[34]) {
++static int generate(char id[34], const char *root) {
+ int fd, r;
+ unsigned char *p;
+ sd_id128_t buf;
+ char *q;
+ ssize_t k;
+ const char *vm_id;
++ _cleanup_free_ char *dbus_machine_id = NULL;
+
+ assert(id);
+
++ if (asprintf(&dbus_machine_id, "%s/var/lib/dbus/machine-id", root) < 0)
++ return log_oom();
++
+ /* First, try reading the D-Bus machine id, unless it is a symlink */
+- fd = open("/var/lib/dbus/machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
++ fd = open(dbus_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
+ if (fd >= 0) {
+ k = loop_read(fd, id, 33, false);
+ close_nointr_nofail(fd);
+@@ -150,12 +154,20 @@ static int generate(char id[34]) {
+ return 0;
+ }
+
+-int machine_id_setup(void) {
++int machine_id_setup(const char *root) {
+ _cleanup_close_ int fd = -1;
+ int r;
+ bool writable;
+ struct stat st;
+ char id[34]; /* 32 + \n + \0 */
++ _cleanup_free_ char *etc_machine_id = NULL;
++ _cleanup_free_ char *run_machine_id = NULL;
++
++ if (asprintf(&etc_machine_id, "%s/etc/machine-id", root) < 0)
++ return log_oom();
++
++ if (asprintf(&run_machine_id, "%s/run/machine-id", root) < 0)
++ return log_oom();
+
+ RUN_WITH_UMASK(0000) {
+ /* We create this 0444, to indicate that this isn't really
+@@ -163,13 +175,13 @@ int machine_id_setup(void) {
+ * will be owned by root it doesn't matter much, but maybe
+ * people look. */
+
+- fd = open("/etc/machine-id", O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444);
++ fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444);
+ if (fd >= 0)
+ writable = true;
+ else {
+- fd = open("/etc/machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
++ fd = open(etc_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+ if (fd < 0) {
+- log_error("Cannot open /etc/machine-id: %m");
++ log_error("Cannot open %s: %m", etc_machine_id);
+ return -errno;
+ }
+
+@@ -193,7 +205,7 @@ int machine_id_setup(void) {
+ /* Hmm, so, the id currently stored is not useful, then let's
+ * generate one */
+
+- r = generate(id);
++ r = generate(id, root);
+ if (r < 0)
+ return r;
+
+@@ -211,27 +223,27 @@ int machine_id_setup(void) {
+ * /run/machine-id as a replacement */
+
+ RUN_WITH_UMASK(0022) {
+- r = write_string_file("/run/machine-id", id);
++ r = write_string_file(run_machine_id, id);
+ }
+ if (r < 0) {
+- log_error("Cannot write /run/machine-id: %s", strerror(-r));
+- unlink("/run/machine-id");
++ log_error("Cannot write %s: %s", run_machine_id, strerror(-r));
++ unlink(run_machine_id);
+ return r;
+ }
+
+ /* And now, let's mount it over */
+- r = mount("/run/machine-id", "/etc/machine-id", NULL, MS_BIND, NULL);
++ r = mount(run_machine_id, etc_machine_id, NULL, MS_BIND, NULL);
+ if (r < 0) {
+- log_error("Failed to mount /etc/machine-id: %m");
+- unlink_noerrno("/run/machine-id");
++ log_error("Failed to mount %s: %m", etc_machine_id);
++ unlink_noerrno(run_machine_id);
+ return -errno;
+ }
+
+- log_info("Installed transient /etc/machine-id file.");
++ log_info("Installed transient %s file.", etc_machine_id);
+
+ /* Mark the mount read-only */
+- if (mount(NULL, "/etc/machine-id", NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL) < 0)
+- log_warning("Failed to make transient /etc/machine-id read-only: %m");
++ if (mount(NULL, etc_machine_id, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL) < 0)
++ log_warning("Failed to make transient %s read-only: %m", etc_machine_id);
+
+ return 0;
+ }
+diff --git a/src/core/machine-id-setup.h b/src/core/machine-id-setup.h
+index b9e6b4d..b0583ee 100644
+--- a/src/core/machine-id-setup.h
++++ b/src/core/machine-id-setup.h
+@@ -21,4 +21,4 @@
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
+-int machine_id_setup(void);
++int machine_id_setup(const char *root);
+diff --git a/src/core/main.c b/src/core/main.c
+index 00fd394..afd5f6f 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -1503,7 +1503,7 @@ int main(int argc, char *argv[]) {
+ kmod_setup();
+ #endif
+ hostname_setup();
+- machine_id_setup();
++ machine_id_setup("");
+ loopback_setup();
+
+ test_mtab();
+diff --git a/src/machine-id-setup/machine-id-setup-main.c b/src/machine-id-setup/machine-id-setup-main.c
+index eb2d514..f4dc705 100644
+--- a/src/machine-id-setup/machine-id-setup-main.c
++++ b/src/machine-id-setup/machine-id-setup-main.c
+@@ -29,12 +29,15 @@
+ #include "log.h"
+ #include "build.h"
+
++static const char *arg_root = "";
++
+ static int help(void) {
+
+ printf("%s [OPTIONS...]\n\n"
+ "Initialize /etc/machine-id from a random source.\n\n"
+ " -h --help Show this help\n"
+- " --version Show package version\n",
++ " --version Show package version\n"
++ " --root Filesystem root\n",
+ program_invocation_short_name);
+
+ return 0;
+@@ -43,13 +46,15 @@ static int help(void) {
+ static int parse_argv(int argc, char *argv[]) {
+
+ enum {
+- ARG_VERSION = 0x100
++ ARG_VERSION = 0x100,
++ ARG_ROOT,
+ };
+
+ static const struct option options[] = {
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, ARG_VERSION },
+- { NULL, 0, NULL, 0 }
++ { "root", required_argument, NULL, ARG_ROOT },
++ {}
+ };
+
+ int c;
+@@ -70,6 +75,10 @@ static int parse_argv(int argc, char *argv[]) {
+ puts(SYSTEMD_FEATURES);
+ return 0;
+
++ case ARG_ROOT:
++ arg_root = optarg;
++ break;
++
+ case '?':
+ return -EINVAL;
+
+@@ -97,5 +106,5 @@ int main(int argc, char *argv[]) {
+ if (r <= 0)
+ return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+
+- return machine_id_setup() < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
++ return machine_id_setup(arg_root) < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+ }
diff --git a/SOURCES/0263-conf-files-fix-when-for-root-logic.patch b/SOURCES/0263-conf-files-fix-when-for-root-logic.patch
new file mode 100644
index 0000000..ac43e75
--- /dev/null
+++ b/SOURCES/0263-conf-files-fix-when-for-root-logic.patch
@@ -0,0 +1,51 @@
+From b5f15b581d886a332de50512c0fe75d1acc0c1ee Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 17 Jun 2014 01:56:44 +0200
+Subject: [PATCH] conf-files: fix when for --root= logic
+
+This is based on parts of similar patches from Michael Marineau and
+Lukas Nykryn, but simply uses strappenda3().
+
+(cherry picked from commit cebed5005b5ede17fc52ab50c054fca73bc938b8)
+
+Related: #1111199
+---
+ src/shared/conf-files.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/src/shared/conf-files.c b/src/shared/conf-files.c
+index 3d5b1df..4ec8bed 100644
+--- a/src/shared/conf-files.c
++++ b/src/shared/conf-files.c
+@@ -37,10 +37,20 @@
+ #include "hashmap.h"
+ #include "conf-files.h"
+
+-static int files_add(Hashmap *h, const char *dirpath, const char *suffix) {
++static int files_add(Hashmap *h, const char *dirpath, const char *suffix, const char *root) {
+ _cleanup_closedir_ DIR *dir = NULL;
+
+- dir = opendir(dirpath);
++ assert(dirpath);
++ assert(suffix);
++
++ if (isempty(root))
++ dir = opendir(dirpath);
++ else {
++ const char *p;
++
++ p = strappenda3(root, "/", dirpath);
++ dir = opendir(p);
++ }
+ if (!dir) {
+ if (errno == ENOENT)
+ return 0;
+@@ -108,7 +118,7 @@ static int conf_files_list_strv_internal(char ***strv, const char *suffix, const
+ return -ENOMEM;
+
+ STRV_FOREACH(p, dirs) {
+- r = files_add(fh, *p, suffix);
++ r = files_add(fh, *p, suffix, root);
+ if (r == -ENOMEM) {
+ hashmap_free_free(fh);
+ return r;
diff --git a/SOURCES/0264-Make-systemctl-root-look-for-files-in-the-proper-pla.patch b/SOURCES/0264-Make-systemctl-root-look-for-files-in-the-proper-pla.patch
new file mode 100644
index 0000000..1922225
--- /dev/null
+++ b/SOURCES/0264-Make-systemctl-root-look-for-files-in-the-proper-pla.patch
@@ -0,0 +1,341 @@
+From 022406c6dcaa5e9201a30b95f3e86328739e3892 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 24 Apr 2014 01:44:10 -0400
+Subject: [PATCH] Make systemctl --root look for files in the proper places
+
+Running systemctl enable/disable/set-default/... with the --root
+option under strace reveals that it accessed various files and
+directories in the main fs, and not underneath the specified root.
+This can lead to correct results only when the layout and
+configuration in the container are identical, which often is not the
+case. Fix this by adding the specified root to all file access
+operations.
+
+This patch does not handle some corner cases: symlinks which point
+outside of the specified root might be interpreted differently than
+they would be by the kernel if the specified root was the real root.
+But systemctl does not create such symlinks by itself, and I think
+this is enough of a corner case not to be worth the additional
+complexity of reimplementing link chasing in systemd.
+
+Also, simplify the code in a few places and remove an hypothetical
+memory leak on error.
+
+Conflicts:
+ TODO
+ src/shared/install.c
+
+(cherry picked from commit 12ed81d9c88406234c20e9261ae8c8b992d8bc4d)
+
+Related: #1111199
+---
+ src/core/manager.c | 2 ++
+ src/shared/install.c | 34 +++++++++++++++++++++-----------
+ src/shared/path-lookup.c | 12 ++++--------
+ src/shared/path-lookup.h | 8 +++++++-
+ src/shared/path-util.c | 49 ++++++++++++++++++++++++++++++++++++-----------
+ src/systemctl/systemctl.c | 2 +-
+ 6 files changed, 75 insertions(+), 32 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 57a88b0..a2810b4 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -891,6 +891,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
+
+ r = lookup_paths_init(
+ &m->lookup_paths, m->running_as, true,
++ NULL,
+ m->generator_unit_path,
+ m->generator_unit_path_early,
+ m->generator_unit_path_late);
+@@ -2383,6 +2384,7 @@ int manager_reload(Manager *m) {
+
+ q = lookup_paths_init(
+ &m->lookup_paths, m->running_as, true,
++ NULL,
+ m->generator_unit_path,
+ m->generator_unit_path_early,
+ m->generator_unit_path_late);
+diff --git a/src/shared/install.c b/src/shared/install.c
+index b9c85b7..672dcc2 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -47,7 +47,9 @@ typedef struct {
+ #define _cleanup_lookup_paths_free_ _cleanup_(lookup_paths_free)
+ #define _cleanup_install_context_done_ _cleanup_(install_context_done)
+
+-static int lookup_paths_init_from_scope(LookupPaths *paths, UnitFileScope scope) {
++static int lookup_paths_init_from_scope(LookupPaths *paths,
++ UnitFileScope scope,
++ const char *root_dir) {
+ assert(paths);
+ assert(scope >= 0);
+ assert(scope < _UNIT_FILE_SCOPE_MAX);
+@@ -57,6 +59,7 @@ static int lookup_paths_init_from_scope(LookupPaths *paths, UnitFileScope scope)
+ return lookup_paths_init(paths,
+ scope == UNIT_FILE_SYSTEM ? SYSTEMD_SYSTEM : SYSTEMD_USER,
+ scope == UNIT_FILE_USER,
++ root_dir,
+ NULL, NULL, NULL);
+ }
+
+@@ -705,7 +708,7 @@ int unit_file_link(
+ assert(scope >= 0);
+ assert(scope < _UNIT_FILE_SCOPE_MAX);
+
+- r = lookup_paths_init_from_scope(&paths, scope);
++ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+@@ -1476,7 +1479,7 @@ int unit_file_enable(
+ assert(scope >= 0);
+ assert(scope < _UNIT_FILE_SCOPE_MAX);
+
+- r = lookup_paths_init_from_scope(&paths, scope);
++ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+@@ -1516,7 +1519,7 @@ int unit_file_disable(
+ assert(scope >= 0);
+ assert(scope < _UNIT_FILE_SCOPE_MAX);
+
+- r = lookup_paths_init_from_scope(&paths, scope);
++ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+@@ -1578,7 +1581,7 @@ int unit_file_set_default(
+ if (unit_name_to_type(file) != UNIT_TARGET)
+ return -EINVAL;
+
+- r = lookup_paths_init_from_scope(&paths, scope);
++ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+@@ -1613,7 +1616,11 @@ int unit_file_get_default(
+ char **p;
+ int r;
+
+- r = lookup_paths_init_from_scope(&paths, scope);
++ assert(scope >= 0);
++ assert(scope < _UNIT_FILE_SCOPE_MAX);
++ assert(name);
++
++ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+@@ -1665,12 +1672,13 @@ UnitFileState unit_file_get_state(
+ if (!unit_name_is_valid(name, true))
+ return -EINVAL;
+
+- r = lookup_paths_init_from_scope(&paths, scope);
++ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+ STRV_FOREACH(i, paths.unit_path) {
+ struct stat st;
++ char *partial;
+
+ free(path);
+ path = NULL;
+@@ -1679,10 +1687,14 @@ UnitFileState unit_file_get_state(
+ asprintf(&path, "%s/%s/%s", root_dir, *i, name);
+ else
+ asprintf(&path, "%s/%s", *i, name);
+-
+ if (!path)
+ return -ENOMEM;
+
++ if (root_dir)
++ partial = path + strlen(root_dir) + 1;
++ else
++ partial = path;
++
+ /*
+ * Search for a unit file in our default paths, to
+ * be sure, that there are no broken symlinks.
+@@ -1714,7 +1726,7 @@ UnitFileState unit_file_get_state(
+ else if (r > 0)
+ return state;
+
+- r = unit_file_can_install(&paths, root_dir, path, true);
++ r = unit_file_can_install(&paths, root_dir, partial, true);
+ if (r < 0 && errno != ENOENT)
+ return r;
+ else if (r > 0)
+@@ -1822,7 +1834,7 @@ int unit_file_preset(
+ assert(scope >= 0);
+ assert(scope < _UNIT_FILE_SCOPE_MAX);
+
+- r = lookup_paths_init_from_scope(&paths, scope);
++ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+@@ -1891,7 +1903,7 @@ int unit_file_get_list(
+ if (root_dir && scope != UNIT_FILE_SYSTEM)
+ return -EINVAL;
+
+- r = lookup_paths_init_from_scope(&paths, scope);
++ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index 03c1380..b62f302 100644
+--- a/src/shared/path-lookup.c
++++ b/src/shared/path-lookup.c
+@@ -239,6 +239,7 @@ int lookup_paths_init(
+ LookupPaths *p,
+ SystemdRunningAs running_as,
+ bool personal,
++ const char *root_dir,
+ const char *generator,
+ const char *generator_early,
+ const char *generator_late) {
+@@ -316,11 +317,9 @@ int lookup_paths_init(
+ }
+ }
+
+- if (!path_strv_canonicalize_absolute(p->unit_path, NULL))
++ if (!path_strv_canonicalize_absolute_uniq(p->unit_path, root_dir))
+ return -ENOMEM;
+
+- strv_uniq(p->unit_path);
+-
+ if (!strv_isempty(p->unit_path)) {
+ _cleanup_free_ char *t = strv_join(p->unit_path, "\n\t");
+ if (!t)
+@@ -372,15 +371,12 @@ int lookup_paths_init(
+ return -ENOMEM;
+ }
+
+- if (!path_strv_canonicalize_absolute(p->sysvinit_path, NULL))
++ if (!path_strv_canonicalize_absolute_uniq(p->sysvinit_path, root_dir))
+ return -ENOMEM;
+
+- if (!path_strv_canonicalize_absolute(p->sysvrcnd_path, NULL))
++ if (!path_strv_canonicalize_absolute_uniq(p->sysvrcnd_path, root_dir))
+ return -ENOMEM;
+
+- strv_uniq(p->sysvinit_path);
+- strv_uniq(p->sysvrcnd_path);
+-
+ if (!strv_isempty(p->sysvinit_path)) {
+ _cleanup_free_ char *t = strv_join(p->sysvinit_path, "\n\t");
+ if (!t)
+diff --git a/src/shared/path-lookup.h b/src/shared/path-lookup.h
+index 9dee85f..0db9bfb 100644
+--- a/src/shared/path-lookup.h
++++ b/src/shared/path-lookup.h
+@@ -41,5 +41,11 @@ SystemdRunningAs systemd_running_as_from_string(const char *s) _pure_;
+
+ int user_config_home(char **config_home);
+
+-int lookup_paths_init(LookupPaths *p, SystemdRunningAs running_as, bool personal, const char *generator, const char *generator_early, const char *generator_late);
++int lookup_paths_init(LookupPaths *p,
++ SystemdRunningAs running_as,
++ bool personal,
++ const char *root_dir,
++ const char *generator,
++ const char *generator_early,
++ const char *generator_late);
+ void lookup_paths_free(LookupPaths *p);
+diff --git a/src/shared/path-util.c b/src/shared/path-util.c
+index de291a5..0aa5d61 100644
+--- a/src/shared/path-util.c
++++ b/src/shared/path-util.c
+@@ -179,36 +179,63 @@ char **path_strv_canonicalize_absolute(char **l, const char *prefix) {
+
+ STRV_FOREACH(s, l) {
+ char *t, *u;
++ _cleanup_free_ char *orig = NULL;
+
+- if (!path_is_absolute(*s))
++ if (!path_is_absolute(*s)) {
++ free(*s);
+ continue;
++ }
+
+ if (prefix) {
+- t = strappend(prefix, *s);
+- free(*s);
+- *s = NULL;
+-
++ orig = *s;
++ t = strappend(prefix, orig);
+ if (!t) {
+ enomem = true;
+ continue;
+ }
+- } else {
++ } else
+ t = *s;
+- *s = NULL;
+- }
+
+ errno = 0;
+ u = canonicalize_file_name(t);
+ if (!u) {
+- if (errno == ENOENT)
+- u = t;
+- else {
++ if (errno == ENOENT) {
++ if (prefix) {
++ u = orig;
++ orig = NULL;
++ free(t);
++ } else
++ u = t;
++ } else {
+ free(t);
+ if (errno == ENOMEM || errno == 0)
+ enomem = true;
+
+ continue;
+ }
++ } else if (prefix) {
++ char *x;
++
++ free(t);
++ x = path_startswith(u, prefix);
++ if (x) {
++ /* restore the slash if it was lost */
++ if (!startswith(x, "/"))
++ *(--x) = '/';
++
++ t = strdup(x);
++ free(u);
++ if (!t) {
++ enomem = true;
++ continue;
++ }
++ u = t;
++ } else {
++ /* canonicalized path goes outside of
++ * prefix, keep the original path instead */
++ u = orig;
++ orig = NULL;
++ }
+ } else
+ free(t);
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 1ca4fd3..1cbcd20 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -4258,7 +4258,7 @@ static int enable_sysv_units(const char *verb, char **args) {
+ /* Processes all SysV units, and reshuffles the array so that
+ * afterwards only the native units remain */
+
+- r = lookup_paths_init(&paths, SYSTEMD_SYSTEM, false, NULL, NULL, NULL);
++ r = lookup_paths_init(&paths, SYSTEMD_SYSTEM, false, arg_root, NULL, NULL, NULL);
+ if (r < 0)
+ return r;
+
diff --git a/SOURCES/0265-tmpfiles-fix-memory-leak-of-exclude_prefixes.patch b/SOURCES/0265-tmpfiles-fix-memory-leak-of-exclude_prefixes.patch
new file mode 100644
index 0000000..edeb5cf
--- /dev/null
+++ b/SOURCES/0265-tmpfiles-fix-memory-leak-of-exclude_prefixes.patch
@@ -0,0 +1,43 @@
+From 0ec33b41e2fddd714851b444d85c4bd8a4fae879 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 30 Jan 2014 21:40:27 -0500
+Subject: [PATCH] tmpfiles: fix memory leak of exclude_prefixes
+
+Missed in 5c795114.
+
+(cherry picked from commit 498f8a39e66a62d015ac78e67e2504658bbba5f2)
+
+Related: #1111199
+---
+ src/tmpfiles/tmpfiles.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index 32f9088..1337d02 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -1332,12 +1332,12 @@ static int parse_argv(int argc, char *argv[]) {
+ break;
+
+ case ARG_PREFIX:
+- if (strv_extend(&include_prefixes, optarg) < 0)
++ if (strv_push(&include_prefixes, optarg) < 0)
+ return log_oom();
+ break;
+
+ case ARG_EXCLUDE_PREFIX:
+- if (strv_extend(&exclude_prefixes, optarg) < 0)
++ if (strv_push(&exclude_prefixes, optarg) < 0)
+ return log_oom();
+ break;
+
+@@ -1498,7 +1498,8 @@ finish:
+ hashmap_free(items);
+ hashmap_free(globs);
+
+- strv_free(include_prefixes);
++ free(include_prefixes);
++ free(exclude_prefixes);
+
+ set_free_free(unix_sockets);
+
diff --git a/SOURCES/0266-tmpfiles-add-root-option-to-operate-on-an-alternate-.patch b/SOURCES/0266-tmpfiles-add-root-option-to-operate-on-an-alternate-.patch
new file mode 100644
index 0000000..7210d8b
--- /dev/null
+++ b/SOURCES/0266-tmpfiles-add-root-option-to-operate-on-an-alternate-.patch
@@ -0,0 +1,150 @@
+From 14f32b5e62d7f0973302080488a0f0fce897b2d0 Mon Sep 17 00:00:00 2001
+From: Michael Marineau <michael.marineau@coreos.com>
+Date: Thu, 13 Mar 2014 21:32:13 -0700
+Subject: [PATCH] tmpfiles: add --root option to operate on an alternate fs
+ tree
+
+This makes it possible to initialize or cleanup an arbitrary filesystem
+hierarchy in the same way that it would be during system boot.
+
+Conflicts:
+ src/tmpfiles/tmpfiles.c
+
+(cherry picked from commit cf9a4abdc24c43565d0890fcb88c00169057c0c4)
+
+Resolves: #1111199
+---
+ man/systemd-tmpfiles.xml | 12 ++++++++++--
+ src/tmpfiles/tmpfiles.c | 29 +++++++++++++++++++++++++----
+ 2 files changed, 35 insertions(+), 6 deletions(-)
+
+diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
+index 64f9cf9..8d1db16 100644
+--- a/man/systemd-tmpfiles.xml
++++ b/man/systemd-tmpfiles.xml
+@@ -139,19 +139,27 @@
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+- <term><option>--prefix=PATH</option></term>
++ <term><option>--prefix=<replaceable>path</replaceable></option></term>
+ <listitem><para>Only apply rules that
+ apply to paths with the specified
+ prefix. This option can be specified
+ multiple times.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+- <term><option>--exclude-prefix=PATH</option></term>
++ <term><option>--exclude-prefix=<replaceable>path</replaceable></option></term>
+ <listitem><para>Ignore rules that
+ apply to paths with the specified
+ prefix. This option can be specified
+ multiple times.</para></listitem>
+ </varlistentry>
++ <varlistentry>
++ <term><option>--root=<replaceable>root</replaceable></option></term>
++ <listitem><para>Takes a directory path
++ as an argument. All paths will be
++ prefixed with the given alternate <replaceable>root</replaceable>
++ path, including config search paths.
++ </para></listitem>
++ </varlistentry>
+
+
+ <varlistentry>
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index 1337d02..ff51062 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -110,6 +110,7 @@ static bool arg_boot = false;
+
+ static char **include_prefixes = NULL;
+ static char **exclude_prefixes = NULL;
++static char *arg_root = NULL;
+
+ static const char conf_file_dirs[] =
+ "/etc/tmpfiles.d\0"
+@@ -1186,6 +1187,15 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
+ if (!should_include_path(i->path))
+ return 0;
+
++ if (arg_root) {
++ char *p = strappend(arg_root, i->path);
++ if (!p)
++ return log_oom();
++
++ free(i->path);
++ i->path = p;
++ }
++
+ if (user && !streq(user, "-")) {
+ const char *u = user;
+
+@@ -1274,7 +1284,8 @@ static int help(void) {
+ " --remove Remove marked files/directories\n"
+ " --boot Execute actions only safe at boot\n"
+ " --prefix=PATH Only apply rules that apply to paths with the specified prefix\n"
+- " --exclude-prefix=PATH Ignore rules that apply to paths with the specified prefix\n",
++ " --exclude-prefix=PATH Ignore rules that apply to paths with the specified prefix\n"
++ " --root=PATH Operate on an alternate filesystem root\n",
+ program_invocation_short_name);
+
+ return 0;
+@@ -1289,6 +1300,7 @@ static int parse_argv(int argc, char *argv[]) {
+ ARG_BOOT,
+ ARG_PREFIX,
+ ARG_EXCLUDE_PREFIX,
++ ARG_ROOT,
+ };
+
+ static const struct option options[] = {
+@@ -1299,7 +1311,8 @@ static int parse_argv(int argc, char *argv[]) {
+ { "boot", no_argument, NULL, ARG_BOOT },
+ { "prefix", required_argument, NULL, ARG_PREFIX },
+ { "exclude-prefix", required_argument, NULL, ARG_EXCLUDE_PREFIX },
+- { NULL, 0, NULL, 0 }
++ { "root", required_argument, NULL, ARG_ROOT },
++ {}
+ };
+
+ int c;
+@@ -1341,6 +1354,13 @@ static int parse_argv(int argc, char *argv[]) {
+ return log_oom();
+ break;
+
++ case ARG_ROOT:
++ arg_root = path_make_absolute_cwd(optarg);
++ if (!arg_root)
++ return log_oom();
++ path_kill_slashes(arg_root);
++ break;
++
+ case '?':
+ return -EINVAL;
+
+@@ -1368,7 +1388,7 @@ static int read_config_file(const char *fn, bool ignore_enoent) {
+
+ assert(fn);
+
+- r = search_and_fopen_nulstr(fn, "re", NULL, conf_file_dirs, &f);
++ r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &f);
+ if (r < 0) {
+ if (ignore_enoent && r == -ENOENT)
+ return 0;
+@@ -1469,7 +1489,7 @@ int main(int argc, char *argv[]) {
+ _cleanup_strv_free_ char **files = NULL;
+ char **f;
+
+- r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
++ r = conf_files_list_nulstr(&files, ".conf", arg_root, conf_file_dirs);
+ if (r < 0) {
+ log_error("Failed to enumerate tmpfiles.d files: %s", strerror(-r));
+ goto finish;
+@@ -1500,6 +1520,7 @@ finish:
+
+ free(include_prefixes);
+ free(exclude_prefixes);
++ free(arg_root);
+
+ set_free_free(unix_sockets);
+
diff --git a/SOURCES/0267-conf-files-include-root-in-returned-file-paths.patch b/SOURCES/0267-conf-files-include-root-in-returned-file-paths.patch
new file mode 100644
index 0000000..21f7c01
--- /dev/null
+++ b/SOURCES/0267-conf-files-include-root-in-returned-file-paths.patch
@@ -0,0 +1,89 @@
+From c73f2c0db1e35c80ea3cff7b1eb2bece09be4793 Mon Sep 17 00:00:00 2001
+From: Michael Marineau <michael.marineau@coreos.com>
+Date: Thu, 19 Jun 2014 19:07:04 -0700
+Subject: [PATCH] conf-files: include root in returned file paths
+
+This restores the original root handling logic that was present prior to
+112cfb18 when path expansion moved to path_strv_canonicalize_absolute.
+That behavior partially went away in 12ed81d9.
+
+Alternatively all users of conf_files_list* could be updated to
+concatenate the paths themselves as unit_file_query_preset did but since
+no user needs the un-concatenated form that is pointless duplication.
+
+Conflicts:
+ src/shared/install.c
+
+(cherry picked from commit cba2ef02722114da2b730d57f1e3bb43013d8921)
+
+Related: #1111199
+---
+ src/shared/conf-files.c | 16 ++++++----------
+ src/shared/install.c | 6 +++---
+ 2 files changed, 9 insertions(+), 13 deletions(-)
+
+diff --git a/src/shared/conf-files.c b/src/shared/conf-files.c
+index 4ec8bed..fc5f1fe 100644
+--- a/src/shared/conf-files.c
++++ b/src/shared/conf-files.c
+@@ -37,20 +37,16 @@
+ #include "hashmap.h"
+ #include "conf-files.h"
+
+-static int files_add(Hashmap *h, const char *dirpath, const char *suffix, const char *root) {
++static int files_add(Hashmap *h, const char *root, const char *path, const char *suffix) {
+ _cleanup_closedir_ DIR *dir = NULL;
++ char *dirpath;
+
+- assert(dirpath);
++ assert(path);
+ assert(suffix);
+
+- if (isempty(root))
+- dir = opendir(dirpath);
+- else {
+- const char *p;
++ dirpath = strappenda(root ? root : "", path);
+
+- p = strappenda3(root, "/", dirpath);
+- dir = opendir(p);
+- }
++ dir = opendir(dirpath);
+ if (!dir) {
+ if (errno == ENOENT)
+ return 0;
+@@ -118,7 +114,7 @@ static int conf_files_list_strv_internal(char ***strv, const char *suffix, const
+ return -ENOMEM;
+
+ STRV_FOREACH(p, dirs) {
+- r = files_add(fh, *p, suffix, root);
++ r = files_add(fh, root, *p, suffix);
+ if (r == -ENOMEM) {
+ hashmap_free_free(fh);
+ return r;
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 672dcc2..871de78 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1740,7 +1740,7 @@ UnitFileState unit_file_get_state(
+
+ int unit_file_query_preset(UnitFileScope scope, const char *name) {
+ _cleanup_strv_free_ char **files = NULL;
+- char **i;
++ char **p;
+ int r;
+
+ assert(scope >= 0);
+@@ -1768,10 +1768,10 @@ int unit_file_query_preset(UnitFileScope scope, const char *name) {
+ if (r < 0)
+ return r;
+
+- STRV_FOREACH(i, files) {
++ STRV_FOREACH(p, files) {
+ _cleanup_fclose_ FILE *f;
+
+- f = fopen(*i, "re");
++ f = fopen(*p, "re");
+ if (!f) {
+ if (errno == ENOENT)
+ continue;
diff --git a/SOURCES/0268-install-make-sure-that-root-mode-doesn-t-make-us-con.patch b/SOURCES/0268-install-make-sure-that-root-mode-doesn-t-make-us-con.patch
new file mode 100644
index 0000000..82a76c2
--- /dev/null
+++ b/SOURCES/0268-install-make-sure-that-root-mode-doesn-t-make-us-con.patch
@@ -0,0 +1,148 @@
+From 8d32393e5a3fbc12371edf69830d0258a097211f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 17 Jun 2014 00:53:49 +0200
+Subject: [PATCH] install: make sure that --root= mode doesn't make us consider
+ all units outside of search path
+
+(cherry picked from commit 8f294b45cbb627d31342f6a79444be59ce7e2274)
+
+Related: #1111199
+---
+ src/shared/install.c | 41 +++++++++++++++++++++++++++++++++++++----
+ src/shared/util.c | 16 ----------------
+ src/shared/util.h | 1 -
+ 3 files changed, 37 insertions(+), 21 deletions(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 871de78..7dad66d 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -47,6 +47,37 @@ typedef struct {
+ #define _cleanup_lookup_paths_free_ _cleanup_(lookup_paths_free)
+ #define _cleanup_install_context_done_ _cleanup_(install_context_done)
+
++static int in_search_path(const char *path, char **search, const char *root_dir) {
++ _cleanup_free_ char *parent = NULL;
++ char **i;
++ int r;
++
++ assert(path);
++
++ r = path_get_parent(path, &parent);
++ if (r < 0)
++ return r;
++
++ STRV_FOREACH(i, search) {
++ _cleanup_free_ char *buf = NULL;
++ const char *p;
++
++ if (root_dir) {
++ buf = strjoin(root_dir, "/", *i, NULL);
++ if (!buf)
++ return -ENOMEM;
++
++ p = buf;
++ } else
++ p = *i;
++
++ if (path_equal(parent, p))
++ return 1;
++ }
++
++ return 0;
++}
++
+ static int lookup_paths_init_from_scope(LookupPaths *paths,
+ UnitFileScope scope,
+ const char *root_dir) {
+@@ -741,7 +772,7 @@ int unit_file_link(
+ continue;
+ }
+
+- q = in_search_path(*i, paths.unit_path);
++ q = in_search_path(*i, paths.unit_path, root_dir);
+ if (q < 0)
+ return q;
+
+@@ -1296,6 +1327,7 @@ static int install_info_symlink_link(
+ InstallInfo *i,
+ LookupPaths *paths,
+ const char *config_path,
++ const char *root_dir,
+ bool force,
+ UnitFileChange **changes,
+ unsigned *n_changes) {
+@@ -1308,7 +1340,7 @@ static int install_info_symlink_link(
+ assert(config_path);
+ assert(i->path);
+
+- r = in_search_path(i->path, paths->unit_path);
++ r = in_search_path(i->path, paths->unit_path, root_dir);
+ if (r != 0)
+ return r;
+
+@@ -1323,6 +1355,7 @@ static int install_info_apply(
+ InstallInfo *i,
+ LookupPaths *paths,
+ const char *config_path,
++ const char *root_dir,
+ bool force,
+ UnitFileChange **changes,
+ unsigned *n_changes) {
+@@ -1343,7 +1376,7 @@ static int install_info_apply(
+ if (r == 0)
+ r = q;
+
+- q = install_info_symlink_link(i, paths, config_path, force, changes, n_changes);
++ q = install_info_symlink_link(i, paths, config_path, root_dir, force, changes, n_changes);
+ if (r == 0)
+ r = q;
+
+@@ -1383,7 +1416,7 @@ static int install_context_apply(
+ } else if (r >= 0)
+ r += q;
+
+- q = install_info_apply(i, paths, config_path, force, changes, n_changes);
++ q = install_info_apply(i, paths, config_path, root_dir, force, changes, n_changes);
+ if (r >= 0 && q < 0)
+ r = q;
+ }
+diff --git a/src/shared/util.c b/src/shared/util.c
+index e313ea9..fc1f765 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -4490,22 +4490,6 @@ int dirent_ensure_type(DIR *d, struct dirent *de) {
+ return 0;
+ }
+
+-int in_search_path(const char *path, char **search) {
+- char **i;
+- _cleanup_free_ char *parent = NULL;
+- int r;
+-
+- r = path_get_parent(path, &parent);
+- if (r < 0)
+- return r;
+-
+- STRV_FOREACH(i, search)
+- if (path_equal(parent, *i))
+- return 1;
+-
+- return 0;
+-}
+-
+ int get_files_in_directory(const char *path, char ***list) {
+ _cleanup_closedir_ DIR *d = NULL;
+ size_t bufsize = 0, n = 0;
+diff --git a/src/shared/util.h b/src/shared/util.h
+index 3f30917..ec18d2c 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -475,7 +475,6 @@ int glob_extend(char ***strv, const char *path);
+
+ int dirent_ensure_type(DIR *d, struct dirent *de);
+
+-int in_search_path(const char *path, char **search);
+ int get_files_in_directory(const char *path, char ***list);
+
+ char *strjoin(const char *x, ...) _sentinel_;
diff --git a/SOURCES/0269-shared-install-do-not-prefix-created-symlink-with-ro.patch b/SOURCES/0269-shared-install-do-not-prefix-created-symlink-with-ro.patch
new file mode 100644
index 0000000..8060501
--- /dev/null
+++ b/SOURCES/0269-shared-install-do-not-prefix-created-symlink-with-ro.patch
@@ -0,0 +1,130 @@
+From 6dadf44d7062c38c3f4f782da3cd88114dceb959 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 21 Apr 2014 19:17:40 -0400
+Subject: [PATCH] shared/install: do not prefix created symlink with root path
+
+Before: /var/tmp/inst1//etc/systemd/system/default.target -> /var/tmp/inst1//usr/lib/systemd/system/graphical.target
+After: /var/tmp/inst1/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target
+
+(cherry picked from commit 62b002337727093c21d020c730bd65971f7783a7)
+
+Related: #1111199
+---
+ src/shared/install.c | 89 +++++++++++++++++++++++++---------------------------
+ 1 file changed, 43 insertions(+), 46 deletions(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 7dad66d..955a9bc 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1073,67 +1073,64 @@ static int unit_file_search(
+ assert(info);
+ assert(paths);
+
+- if (info->path)
+- return unit_file_load(c, info, info->path, allow_symlink);
++ if (info->path) {
++ char *full_path = NULL;
++
++ if (!isempty(root_dir))
++ full_path = strappenda(root_dir, info->path);
++
++ return unit_file_load(c, info, full_path ?: info->path, allow_symlink);
++ }
+
+ assert(info->name);
+
+ STRV_FOREACH(p, paths->unit_path) {
+- char *path = NULL;
+-
+- if (isempty(root_dir))
+- asprintf(&path, "%s/%s", *p, info->name);
+- else
+- asprintf(&path, "%s/%s/%s", root_dir, *p, info->name);
++ _cleanup_free_ char *path = NULL, *full_path = NULL;
+
++ path = strjoin(*p, "/", info->name, NULL);
+ if (!path)
+ return -ENOMEM;
+
+- r = unit_file_load(c, info, path, allow_symlink);
++ if (!isempty(root_dir)) {
++ full_path = strappend(root_dir, path);
++ if (!full_path)
++ return -ENOMEM;
++ }
+
+- if (r >= 0)
++ r = unit_file_load(c, info, full_path ?: path, allow_symlink);
++ if (r >= 0) {
+ info->path = path;
+- else {
+- if (r == -ENOENT && unit_name_is_instance(info->name)) {
+- /* Unit file doesn't exist, however instance enablement was requested.
+- * We will check if it is possible to load template unit file. */
+- char *template = NULL,
+- *template_path = NULL,
+- *template_dir = NULL;
+-
+- template = unit_name_template(info->name);
+- if (!template) {
+- free(path);
+- return -ENOMEM;
+- }
++ path = NULL;
++ } else if (r == -ENOENT && unit_name_is_instance(info->name)) {
++ /* Unit file doesn't exist, however instance enablement was requested.
++ * We will check if it is possible to load template unit file. */
++ _cleanup_free_ char *template = NULL, *template_dir = NULL;
++
++ template = unit_name_template(info->name);
++ if (!template)
++ return -ENOMEM;
+
+- /* We will reuse path variable since we don't need it anymore. */
+- template_dir = path;
+- *(strrchr(path, '/') + 1) = '\0';
++ /* We will reuse path variable since we don't need it anymore. */
++ template_dir = path;
++ *(strrchr(template_dir, '/') + 1) = '\0';
+
+- template_path = strjoin(template_dir, template, NULL);
+- if (!template_path) {
+- free(path);
+- free(template);
+- return -ENOMEM;
+- }
++ path = strappend(template_dir, template);
++ if (!path)
++ return -ENOMEM;
+
+- /* Let's try to load template unit. */
+- r = unit_file_load(c, info, template_path, allow_symlink);
+- if (r >= 0) {
+- info->path = strdup(template_path);
+- if (!info->path) {
+- free(path);
+- free(template);
+- free(template_path);
+- return -ENOMEM;
+- }
+- }
++ if (!isempty(root_dir)) {
++ free(full_path);
++ full_path = strappend(root_dir, path);
++ if (!full_path)
++ return -ENOMEM;
++ }
+
+- free(template);
+- free(template_path);
++ /* Let's try to load template unit. */
++ r = unit_file_load(c, info, full_path ?: path, allow_symlink);
++ if (r >= 0) {
++ info->path = path;
++ path = NULL;
+ }
+- free(path);
+ }
+
+ if (r != -ENOENT && r != -ELOOP)
diff --git a/SOURCES/0270-systemctl-fail-in-the-case-that-no-unit-files-were-f.patch b/SOURCES/0270-systemctl-fail-in-the-case-that-no-unit-files-were-f.patch
new file mode 100644
index 0000000..392e694
--- /dev/null
+++ b/SOURCES/0270-systemctl-fail-in-the-case-that-no-unit-files-were-f.patch
@@ -0,0 +1,56 @@
+From 9e42758bf5dcaff2120856556ef1c3cafff7d581 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Tue, 19 Aug 2014 20:53:29 +0200
+Subject: [PATCH] systemctl: fail in the case that no unit files were found
+
+Previously systemctl died with message
+
+-bash-4.2# systemctl --root /rawhi list-unit-files
+(src/systemctl/systemctl.c:868) Out of memory.
+
+in the case that no unit files were found in the --root
+or the directory did not exist.
+
+So lets return ENOENT in the case that --root does not exist
+and empty list in the case that there are no unit files.
+
+(cherry picked from commit fdbdf6ec29bda40763d7d3e7bb2a63e2f5d60c4c)
+
+Related: #1111199
+---
+ src/shared/install.c | 6 ++++++
+ src/systemctl/systemctl.c | 4 ++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 955a9bc..598323a 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1933,6 +1933,12 @@ int unit_file_get_list(
+ if (root_dir && scope != UNIT_FILE_SYSTEM)
+ return -EINVAL;
+
++ if (root_dir) {
++ r = access(root_dir, F_OK);
++ if (r < 0)
++ return -errno;
++ }
++
+ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 1cbcd20..90a80bd 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -862,6 +862,10 @@ static int list_unit_files(DBusConnection *bus, char **args) {
+ }
+
+ n_units = hashmap_size(h);
++
++ if (n_units == 0)
++ return 0;
++
+ units = new(UnitFileList, n_units);
+ if (!units) {
+ unit_file_list_free(h);
diff --git a/SOURCES/0271-units-make-ExecStopPost-action-part-of-ExecStart.patch b/SOURCES/0271-units-make-ExecStopPost-action-part-of-ExecStart.patch
new file mode 100644
index 0000000..f2dd649
--- /dev/null
+++ b/SOURCES/0271-units-make-ExecStopPost-action-part-of-ExecStart.patch
@@ -0,0 +1,54 @@
+From 9af28110933ae9cdd96477dd2911c19295bc74ce Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 8 Jul 2014 17:42:23 +0200
+Subject: [PATCH] units: make ExecStopPost action part of ExecStart
+
+Currently after exiting rescue shell we isolate default target. User
+might want to isolate to some other target than default one. However
+issuing systemctl isolate command to desired target would bring system
+to default target as a consequence of running ExecStopPost action.
+
+Having common ancestor for rescue shell and possible followup systemctl
+default command should fix this. If user exits rescue shell we will
+proceed with isolating default target, otherwise, on manual isolate,
+parent shell process is terminated and we don't isolate default target,
+but target chosen by user.
+
+Suggested-by: Michal Schmidt <mschmidt@redhat.com>
+
+(cherry picked from commit d3381512282f2ca1c7669f77fb736a90fdce6982)
+
+Resolves: #1036276
+---
+ units/emergency.service.in | 3 +--
+ units/rescue.service.m4.in | 3 +--
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/units/emergency.service.in b/units/emergency.service.in
+index 94c090f..91fc1bb 100644
+--- a/units/emergency.service.in
++++ b/units/emergency.service.in
+@@ -17,8 +17,7 @@ Environment=HOME=/root
+ WorkingDirectory=/root
+ ExecStartPre=-/bin/plymouth quit
+ ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
+-ExecStart=-/sbin/sulogin
+-ExecStopPost=@SYSTEMCTL@ --fail --no-block default
++ExecStart=-/bin/sh -c "/sbin/sulogin; @SYSTEMCTL@ --fail --no-block default"
+ Type=idle
+ StandardInput=tty-force
+ StandardOutput=inherit
+diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
+index 552ef89..ef54369 100644
+--- a/units/rescue.service.m4.in
++++ b/units/rescue.service.m4.in
+@@ -18,8 +18,7 @@ Environment=HOME=/root
+ WorkingDirectory=/root
+ ExecStartPre=-/bin/plymouth quit
+ ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
+-ExecStart=-/sbin/sulogin
+-ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
++ExecStart=-/bin/sh -c "/sbin/sulogin; @SYSTEMCTL@ --fail --no-block default"
+ Type=idle
+ StandardInput=tty-force
+ StandardOutput=inherit
diff --git a/SOURCES/0272-systemctl-fix-broken-list-unit-files-with-root.patch b/SOURCES/0272-systemctl-fix-broken-list-unit-files-with-root.patch
new file mode 100644
index 0000000..6c211b2
--- /dev/null
+++ b/SOURCES/0272-systemctl-fix-broken-list-unit-files-with-root.patch
@@ -0,0 +1,40 @@
+From 736a7f8c5d6c711ece23b0f347d3b89ac7464b08 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Tue, 26 Aug 2014 13:33:08 +0200
+Subject: [PATCH] systemctl: fix broken list-unit-files with --root
+
+(cherry picked from commit 81fc054dc7c365545bca86d78bf36a12658cedb3)
+
+Related: #1111199
+
+Conflicts:
+ src/shared/install.c
+---
+ src/shared/install.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 598323a..2c8f907 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1973,6 +1973,7 @@ int unit_file_get_list(
+ union dirent_storage buffer;
+ UnitFileList __attribute__((cleanup(unitfilelist_free)))
+ *f = NULL;
++ _cleanup_free_ char *path = NULL;
+
+ r = readdir_r(d, &buffer.de, &de);
+ if (r != 0)
+@@ -2027,7 +2028,11 @@ int unit_file_get_list(
+ goto found;
+ }
+
+- r = unit_file_can_install(&paths, root_dir, f->path, true);
++ path = path_make_absolute(de->d_name, *i);
++ if (!path)
++ return -ENOMEM;
++
++ r = unit_file_can_install(&paths, root_dir, path, true);
+ if (r == -EINVAL || /* Invalid setting? */
+ r == -EBADMSG || /* Invalid format? */
+ r == -ENOENT /* Included file not found? */)
diff --git a/SOURCES/0273-machine-id-only-look-into-KVM-uuid-when-we-are-not-r.patch b/SOURCES/0273-machine-id-only-look-into-KVM-uuid-when-we-are-not-r.patch
new file mode 100644
index 0000000..f84f577
--- /dev/null
+++ b/SOURCES/0273-machine-id-only-look-into-KVM-uuid-when-we-are-not-r.patch
@@ -0,0 +1,87 @@
+From a777218d241e52279039da5a2ba9b5a69576583c Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 28 Apr 2014 18:11:40 +0200
+Subject: [PATCH] machine-id: only look into KVM uuid when we are not running
+ in a container
+
+Resolves: #1123452
+
+(cherry picked from commit 0b36bbc42d3a408531517a02acaf56105b863d55)
+
+Conflicts:
+ src/core/machine-id-setup.c
+---
+ src/core/machine-id-setup.c | 53 +++++++++++++++++++++++----------------------
+ 1 file changed, 27 insertions(+), 26 deletions(-)
+
+diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
+index 291930e..8cfcf51 100644
+--- a/src/core/machine-id-setup.c
++++ b/src/core/machine-id-setup.c
+@@ -92,32 +92,9 @@ static int generate(char id[34], const char *root) {
+ }
+ }
+
+- /* If that didn't work, see if we are running in qemu/kvm and a
+- * machine ID was passed in via -uuid on the qemu/kvm command
+- * line */
+-
+- r = detect_vm(&vm_id);
+- if (r > 0 && streq(vm_id, "kvm")) {
+- char uuid[37];
+-
+- fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
+- if (fd >= 0) {
+- k = loop_read(fd, uuid, 36, false);
+- close_nointr_nofail(fd);
+-
+- if (k >= 36) {
+- r = shorten_uuid(id, uuid);
+- if (r >= 0) {
+- log_info("Initializing machine ID from KVM UUID.");
+- return 0;
+- }
+- }
+- }
+- }
+-
+- /* If that didn't work either, see if we are running in a
+- * container, and a machine ID was passed in via
+- * $container_uuid the way libvirt/LXC does it */
++ /* If that didn't work, see if we are running in a container,
++ * and a machine ID was passed in via $container_uuid the way
++ * libvirt/LXC does it */
+ r = detect_container(NULL);
+ if (r > 0) {
+ _cleanup_free_ char *e = NULL;
+@@ -132,6 +109,30 @@ static int generate(char id[34], const char *root) {
+ }
+ }
+ }
++
++ } else {
++ /* If we are not running in a container, see if we are
++ * running in qemu/kvm and a machine ID was passed in
++ * via -uuid on the qemu/kvm command line */
++
++ r = detect_vm(&vm_id);
++ if (r > 0 && streq(vm_id, "kvm")) {
++ char uuid[37];
++
++ fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
++ if (fd >= 0) {
++ k = loop_read(fd, uuid, 36, false);
++ close_nointr_nofail(fd);
++
++ if (k >= 36) {
++ r = shorten_uuid(id, uuid);
++ if (r >= 0) {
++ log_info("Initializing machine ID from KVM UUID.");
++ return 0;
++ }
++ }
++ }
++ }
+ }
+
+ /* If that didn't work, generate a random machine id */
diff --git a/SOURCES/0274-util-reset-signals-when-we-fork-off-agents.patch b/SOURCES/0274-util-reset-signals-when-we-fork-off-agents.patch
new file mode 100644
index 0000000..a55fd51
--- /dev/null
+++ b/SOURCES/0274-util-reset-signals-when-we-fork-off-agents.patch
@@ -0,0 +1,70 @@
+From 72be8870f1ab5d8753d966ee6c81f88734053a95 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 26 Aug 2014 21:04:21 +0200
+Subject: [PATCH] util: reset signals when we fork off agents
+
+If we invoke agents, we should make sure we actually can kill them
+again. I mean, it's probably not our job to cleanup the signals if our
+tools are invoked in weird contexts, but at least we should make sure,
+that the subprocesses we invoke and intend to control work as intended.
+
+Also see:
+
+http://lists.freedesktop.org/archives/systemd-devel/2014-August/022460.html
+
+(cherry picked from commit 8a7c93d858c342744adf481565d8bb03b9713dcf)
+
+Resolves: #1134818
+---
+ src/shared/util.c | 18 ++++++++++++++++++
+ src/shared/util.h | 1 +
+ 2 files changed, 19 insertions(+)
+
+diff --git a/src/shared/util.c b/src/shared/util.c
+index fc1f765..e4448ff 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -935,6 +935,18 @@ int reset_all_signal_handlers(void) {
+ return 0;
+ }
+
++int reset_signal_mask(void) {
++ sigset_t ss;
++
++ if (sigemptyset(&ss) < 0)
++ return -errno;
++
++ if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
++ return -errno;
++
++ return 0;
++}
++
+ char *strstrip(char *s) {
+ char *e;
+
+@@ -5028,6 +5040,12 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa
+ /* Don't leak fds to the agent */
+ close_all_fds(except, n_except);
+
++ /* Make sure we actually can kill the agent, if we need to, in
++ * case somebody invoked us from a shell script that trapped
++ * SIGTERM or so... */
++ reset_all_signal_handlers();
++ reset_signal_mask();
++
+ stdout_is_tty = isatty(STDOUT_FILENO);
+ stderr_is_tty = isatty(STDERR_FILENO);
+
+diff --git a/src/shared/util.h b/src/shared/util.h
+index ec18d2c..5a9bc99 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -207,6 +207,7 @@ int readlink_and_make_absolute(const char *p, char **r);
+ int readlink_and_canonicalize(const char *p, char **r);
+
+ int reset_all_signal_handlers(void);
++int reset_signal_mask(void);
+
+ char *strstrip(char *s);
+ char *delete_chars(char *s, const char *bad);
diff --git a/SOURCES/0275-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch b/SOURCES/0275-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
new file mode 100644
index 0000000..5cdd581
--- /dev/null
+++ b/SOURCES/0275-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
@@ -0,0 +1,95 @@
+From f0fdbdb003cb3e8d8188c1c01701b510505b5b8b Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 27 Aug 2014 21:42:20 +0200
+Subject: [PATCH] util: fix minimal race where we might miss SIGTERMs when
+ forking off an agent
+
+Before forking, block all signals, and unblock them afterwards. This way
+the child will have them blocked, and we won't lose them.
+
+(cherry picked from commit 8a7c93d858c342744adf481565d8bb03b9713dcf)
+
+Related: #1134818
+---
+ src/shared/util.c | 35 +++++++++++++++++++++++------------
+ 1 file changed, 23 insertions(+), 12 deletions(-)
+
+diff --git a/src/shared/util.c b/src/shared/util.c
+index e4448ff..9f25b15 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -5002,9 +5002,9 @@ int fd_inc_rcvbuf(int fd, size_t n) {
+ }
+
+ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) {
+- pid_t parent_pid, agent_pid;
+- int fd;
+ bool stdout_is_tty, stderr_is_tty;
++ pid_t parent_pid, agent_pid;
++ sigset_t ss, saved_ss;
+ unsigned n, i;
+ va_list ap;
+ char **l;
+@@ -5012,16 +5012,25 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa
+ assert(pid);
+ assert(path);
+
+- parent_pid = getpid();
+-
+ /* Spawns a temporary TTY agent, making sure it goes away when
+ * we go away */
+
++ parent_pid = getpid();
++
++ /* First we temporarily block all signals, so that the new
++ * child has them blocked initially. This way, we can be sure
++ * that SIGTERMs are not lost we might send to the agent. */
++ assert_se(sigfillset(&ss) >= 0);
++ assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0);
++
+ agent_pid = fork();
+- if (agent_pid < 0)
++ if (agent_pid < 0) {
++ assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
+ return -errno;
++ }
+
+ if (agent_pid != 0) {
++ assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
+ *pid = agent_pid;
+ return 0;
+ }
+@@ -5032,24 +5041,26 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa
+ if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
+ _exit(EXIT_FAILURE);
+
++ /* Make sure we actually can kill the agent, if we need to, in
++ * case somebody invoked us from a shell script that trapped
++ * SIGTERM or so... */
++ reset_all_signal_handlers();
++ reset_signal_mask();
++
+ /* Check whether our parent died before we were able
+- * to set the death signal */
++ * to set the death signal and unblock the signals */
+ if (getppid() != parent_pid)
+ _exit(EXIT_SUCCESS);
+
+ /* Don't leak fds to the agent */
+ close_all_fds(except, n_except);
+
+- /* Make sure we actually can kill the agent, if we need to, in
+- * case somebody invoked us from a shell script that trapped
+- * SIGTERM or so... */
+- reset_all_signal_handlers();
+- reset_signal_mask();
+-
+ stdout_is_tty = isatty(STDOUT_FILENO);
+ stderr_is_tty = isatty(STDERR_FILENO);
+
+ if (!stdout_is_tty || !stderr_is_tty) {
++ int fd;
++
+ /* Detach from stdout/stderr. and reopen
+ * /dev/tty for them. This is important to
+ * ensure that when systemctl is started via
diff --git a/SOURCES/0276-udev-do-not-skip-the-execution-of-RUN-when-renaming-.patch b/SOURCES/0276-udev-do-not-skip-the-execution-of-RUN-when-renaming-.patch
new file mode 100644
index 0000000..89c26df
--- /dev/null
+++ b/SOURCES/0276-udev-do-not-skip-the-execution-of-RUN-when-renaming-.patch
@@ -0,0 +1,163 @@
+From 426a65ac5d56264b1890539eff96a1fa1d460217 Mon Sep 17 00:00:00 2001
+From: Kay Sievers <kay@vrfy.org>
+Date: Wed, 14 May 2014 00:34:49 +0200
+Subject: [PATCH] udev: do not skip the execution of RUN when renaming a
+ network device fails
+
+(cherry picked from commit 1ea972174baba40dbc80c51cbfc4edc49764b59b)
+
+Resolves: #1102135
+---
+ src/test/test-udev.c | 5 ++---
+ src/udev/udev-event.c | 9 ++++-----
+ src/udev/udev.h | 2 +-
+ src/udev/udevadm-test.c | 13 +++++--------
+ src/udev/udevd.c | 13 ++++++-------
+ 5 files changed, 18 insertions(+), 24 deletions(-)
+
+diff --git a/src/test/test-udev.c b/src/test/test-udev.c
+index 17825f1..3fcf728 100644
+--- a/src/test/test-udev.c
++++ b/src/test/test-udev.c
+@@ -156,9 +156,8 @@ int main(int argc, char *argv[])
+ }
+ }
+
+- err = udev_event_execute_rules(event, rules, &sigmask_orig);
+- if (err == 0)
+- udev_event_execute_run(event, NULL);
++ udev_event_execute_rules(event, rules, &sigmask_orig);
++ udev_event_execute_run(event, NULL);
+ out:
+ if (event != NULL && event->fd_signal >= 0)
+ close(event->fd_signal);
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index 3db2cb7..d69d7ba 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -776,13 +776,12 @@ static int rename_netif(struct udev_event *event)
+ return err;
+ }
+
+-int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask)
++void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask)
+ {
+ struct udev_device *dev = event->dev;
+- int err = 0;
+
+ if (udev_device_get_subsystem(dev) == NULL)
+- return -1;
++ return;
+
+ if (streq(udev_device_get_action(dev), "remove")) {
+ udev_device_read_db(dev, NULL);
+@@ -816,9 +815,10 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules,
+ event->name != NULL && !streq(event->name, udev_device_get_sysname(dev))) {
+ char syspath[UTIL_PATH_SIZE];
+ char *pos;
++ int err;
+
+ err = rename_netif(event);
+- if (err == 0) {
++ if (err >= 0) {
+ log_debug("renamed netif to '%s'\n", event->name);
+
+ /* remember old name */
+@@ -881,7 +881,6 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules,
+ udev_device_unref(event->dev_db);
+ event->dev_db = NULL;
+ }
+- return err;
+ }
+
+ void udev_event_execute_run(struct udev_event *event, const sigset_t *sigmask)
+diff --git a/src/udev/udev.h b/src/udev/udev.h
+index 8395926..900b1d6 100644
+--- a/src/udev/udev.h
++++ b/src/udev/udev.h
+@@ -83,7 +83,7 @@ int udev_event_apply_subsys_kernel(struct udev_event *event, const char *string,
+ int udev_event_spawn(struct udev_event *event,
+ const char *cmd, char **envp, const sigset_t *sigmask,
+ char *result, size_t ressize);
+-int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset);
++void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset);
+ void udev_event_execute_run(struct udev_event *event, const sigset_t *sigset);
+ int udev_build_argv(struct udev *udev, char *cmd, int *argc, char *argv[]);
+
+diff --git a/src/udev/udevadm-test.c b/src/udev/udevadm-test.c
+index df1409b..dc292c2 100644
+--- a/src/udev/udevadm-test.c
++++ b/src/udev/udevadm-test.c
+@@ -42,7 +42,6 @@ static int adm_test(struct udev *udev, int argc, char *argv[])
+ struct udev_rules *rules = NULL;
+ struct udev_list_entry *entry;
+ sigset_t mask, sigmask_orig;
+- int err;
+ int rc = 0;
+
+ static const struct option options[] = {
+@@ -141,18 +140,16 @@ static int adm_test(struct udev *udev, int argc, char *argv[])
+ goto out;
+ }
+
+- err = udev_event_execute_rules(event, rules, &sigmask_orig);
++ udev_event_execute_rules(event, rules, &sigmask_orig);
+
+ udev_list_entry_foreach(entry, udev_device_get_properties_list_entry(dev))
+ printf("%s=%s\n", udev_list_entry_get_name(entry), udev_list_entry_get_value(entry));
+
+- if (err == 0) {
+- udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) {
+- char program[UTIL_PATH_SIZE];
++ udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) {
++ char program[UTIL_PATH_SIZE];
+
+- udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program));
+- printf("run: '%s'\n", program);
+- }
++ udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program));
++ printf("run: '%s'\n", program);
+ }
+ out:
+ if (event != NULL && event->fd_signal >= 0)
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index 7c6c5d6..3d5feb4 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -272,7 +272,7 @@ static void worker_new(struct event *event)
+ for (;;) {
+ struct udev_event *udev_event;
+ struct worker_message msg;
+- int err;
++ int err = 0;
+
+ log_debug("seq %llu running\n", udev_device_get_seqnum(dev));
+ udev_event = udev_event_new(dev);
+@@ -288,13 +288,12 @@ static void worker_new(struct event *event)
+ udev_event->exec_delay = exec_delay;
+
+ /* apply rules, create node, symlinks */
+- err = udev_event_execute_rules(udev_event, rules, &sigmask_orig);
++ udev_event_execute_rules(udev_event, rules, &sigmask_orig);
+
+- if (err == 0)
+- udev_event_execute_run(udev_event, &sigmask_orig);
++ udev_event_execute_run(udev_event, &sigmask_orig);
+
+ /* apply/restore inotify watch */
+- if (err == 0 && udev_event->inotify_watch) {
++ if (udev_event->inotify_watch) {
+ udev_watch_begin(udev, dev);
+ udev_device_update_db(dev);
+ }
+@@ -304,8 +303,8 @@ static void worker_new(struct event *event)
+
+ /* send udevd the result of the event execution */
+ memset(&msg, 0, sizeof(struct worker_message));
+- if (err != 0)
+- msg.exitcode = err;
++
++ msg.exitcode = err;
+ msg.pid = getpid();
+ send(worker_watch[WRITE_END], &msg, sizeof(struct worker_message), 0);
+
diff --git a/SOURCES/0277-man-mention-System-Administrator-s-Guide-in-systemct.patch b/SOURCES/0277-man-mention-System-Administrator-s-Guide-in-systemct.patch
new file mode 100644
index 0000000..7e82917
--- /dev/null
+++ b/SOURCES/0277-man-mention-System-Administrator-s-Guide-in-systemct.patch
@@ -0,0 +1,33 @@
+From 28d352847cea4cacab45fe56e9f452eb45bc0708 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Thu, 28 Aug 2014 15:12:10 +0200
+Subject: [PATCH] man: mention System Administrator's Guide in systemctl
+ manpage
+
+Resolves: #978948
+---
+ man/systemctl.xml | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index 25b03d8..d1fda61 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -1350,6 +1350,17 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
+ </refsect1>
+
+ <refsect1>
++ <title>Examples</title>
++ <para>
++ For examples how to use systemctl in comparsion
++ with old service and chkconfig command please see:
++ <ulink url="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Services.html">
++ Managing System Services
++ </ulink>
++ </para>
++ </refsect1>
++
++ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
diff --git a/SOURCES/0278-vconsole-also-copy-character-maps-not-just-fonts-fro.patch b/SOURCES/0278-vconsole-also-copy-character-maps-not-just-fonts-fro.patch
new file mode 100644
index 0000000..2bd6874
--- /dev/null
+++ b/SOURCES/0278-vconsole-also-copy-character-maps-not-just-fonts-fro.patch
@@ -0,0 +1,57 @@
+From e39ab9b0f4d2cbc9fab10c64c2527908526ea86e Mon Sep 17 00:00:00 2001
+From: Carl Schaefer <schaefer@trilug.org>
+Date: Mon, 23 Jun 2014 18:23:48 +0200
+Subject: [PATCH] vconsole: also copy character maps (not just fonts) from vt1
+ to vt2, vt3, ...
+
+https://bugs.freedesktop.org/show_bug.cgi?id=78796
+
+(cherry picked from commit ff452e76e2c0f89a32542b7179bb2fd538335933)
+
+Resolves: #1002450
+---
+ src/vconsole/vconsole-setup.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index 1bbf737..7196ddf 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -180,6 +180,10 @@ static int font_load(const char *vc, const char *font, const char *map, const ch
+ */
+ static void font_copy_to_all_vcs(int fd) {
+ struct vt_stat vcs = {};
++ unsigned char map8[E_TABSZ];
++ unsigned short map16[E_TABSZ];
++ struct unimapdesc unimapd;
++ struct unipair unipairs[USHRT_MAX];
+ int i, r;
+
+ /* get active, and 16 bit mask of used VT numbers */
+@@ -209,6 +213,26 @@ static void font_copy_to_all_vcs(int fd) {
+ cfo.op = KD_FONT_OP_COPY;
+ cfo.height = vcs.v_active-1; /* tty1 == index 0 */
+ ioctl(vcfd, KDFONTOP, &cfo);
++
++ /* copy map of 8bit chars */
++ if (ioctl(fd, GIO_SCRNMAP, map8) >= 0)
++ ioctl(vcfd, PIO_SCRNMAP, map8);
++
++ /* copy map of 8bit chars -> 16bit Unicode values */
++ if (ioctl(fd, GIO_UNISCRNMAP, map16) >= 0)
++ ioctl(vcfd, PIO_UNISCRNMAP, map16);
++
++ /* copy unicode translation table */
++ /* unimapd is a ushort count and a pointer to an
++ array of struct unipair { ushort, ushort } */
++ unimapd.entries = unipairs;
++ unimapd.entry_ct = USHRT_MAX;
++ if (ioctl(fd, GIO_UNIMAP, &unimapd) >= 0) {
++ struct unimapinit adv = { 0, 0, 0 };
++
++ ioctl(vcfd, PIO_UNIMAPCLR, &adv);
++ ioctl(vcfd, PIO_UNIMAP, &unimapd);
++ }
+ }
+ }
+
diff --git a/SOURCES/0279-vconsole-setup-run-setfont-before-loadkeys.patch b/SOURCES/0279-vconsole-setup-run-setfont-before-loadkeys.patch
new file mode 100644
index 0000000..2a543f3
--- /dev/null
+++ b/SOURCES/0279-vconsole-setup-run-setfont-before-loadkeys.patch
@@ -0,0 +1,99 @@
+From a5236c816e1b8f7a56b2b4b0fa5ac2d5998e5b84 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 1 Jul 2014 22:20:11 -0400
+Subject: [PATCH] vconsole-setup: run setfont before loadkeys
+
+https://bugs.freedesktop.org/show_bug.cgi?id=80685
+
+(cherry picked from commit abee28c56d523e55751b0c007d0bf812cc285c00)
+
+Conflicts:
+ src/vconsole/vconsole-setup.c
+
+Related: #1002450
+---
+ src/vconsole/vconsole-setup.c | 49 ++++++++++++++++++++-----------------------
+ 1 file changed, 23 insertions(+), 26 deletions(-)
+
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index 7196ddf..25d15af 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -238,12 +238,10 @@ static void font_copy_to_all_vcs(int fd) {
+
+ int main(int argc, char **argv) {
+ const char *vc;
+- char *vc_keymap = NULL;
+- char *vc_keymap_toggle = NULL;
+- char *vc_font = NULL;
+- char *vc_font_map = NULL;
+- char *vc_font_unimap = NULL;
+- int fd = -1;
++ _cleanup_free_ char
++ *vc_keymap = NULL, *vc_keymap_toggle = NULL,
++ *vc_font = NULL, *vc_font_map = NULL, *vc_font_unimap = NULL;
++ _cleanup_close_ int fd = -1;
+ bool utf8;
+ pid_t font_pid = 0, keymap_pid = 0;
+ bool font_copy = false;
+@@ -265,12 +263,12 @@ int main(int argc, char **argv) {
+ fd = open_terminal(vc, O_RDWR|O_CLOEXEC);
+ if (fd < 0) {
+ log_error("Failed to open %s: %m", vc);
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ if (!is_vconsole(fd)) {
+ log_error("Device %s is not a virtual console.", vc);
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ utf8 = is_locale_utf8();
+@@ -305,28 +303,27 @@ int main(int argc, char **argv) {
+ else
+ disable_utf8(fd);
+
+- r = EXIT_FAILURE;
+- if (keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid) >= 0 &&
+- font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid) >= 0)
+- r = EXIT_SUCCESS;
+-
+-finish:
+- if (keymap_pid > 0)
+- wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid);
++ r = font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid);
++ if (r < 0) {
++ log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r));
++ return EXIT_FAILURE;
++ }
+
+- if (font_pid > 0) {
++ if (font_pid > 0)
+ wait_for_terminate_and_warn(KBD_SETFONT, font_pid);
+- if (font_copy)
+- font_copy_to_all_vcs(fd);
++
++ r = keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid);
++ if (r < 0) {
++ log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r));
++ return EXIT_FAILURE;
+ }
+
+- free(vc_keymap);
+- free(vc_font);
+- free(vc_font_map);
+- free(vc_font_unimap);
++ if (keymap_pid > 0)
++ wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid);
+
+- if (fd >= 0)
+- close_nointr_nofail(fd);
++ /* Only copy the font when we started setfont successfully */
++ if (font_copy && font_pid > 0)
++ font_copy_to_all_vcs(fd);
+
+- return r;
++ return EXIT_SUCCESS;
+ }
diff --git a/SOURCES/0280-vconsole-setup-fix-inverted-error-messages.patch b/SOURCES/0280-vconsole-setup-fix-inverted-error-messages.patch
new file mode 100644
index 0000000..b48682d
--- /dev/null
+++ b/SOURCES/0280-vconsole-setup-fix-inverted-error-messages.patch
@@ -0,0 +1,38 @@
+From ef543bf1d0011c0c7bfe38e097c1ef53e7027591 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 7 Jul 2014 08:55:30 -0400
+Subject: [PATCH] vconsole-setup: fix inverted error messages
+
+Introduced in abee28c56d.
+
+Pointed-out-by: Werner Fink <werner@suse.de>
+
+(cherry picked from commit 3dde3f819732aaa66ab8e881305488adaea17641)
+
+Related: #1002450
+---
+ src/vconsole/vconsole-setup.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index 25d15af..645b1e6 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -305,7 +305,7 @@ int main(int argc, char **argv) {
+
+ r = font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid);
+ if (r < 0) {
+- log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r));
++ log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r));
+ return EXIT_FAILURE;
+ }
+
+@@ -314,7 +314,7 @@ int main(int argc, char **argv) {
+
+ r = keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid);
+ if (r < 0) {
+- log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r));
++ log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r));
+ return EXIT_FAILURE;
+ }
+
diff --git a/SOURCES/0281-localed-consider-an-unset-model-as-a-wildcard.patch b/SOURCES/0281-localed-consider-an-unset-model-as-a-wildcard.patch
new file mode 100644
index 0000000..1ebefe1
--- /dev/null
+++ b/SOURCES/0281-localed-consider-an-unset-model-as-a-wildcard.patch
@@ -0,0 +1,42 @@
+From a27bc4778ef4579a954846cb75435226655ad31a Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Fri, 30 May 2014 18:20:16 +0200
+Subject: [PATCH] localed: consider an unset model as a wildcard
+
+(cherry picked from commit 387066c2e5bda159201896b194711965b52f34a9)
+
+Conflicts:
+ src/locale/localed.c
+
+Resolves: #903776
+---
+ src/locale/localed.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/src/locale/localed.c b/src/locale/localed.c
+index b9b98f4..a93b309 100644
+--- a/src/locale/localed.c
++++ b/src/locale/localed.c
+@@ -871,15 +871,16 @@ static int find_legacy_keymap(char **new_keymap) {
+ }
+ }
+
+- if (matching > 0 &&
+- streq_ptr(state.x11_model, a[2])) {
+- matching++;
+-
+- if (streq_ptr(state.x11_variant, a[3])) {
++ if (matching > 0) {
++ if (isempty(state.x11_model) || streq_ptr(state.x11_model, a[2])) {
+ matching++;
+
+- if (streq_ptr(state.x11_options, a[4]))
++ if (streq_ptr(state.x11_variant, a[3])) {
+ matching++;
++
++ if (streq_ptr(state.x11_options, a[4]))
++ matching++;
++ }
+ }
+ }
+
diff --git a/SOURCES/0282-systemd-detect-virt-detect-s390-virtualization.patch b/SOURCES/0282-systemd-detect-virt-detect-s390-virtualization.patch
new file mode 100644
index 0000000..33c6bfa
--- /dev/null
+++ b/SOURCES/0282-systemd-detect-virt-detect-s390-virtualization.patch
@@ -0,0 +1,75 @@
+From 50bb38a3dc24eb252097e958387d5a7075717a5a Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Fri, 18 Jul 2014 09:13:36 -0400
+Subject: [PATCH] systemd-detect-virt: detect s390 virtualization
+
+A system that is running on a logical partition (LPAR) provided by
+PR/SM has access to physical hardware (except CPU). It is true that
+PR/SM abstracts the hardware, but only for sharing purposes.
+
+Details are statet at:
+
+http://publib.boulder.ibm.com/infocenter/eserver/v1r2/topic/eicaz/eicazzlpar.htm
+
+-->--
+In other words, PR/SM transforms physical resources into virtual resources so
+that many logical partitions can share the same physical resources.
+--<--
+
+Still, from the OS point of view, the shared virtual resource is real
+hardware. ConditionVirtualization must be set to false if the OS runs
+directly on PR/SM (e.g. in an LPAR).
+
+[zj: reorder code so that variables are not allocated when #if-def is
+false. Add commit message.]
+
+Conflicts:
+ src/shared/virt.c
+
+(cherry picked from commit f41925b4e442a34c93ad120ef1426c974a047ed1)
+
+Resolves: #1139149
+---
+ man/systemd.unit.xml | 1 +
+ src/shared/virt.c | 16 ++++++++++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
+index 4704352..c500953 100644
+--- a/man/systemd.unit.xml
++++ b/man/systemd.unit.xml
+@@ -969,6 +969,7 @@
+ virtualization solution, or one of
+ <varname>qemu</varname>,
+ <varname>kvm</varname>,
++ <varname>zvm</varname>,
+ <varname>vmware</varname>,
+ <varname>microsoft</varname>,
+ <varname>oracle</varname>,
+diff --git a/src/shared/virt.c b/src/shared/virt.c
+index 4f8134a..5466d97 100644
+--- a/src/shared/virt.c
++++ b/src/shared/virt.c
+@@ -175,6 +175,22 @@ int detect_vm(const char **id) {
+ return 1;
+ }
+
++#if defined(__s390__)
++ {
++ _cleanup_free_ char *t = NULL;
++
++ r = get_status_field("/proc/sysinfo", "VM00 Control Program:", &t);
++ if (r >= 0) {
++ if (streq(t, "z/VM"))
++ _id = "zvm";
++ else
++ _id = "kvm";
++
++ return 1;
++ }
++ }
++#endif
++
+ return 0;
+ }
+
diff --git a/SOURCES/0283-systemctl-unbreak-switchroot.patch b/SOURCES/0283-systemctl-unbreak-switchroot.patch
new file mode 100644
index 0000000..8183aa5
--- /dev/null
+++ b/SOURCES/0283-systemctl-unbreak-switchroot.patch
@@ -0,0 +1,75 @@
+From e1036b1b5133141949bea166fb2cb6cdbfec3be0 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Fri, 12 Sep 2014 13:27:36 +0200
+Subject: [PATCH] systemctl: unbreak switchroot
+
+rhel-only patch
+cad8ec5980d63253586d9f884649c45eed0667a1 backport broke it
+
+Related: #1138546
+---
+ src/systemctl/systemctl.c | 26 ++++++++++++++------------
+ 1 file changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 90a80bd..ebc8caa 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -4147,8 +4147,8 @@ static int show_enviroment(DBusConnection *bus, char **args) {
+ }
+
+ static int switch_root(DBusConnection *bus, char **args) {
+- _cleanup_free_ char *cmdline_init = NULL;
+- const char *root, *init;
++ _cleanup_free_ char *init = NULL;
++ const char *root;
+ unsigned l;
+ int r;
+
+@@ -4161,23 +4161,20 @@ static int switch_root(DBusConnection *bus, char **args) {
+ root = args[1];
+
+ if (l >= 3)
+- init = args[2];
++ init = strdup(args[2]);
+ else {
+ r = parse_env_file("/proc/cmdline", WHITESPACE,
+- "init", &cmdline_init,
++ "init", &init,
+ NULL);
+ if (r < 0)
+ log_debug("Failed to parse /proc/cmdline: %s", strerror(-r));
+
+- init = cmdline_init;
++ if (!init)
++ init = strdup("");
+ }
+- if (!init)
+- return log_oom();
+
+- if (isempty(init))
+- init = NULL;
+
+- if (init) {
++ if (!isempty(init)) {
+ const char *root_systemd_path = NULL, *root_init_path = NULL;
+
+ root_systemd_path = strappenda(root, "/" SYSTEMD_BINARY_PATH);
+@@ -4185,10 +4182,15 @@ static int switch_root(DBusConnection *bus, char **args) {
+
+ /* If the passed init is actually the same as the
+ * systemd binary, then let's suppress it. */
+- if (files_same(root_init_path, root_systemd_path) > 0)
+- init = NULL;
++ if (files_same(root_init_path, root_systemd_path) > 0) {
++ free(init);
++ init = strdup("");
++ }
+ }
+
++ if (!init)
++ return log_oom();
++
+ log_debug("Switching root - root: %s; init: %s", root, strna(init));
+
+ return bus_method_call_with_reply(
diff --git a/SOURCES/0284-systemd-detect-virt-fix-detect-s390-virtualization.patch b/SOURCES/0284-systemd-detect-virt-fix-detect-s390-virtualization.patch
new file mode 100644
index 0000000..4b96c27
--- /dev/null
+++ b/SOURCES/0284-systemd-detect-virt-fix-detect-s390-virtualization.patch
@@ -0,0 +1,28 @@
+From 4c05a1381fbedaebe3832da433e4e10c682d6384 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Fri, 12 Sep 2014 15:23:50 +0200
+Subject: [PATCH] systemd-detect-virt: fix detect s390 virtualization
+
+rhel-only patch
+
+Related: #1139149
+---
+ src/shared/virt.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/shared/virt.c b/src/shared/virt.c
+index 5466d97..fca8515 100644
+--- a/src/shared/virt.c
++++ b/src/shared/virt.c
+@@ -182,9 +182,9 @@ int detect_vm(const char **id) {
+ r = get_status_field("/proc/sysinfo", "VM00 Control Program:", &t);
+ if (r >= 0) {
+ if (streq(t, "z/VM"))
+- _id = "zvm";
++ *id = "zvm";
+ else
+- _id = "kvm";
++ *id = "kvm";
+
+ return 1;
+ }
diff --git a/SOURCES/0285-exec-Add-SELinuxContext-configuration-item.patch b/SOURCES/0285-exec-Add-SELinuxContext-configuration-item.patch
new file mode 100644
index 0000000..d98ae1d
--- /dev/null
+++ b/SOURCES/0285-exec-Add-SELinuxContext-configuration-item.patch
@@ -0,0 +1,180 @@
+From d0a2b8832732d297321fddcad56872511ff212f2 Mon Sep 17 00:00:00 2001
+From: Michael Scherer <misc@zarb.org>
+Date: Thu, 6 Feb 2014 10:05:16 +0100
+Subject: [PATCH] exec: Add SELinuxContext configuration item
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This permit to let system administrators decide of the domain of a service.
+This can be used with templated units to have each service in a différent
+domain ( for example, a per customer database, using MLS or anything ),
+or can be used to force a non selinux enabled system (jvm, erlang, etc)
+to start in a different domain for each service.
+
+Conflicts:
+ src/core/dbus-execute.c
+ src/core/execute.c
+ src/core/execute.h
+ src/shared/exit-status.c
+ src/shared/exit-status.h
+
+(cherry picked from commit 7b52a628f8b43ba521c302a7f32bccf9d0dc8bfd)
+
+Related: #1113790
+---
+ man/systemd.exec.xml | 11 +++++++++++
+ src/core/dbus-execute.c | 1 +
+ src/core/execute.c | 27 +++++++++++++++++++++++++++
+ src/core/execute.h | 2 ++
+ src/core/load-fragment-gperf.gperf.m4 | 3 ++-
+ src/shared/exit-status.c | 3 +++
+ src/shared/exit-status.h | 1 +
+ 7 files changed, 47 insertions(+), 1 deletion(-)
+
+diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
+index 612b4d2..a68cfa7 100644
+--- a/man/systemd.exec.xml
++++ b/man/systemd.exec.xml
+@@ -919,6 +919,17 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term><varname>SELinuxContext=</varname></term>
++
++ <listitem><para>Set the SELinux context of the
++ executed process. If set, this will override the
++ automated domain transition. However, the policy
++ still need to autorize the transition. See
++ <citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
++ for details.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term><varname>IgnoreSIGPIPE=</varname></term>
+
+ <listitem><para>Takes a boolean
+diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
+index 2402e8c..97d75fa 100644
+--- a/src/core/dbus-execute.c
++++ b/src/core/dbus-execute.c
+@@ -429,6 +429,7 @@ const BusProperty bus_exec_context_properties[] = {
+ { "PrivateNetwork", bus_property_append_bool, "b", offsetof(ExecContext, private_network) },
+ { "SameProcessGroup", bus_property_append_bool, "b", offsetof(ExecContext, same_pgrp) },
+ { "UtmpIdentifier", bus_property_append_string, "s", offsetof(ExecContext, utmp_id), true },
++ { "SELinuxContext", bus_property_append_string, "s", offsetof(ExecContext, selinux_context), true },
+ { "IgnoreSIGPIPE", bus_property_append_bool, "b", offsetof(ExecContext, ignore_sigpipe) },
+ { "NoNewPrivileges", bus_property_append_bool, "b", offsetof(ExecContext, no_new_privileges) },
+ { "SystemCallFilter", bus_execute_append_syscall_filter, "au", 0 },
+diff --git a/src/core/execute.c b/src/core/execute.c
+index 981b9e4..cf9d24e 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -46,6 +46,10 @@
+ #include <security/pam_appl.h>
+ #endif
+
++#ifdef HAVE_SELINUX
++#include <selinux/selinux.h>
++#endif
++
+ #include "execute.h"
+ #include "strv.h"
+ #include "macro.h"
+@@ -1467,6 +1471,20 @@ int exec_spawn(ExecCommand *command,
+ goto fail_child;
+ }
+ }
++#ifdef HAVE_SELINUX
++ if (context->selinux_context) {
++ err = security_check_context(context->selinux_context);
++ if (err < 0) {
++ r = EXIT_SELINUX_CONTEXT;
++ goto fail_child;
++ }
++ err = setexeccon(context->selinux_context);
++ if (err < 0) {
++ r = EXIT_SELINUX_CONTEXT;
++ goto fail_child;
++ }
++ }
++#endif
+ }
+
+ our_env = new0(char*, 7);
+@@ -1696,6 +1714,9 @@ void exec_context_done(ExecContext *c, bool reloading_or_reexecuting) {
+ free(c->utmp_id);
+ c->utmp_id = NULL;
+
++ free(c->selinux_context);
++ c->selinux_context = NULL;
++
+ free(c->syscall_filter);
+ c->syscall_filter = NULL;
+
+@@ -2067,6 +2088,12 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
+ fprintf(f,
+ "%sUtmpIdentifier: %s\n",
+ prefix, c->utmp_id);
++
++ if (c->selinux_context)
++ fprintf(f,
++ "%sSELinuxContext: %s\n",
++ prefix, c->selinux_context);
++
+ }
+
+ void exec_status_start(ExecStatus *s, pid_t pid) {
+diff --git a/src/core/execute.h b/src/core/execute.h
+index c1e9717..92ac8dd 100644
+--- a/src/core/execute.h
++++ b/src/core/execute.h
+@@ -124,6 +124,8 @@ struct ExecContext {
+
+ char *utmp_id;
+
++ char *selinux_context;
++
+ char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
+ unsigned long mount_flags;
+
+diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
+index 0991cb9..935f04e 100644
+--- a/src/core/load-fragment-gperf.gperf.m4
++++ b/src/core/load-fragment-gperf.gperf.m4
+@@ -75,7 +75,8 @@ $1.MountFlags, config_parse_exec_mount_flags, 0,
+ $1.TCPWrapName, config_parse_unit_string_printf, 0, offsetof($1, exec_context.tcpwrap_name)
+ $1.PAMName, config_parse_unit_string_printf, 0, offsetof($1, exec_context.pam_name)
+ $1.IgnoreSIGPIPE, config_parse_bool, 0, offsetof($1, exec_context.ignore_sigpipe)
+-$1.UtmpIdentifier, config_parse_unit_string_printf, 0, offsetof($1, exec_context.utmp_id)'
++$1.UtmpIdentifier, config_parse_unit_string_printf, 0, offsetof($1, exec_context.utmp_id)
++$1.SELinuxContext, config_parse_unit_string_printf, 0, offsetof($1, exec_context.selinux_context)'
+ )m4_dnl
+ m4_define(`KILL_CONTEXT_CONFIG_ITEMS',
+ `$1.SendSIGKILL, config_parse_bool, 0, offsetof($1, kill_context.send_sigkill)
+diff --git a/src/shared/exit-status.c b/src/shared/exit-status.c
+index f15fdba..676291b 100644
+--- a/src/shared/exit-status.c
++++ b/src/shared/exit-status.c
+@@ -131,6 +131,9 @@ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) {
+ case EXIT_SECCOMP:
+ return "SECCOMP";
+
++ case EXIT_SELINUX_CONTEXT:
++ return "SELINUX_CONTEXT";
++
+ case EXIT_CHOWN:
+ return "CHOWN";
+
+diff --git a/src/shared/exit-status.h b/src/shared/exit-status.h
+index 52dd3d0..798f1e1 100644
+--- a/src/shared/exit-status.h
++++ b/src/shared/exit-status.h
+@@ -68,6 +68,7 @@ typedef enum ExitStatus {
+ EXIT_NAMESPACE,
+ EXIT_NO_NEW_PRIVILEGES,
+ EXIT_SECCOMP,
++ EXIT_SELINUX_CONTEXT,
+ EXIT_CHOWN
+ } ExitStatus;
+
diff --git a/SOURCES/0286-exec-Ignore-the-setting-SELinuxContext-if-selinux-is.patch b/SOURCES/0286-exec-Ignore-the-setting-SELinuxContext-if-selinux-is.patch
new file mode 100644
index 0000000..53183d4
--- /dev/null
+++ b/SOURCES/0286-exec-Ignore-the-setting-SELinuxContext-if-selinux-is.patch
@@ -0,0 +1,26 @@
+From 602f5a2c2a7ed23ebd61a728f6e16f63024e3c1f Mon Sep 17 00:00:00 2001
+From: Michael Scherer <misc@zarb.org>
+Date: Thu, 6 Feb 2014 10:05:17 +0100
+Subject: [PATCH] exec: Ignore the setting SELinuxContext if selinux is not
+ enabled
+
+(cherry picked from commit 5c56a259e07661a66e806cc2fbc71de96a75f78e)
+
+Related: #1113790
+---
+ src/core/execute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index cf9d24e..cb6f146 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1472,7 +1472,7 @@ int exec_spawn(ExecCommand *command,
+ }
+ }
+ #ifdef HAVE_SELINUX
+- if (context->selinux_context) {
++ if (context->selinux_context && use_selinux()) {
+ err = security_check_context(context->selinux_context);
+ if (err < 0) {
+ r = EXIT_SELINUX_CONTEXT;
diff --git a/SOURCES/0287-exec-Add-support-for-ignoring-errors-on-SELinuxConte.patch b/SOURCES/0287-exec-Add-support-for-ignoring-errors-on-SELinuxConte.patch
new file mode 100644
index 0000000..24e2e9a
--- /dev/null
+++ b/SOURCES/0287-exec-Add-support-for-ignoring-errors-on-SELinuxConte.patch
@@ -0,0 +1,70 @@
+From 5c2592bf519dc7b2b28cde77f5f35422ec7a9320 Mon Sep 17 00:00:00 2001
+From: Michael Scherer <misc@zarb.org>
+Date: Thu, 6 Feb 2014 10:05:18 +0100
+Subject: [PATCH] exec: Add support for ignoring errors on SELinuxContext by
+ prefixing it with -, like for others settings.
+
+Also remove call to security_check_context, as this doesn't serve anything, since
+setexeccon will fail anyway.
+
+(cherry picked from commit 0d3f7bb3a5bc6d5c0712f88a080fed388981bca3)
+
+Related: #1113790
+---
+ man/systemd.exec.xml | 4 +++-
+ src/core/execute.c | 20 +++++++++++++-------
+ 2 files changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
+index a68cfa7..7608489 100644
+--- a/man/systemd.exec.xml
++++ b/man/systemd.exec.xml
+@@ -924,7 +924,9 @@
+ <listitem><para>Set the SELinux context of the
+ executed process. If set, this will override the
+ automated domain transition. However, the policy
+- still need to autorize the transition. See
++ still need to autorize the transition. This directive
++ is ignored if SELinux is disabled. If prefixed by <literal>-</literal>,
++ all errors will be ignored. See
+ <citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ for details.</para></listitem>
+ </varlistentry>
+diff --git a/src/core/execute.c b/src/core/execute.c
+index cb6f146..9fc5090 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -72,6 +72,7 @@
+ #include "fileio.h"
+ #include "unit.h"
+ #include "async.h"
++#include "selinux-util.h"
+
+ #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
+ #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
+@@ -1473,13 +1474,18 @@ int exec_spawn(ExecCommand *command,
+ }
+ #ifdef HAVE_SELINUX
+ if (context->selinux_context && use_selinux()) {
+- err = security_check_context(context->selinux_context);
+- if (err < 0) {
+- r = EXIT_SELINUX_CONTEXT;
+- goto fail_child;
+- }
+- err = setexeccon(context->selinux_context);
+- if (err < 0) {
++ bool ignore;
++ char* c;
++
++ c = context->selinux_context;
++ if (c[0] == '-') {
++ c++;
++ ignore = true;
++ } else
++ ignore = false;
++
++ err = setexeccon(c);
++ if (err < 0 && !ignore) {
+ r = EXIT_SELINUX_CONTEXT;
+ goto fail_child;
+ }
diff --git a/SOURCES/0288-core-store-and-expose-SELinuxContext-field-normalize.patch b/SOURCES/0288-core-store-and-expose-SELinuxContext-field-normalize.patch
new file mode 100644
index 0000000..3bf7ac7
--- /dev/null
+++ b/SOURCES/0288-core-store-and-expose-SELinuxContext-field-normalize.patch
@@ -0,0 +1,199 @@
+From f71db1f834f639a16a38e7314ba7ca0dd0d060d8 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 17 Feb 2014 16:52:52 +0100
+Subject: [PATCH] core: store and expose SELinuxContext field normalized as
+ bool + string
+
+Conflicts:
+ src/core/dbus-execute.c
+ src/core/execute.c
+ src/core/load-fragment.h
+
+(cherry picked from commit 5f8640fb628cb034981e02d741fd9ddf26fdf38d)
+
+Related: #1113790
+---
+ src/core/dbus-execute.c | 26 ++++++++++++++++++-
+ src/core/execute.c | 18 +++----------
+ src/core/execute.h | 1 +
+ src/core/load-fragment-gperf.gperf.m4 | 2 +-
+ src/core/load-fragment.c | 48 +++++++++++++++++++++++++++++++++++
+ src/core/load-fragment.h | 1 +
+ 6 files changed, 80 insertions(+), 16 deletions(-)
+
+diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
+index 97d75fa..8162f1c 100644
+--- a/src/core/dbus-execute.c
++++ b/src/core/dbus-execute.c
+@@ -372,6 +372,30 @@ static int bus_execute_append_syscall_filter(DBusMessageIter *i, const char *pro
+ return 0;
+ }
+
++static int bus_execute_append_selinux_context(DBusMessageIter *i, const char *property, void *data) {
++ ExecContext *c = data;
++ dbus_bool_t selinux_context_ignore;
++ const char *selinux_context = NULL;
++
++ assert(i);
++ assert(property);
++ assert(c);
++
++ selinux_context = c->selinux_context;
++ if (!selinux_context)
++ selinux_context = "";
++
++ selinux_context_ignore = c->selinux_context_ignore;
++
++ if (!dbus_message_iter_append_basic(i, DBUS_TYPE_BOOLEAN, &selinux_context_ignore))
++ return -ENOMEM;
++
++ if (!dbus_message_iter_append_basic(i, DBUS_TYPE_STRING, &selinux_context))
++ return -ENOMEM;
++
++ return 0;
++}
++
+ const BusProperty bus_exec_context_properties[] = {
+ { "Environment", bus_property_append_strv, "as", offsetof(ExecContext, environment), true },
+ { "EnvironmentFiles", bus_execute_append_env_files, "a(sb)", offsetof(ExecContext, environment_files), true },
+@@ -429,7 +453,7 @@ const BusProperty bus_exec_context_properties[] = {
+ { "PrivateNetwork", bus_property_append_bool, "b", offsetof(ExecContext, private_network) },
+ { "SameProcessGroup", bus_property_append_bool, "b", offsetof(ExecContext, same_pgrp) },
+ { "UtmpIdentifier", bus_property_append_string, "s", offsetof(ExecContext, utmp_id), true },
+- { "SELinuxContext", bus_property_append_string, "s", offsetof(ExecContext, selinux_context), true },
++ { "SELinuxContext", bus_execute_append_selinux_context, "(bs)", 0 },
+ { "IgnoreSIGPIPE", bus_property_append_bool, "b", offsetof(ExecContext, ignore_sigpipe) },
+ { "NoNewPrivileges", bus_property_append_bool, "b", offsetof(ExecContext, no_new_privileges) },
+ { "SystemCallFilter", bus_execute_append_syscall_filter, "au", 0 },
+diff --git a/src/core/execute.c b/src/core/execute.c
+index 9fc5090..a20301d 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1474,18 +1474,8 @@ int exec_spawn(ExecCommand *command,
+ }
+ #ifdef HAVE_SELINUX
+ if (context->selinux_context && use_selinux()) {
+- bool ignore;
+- char* c;
+-
+- c = context->selinux_context;
+- if (c[0] == '-') {
+- c++;
+- ignore = true;
+- } else
+- ignore = false;
+-
+- err = setexeccon(c);
+- if (err < 0 && !ignore) {
++ err = setexeccon(context->selinux_context);
++ if (err < 0 && !context->selinux_context_ignore) {
+ r = EXIT_SELINUX_CONTEXT;
+ goto fail_child;
+ }
+@@ -2097,8 +2087,8 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
+
+ if (c->selinux_context)
+ fprintf(f,
+- "%sSELinuxContext: %s\n",
+- prefix, c->selinux_context);
++ "%sSELinuxContext: %s%s\n",
++ prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
+
+ }
+
+diff --git a/src/core/execute.h b/src/core/execute.h
+index 92ac8dd..2452126 100644
+--- a/src/core/execute.h
++++ b/src/core/execute.h
+@@ -124,6 +124,7 @@ struct ExecContext {
+
+ char *utmp_id;
+
++ bool selinux_context_ignore;
+ char *selinux_context;
+
+ char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
+diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
+index 935f04e..759fbd8 100644
+--- a/src/core/load-fragment-gperf.gperf.m4
++++ b/src/core/load-fragment-gperf.gperf.m4
+@@ -76,7 +76,7 @@ $1.TCPWrapName, config_parse_unit_string_printf, 0,
+ $1.PAMName, config_parse_unit_string_printf, 0, offsetof($1, exec_context.pam_name)
+ $1.IgnoreSIGPIPE, config_parse_bool, 0, offsetof($1, exec_context.ignore_sigpipe)
+ $1.UtmpIdentifier, config_parse_unit_string_printf, 0, offsetof($1, exec_context.utmp_id)
+-$1.SELinuxContext, config_parse_unit_string_printf, 0, offsetof($1, exec_context.selinux_context)'
++$1.SELinuxContext, config_parse_exec_selinux_context, 0, offsetof($1, exec_context)'
+ )m4_dnl
+ m4_define(`KILL_CONTEXT_CONFIG_ITEMS',
+ `$1.SendSIGKILL, config_parse_bool, 0, offsetof($1, kill_context.send_sigkill)
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index f01843d..8e6e428 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -1139,6 +1139,54 @@ int config_parse_exec_mount_flags(const char *unit,
+ return 0;
+ }
+
++int config_parse_exec_selinux_context(
++ const char *unit,
++ const char *filename,
++ unsigned line,
++ const char *section,
++ const char *lvalue,
++ int ltype,
++ const char *rvalue,
++ void *data,
++ void *userdata) {
++
++ ExecContext *c = data;
++ Unit *u = userdata;
++ bool ignore;
++ char *k;
++ int r;
++
++ assert(filename);
++ assert(lvalue);
++ assert(rvalue);
++ assert(data);
++
++ if (isempty(rvalue)) {
++ free(c->selinux_context);
++ c->selinux_context = NULL;
++ c->selinux_context_ignore = false;
++ return 0;
++ }
++
++ if (rvalue[0] == '-') {
++ ignore = true;
++ rvalue++;
++ } else
++ ignore = false;
++
++ r = unit_name_printf(u, rvalue, &k);
++ if (r < 0) {
++ log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve specifiers, ignoring: %s", strerror(-r));
++ return 0;
++ }
++
++ free(c->selinux_context);
++ c->selinux_context = k;
++ c->selinux_context_ignore = ignore;
++
++ return 0;
++}
++
+ int config_parse_timer(const char *unit,
+ const char *filename,
+ unsigned line,
+diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
+index 90e5e3a..de48436 100644
+--- a/src/core/load-fragment.h
++++ b/src/core/load-fragment.h
+@@ -83,6 +83,7 @@ int config_parse_device_allow(const char *unit, const char *filename, unsigned l
+ int config_parse_blockio_weight(const char *unit, const char *filename, unsigned line, const char *section, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_blockio_device_weight(const char *unit, const char *filename, unsigned line, const char *section, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_blockio_bandwidth(const char *unit, const char *filename, unsigned line, const char *section, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
++int config_parse_exec_selinux_context(const char *unit, const char *filename, unsigned line, const char *section, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+ /* gperf prototypes */
+ const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, unsigned length);
diff --git a/SOURCES/0289-socket-introduce-SELinuxContextFromNet-option.patch b/SOURCES/0289-socket-introduce-SELinuxContextFromNet-option.patch
new file mode 100644
index 0000000..d1a60da
--- /dev/null
+++ b/SOURCES/0289-socket-introduce-SELinuxContextFromNet-option.patch
@@ -0,0 +1,431 @@
+From 98bb285648a68c89820fe7415737ee97da74ec69 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 24 Jul 2014 10:40:28 +0200
+Subject: [PATCH] socket: introduce SELinuxContextFromNet option
+
+This makes possible to spawn service instances triggered by socket with
+MLS/MCS SELinux labels which are created based on information provided by
+connected peer.
+
+Implementation of label_get_child_mls_label derived from xinetd.
+
+Reviewed-by: Paul Moore <pmoore@redhat.com>
+
+Resolves: #1113790
+---
+ man/systemd.socket.xml | 26 ++++++++
+ src/core/execute.c | 30 +++++++--
+ src/core/execute.h | 1 +
+ src/core/load-fragment-gperf.gperf.m4 | 1 +
+ src/core/mount.c | 1 +
+ src/core/service.c | 4 +-
+ src/core/service.h | 3 +-
+ src/core/socket.c | 16 +++--
+ src/core/socket.h | 2 +
+ src/core/swap.c | 1 +
+ src/shared/label.c | 113 ++++++++++++++++++++++++++++++++++
+ src/shared/label.h | 2 +
+ 12 files changed, 189 insertions(+), 11 deletions(-)
+
+diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
+index d146b3b..75ba15f 100644
+--- a/man/systemd.socket.xml
++++ b/man/systemd.socket.xml
+@@ -585,6 +585,32 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term><varname>SELinuxContextFromNet=</varname></term>
++ <listitem><para>Takes a boolean
++ argument. When true systemd will attempt
++ to figure out the SELinux label used
++ for the instantiated service from the
++ information handed by the peer over the
++ network. Note that only the security
++ level is used from the information
++ provided by the peer. Other parts of
++ the resulting SELinux context originate
++ from either the target binary that is
++ effectively triggered by socket unit
++ are taken from the value of the
++ <varname>SELinuxContext=</varname>
++ option.This configuration option only
++ affects sockets with
++ <varname>Accept=</varname> mode set to
++ <literal>true</literal>. Also note that
++ this option is useful only when
++ MLS/MCS SELinux policy is
++ deployed. Defaults to
++ <literal>false</literal>.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term><varname>PipeSize=</varname></term>
+ <listitem><para>Takes an integer
+ value. Controls the pipe buffer size
+diff --git a/src/core/execute.c b/src/core/execute.c
+index a20301d..0894156 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -73,6 +73,7 @@
+ #include "unit.h"
+ #include "async.h"
+ #include "selinux-util.h"
++#include "label.h"
+
+ #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
+ #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
+@@ -1038,6 +1039,7 @@ int exec_spawn(ExecCommand *command,
+ bool apply_chroot,
+ bool apply_tty_stdin,
+ bool confirm_spawn,
++ bool selinux_context_net,
+ CGroupControllerMask cgroup_supported,
+ const char *cgroup_path,
+ const char *unit_id,
+@@ -1473,11 +1475,29 @@ int exec_spawn(ExecCommand *command,
+ }
+ }
+ #ifdef HAVE_SELINUX
+- if (context->selinux_context && use_selinux()) {
+- err = setexeccon(context->selinux_context);
+- if (err < 0 && !context->selinux_context_ignore) {
+- r = EXIT_SELINUX_CONTEXT;
+- goto fail_child;
++ if (use_selinux()) {
++ if (context->selinux_context) {
++ err = setexeccon(context->selinux_context);
++ if (err < 0 && !context->selinux_context_ignore) {
++ r = EXIT_SELINUX_CONTEXT;
++ goto fail_child;
++ }
++ }
++
++ if (selinux_context_net && socket_fd >= 0) {
++ _cleanup_free_ char *label = NULL;
++
++ err = label_get_child_mls_label(socket_fd, command->path, &label);
++ if (err < 0) {
++ r = EXIT_SELINUX_CONTEXT;
++ goto fail_child;
++ }
++
++ err = setexeccon(label);
++ if (err < 0) {
++ r = EXIT_SELINUX_CONTEXT;
++ goto fail_child;
++ }
+ }
+ }
+ #endif
+diff --git a/src/core/execute.h b/src/core/execute.h
+index 2452126..5055890 100644
+--- a/src/core/execute.h
++++ b/src/core/execute.h
+@@ -174,6 +174,7 @@ int exec_spawn(ExecCommand *command,
+ bool apply_chroot,
+ bool apply_tty_stdin,
+ bool confirm_spawn,
++ bool selinux_context_net,
+ CGroupControllerMask cgroup_mask,
+ const char *cgroup_path,
+ const char *unit_id,
+diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
+index 759fbd8..ee7cd5d 100644
+--- a/src/core/load-fragment-gperf.gperf.m4
++++ b/src/core/load-fragment-gperf.gperf.m4
+@@ -221,6 +221,7 @@ Socket.Service, config_parse_socket_service, 0,
+ Socket.SmackLabel, config_parse_string, 0, offsetof(Socket, smack)
+ Socket.SmackLabelIPIn, config_parse_string, 0, offsetof(Socket, smack_ip_in)
+ Socket.SmackLabelIPOut, config_parse_string, 0, offsetof(Socket, smack_ip_out)
++Socket.SELinuxContextFromNet, config_parse_bool, 0, offsetof(Socket, selinux_context_from_net),
+ EXEC_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl
+ CGROUP_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl
+ KILL_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 3672338..bbceb92 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -791,6 +791,7 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
+ true,
+ true,
+ UNIT(m)->manager->confirm_spawn,
++ false,
+ UNIT(m)->manager->cgroup_supported,
+ UNIT(m)->cgroup_path,
+ UNIT(m)->id,
+diff --git a/src/core/service.c b/src/core/service.c
+index 4366e1b..7ef2b3a 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -1867,6 +1867,7 @@ static int service_spawn(
+ apply_chroot,
+ apply_tty_stdin,
+ UNIT(s)->manager->confirm_spawn,
++ false,
+ UNIT(s)->manager->cgroup_supported,
+ path,
+ UNIT(s)->id,
+@@ -3806,7 +3807,7 @@ static void service_bus_query_pid_done(
+ }
+ }
+
+-int service_set_socket_fd(Service *s, int fd, Socket *sock) {
++int service_set_socket_fd(Service *s, int fd, Socket *sock, bool selinux_context_net) {
+
+ assert(s);
+ assert(fd >= 0);
+@@ -3825,6 +3826,7 @@ int service_set_socket_fd(Service *s, int fd, Socket *sock) {
+ return -EAGAIN;
+
+ s->socket_fd = fd;
++ s->socket_fd_selinux_context_net = selinux_context_net;
+ s->got_socket_fd = true;
+
+ unit_ref_set(&s->accept_socket, UNIT(sock));
+diff --git a/src/core/service.h b/src/core/service.h
+index fa4ef2b..24e6b4e 100644
+--- a/src/core/service.h
++++ b/src/core/service.h
+@@ -156,6 +156,7 @@ struct Service {
+
+ pid_t main_pid, control_pid;
+ int socket_fd;
++ bool socket_fd_selinux_context_net;
+
+ int fsck_passno;
+
+@@ -204,7 +205,7 @@ extern const UnitVTable service_vtable;
+
+ struct Socket;
+
+-int service_set_socket_fd(Service *s, int fd, struct Socket *socket);
++int service_set_socket_fd(Service *s, int fd, struct Socket *socket, bool selinux_context_net);
+
+ const char* service_state_to_string(ServiceState i) _const_;
+ ServiceState service_state_from_string(const char *s) _pure_;
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 32e0d35..35fc204 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -431,7 +431,8 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
+ "%sBroadcast: %s\n"
+ "%sPassCredentials: %s\n"
+ "%sPassSecurity: %s\n"
+- "%sTCPCongestion: %s\n",
++ "%sTCPCongestion: %s\n"
++ "%sSELinuxContextFromNet: %s\n",
+ prefix, socket_state_to_string(s->state),
+ prefix, socket_result_to_string(s->result),
+ prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
+@@ -444,7 +445,8 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
+ prefix, yes_no(s->broadcast),
+ prefix, yes_no(s->pass_cred),
+ prefix, yes_no(s->pass_sec),
+- prefix, strna(s->tcp_congestion));
++ prefix, strna(s->tcp_congestion),
++ prefix, yes_no(s->selinux_context_from_net));
+
+ if (s->control_pid > 0)
+ fprintf(f,
+@@ -994,7 +996,12 @@ static int socket_open_fds(Socket *s) {
+
+ if (p->type == SOCKET_SOCKET) {
+
+- if (!know_label) {
++ if (!know_label && s->selinux_context_from_net) {
++ r = label_get_our_label(&label);
++ if (r < 0)
++ return r;
++ know_label = true;
++ } else if (!know_label) {
+
+ if ((r = socket_instantiate_service(s)) < 0)
+ return r;
+@@ -1227,6 +1234,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
+ true,
+ true,
+ UNIT(s)->manager->confirm_spawn,
++ s->selinux_context_from_net,
+ UNIT(s)->manager->cgroup_supported,
+ UNIT(s)->cgroup_path,
+ UNIT(s)->id,
+@@ -1666,7 +1674,7 @@ static void socket_enter_running(Socket *s, int cfd) {
+ unit_choose_id(UNIT(service), name);
+ free(name);
+
+- r = service_set_socket_fd(service, cfd, s);
++ r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
+ if (r < 0)
+ goto fail;
+
+diff --git a/src/core/socket.h b/src/core/socket.h
+index 6a24883..ddddf4c 100644
+--- a/src/core/socket.h
++++ b/src/core/socket.h
+@@ -154,6 +154,8 @@ struct Socket {
+ char *smack_ip_in;
+ char *smack_ip_out;
+
++ bool selinux_context_from_net;
++
+ char *user;
+ char *group;
+ };
+diff --git a/src/core/swap.c b/src/core/swap.c
+index 727bb95..b72034f 100644
+--- a/src/core/swap.c
++++ b/src/core/swap.c
+@@ -589,6 +589,7 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) {
+ true,
+ true,
+ UNIT(s)->manager->confirm_spawn,
++ false,
+ UNIT(s)->manager->cgroup_supported,
+ UNIT(s)->cgroup_path,
+ UNIT(s)->id,
+diff --git a/src/shared/label.c b/src/shared/label.c
+index fde39f2..4dab93e 100644
+--- a/src/shared/label.c
++++ b/src/shared/label.c
+@@ -38,6 +38,13 @@
+ #include "selinux-util.h"
+ #include <selinux/selinux.h>
+ #include <selinux/label.h>
++#include <selinux/context.h>
++
++define_trivial_cleanup_func(security_context_t, freecon);
++define_trivial_cleanup_func(context_t, context_free);
++
++#define _cleanup_security_context_free_ _cleanup_(freeconp)
++#define _cleanup_context_free_ _cleanup_(context_freep)
+
+ static struct selabel_handle *label_hnd = NULL;
+
+@@ -180,6 +187,112 @@ fail:
+ return r;
+ }
+
++int label_get_our_label(char **label) {
++ int r = -EOPNOTSUPP;
++ char *l = NULL;
++
++#ifdef HAVE_SELINUX
++ r = getcon(&l);
++ if (r < 0)
++ return r;
++
++ *label = l;
++#endif
++
++ return r;
++}
++
++int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
++ int r = -EOPNOTSUPP;
++
++#ifdef HAVE_SELINUX
++
++ _cleanup_security_context_free_ security_context_t mycon = NULL, peercon = NULL, fcon = NULL, ret = NULL;
++ _cleanup_context_free_ context_t pcon = NULL, bcon = NULL;
++ security_class_t sclass;
++
++ const char *range = NULL;
++
++ assert(socket_fd >= 0);
++ assert(exe);
++ assert(label);
++
++ r = getcon(&mycon);
++ if (r < 0) {
++ r = -EINVAL;
++ goto out;
++ }
++
++ r = getpeercon(socket_fd, &peercon);
++ if (r < 0) {
++ r = -EINVAL;
++ goto out;
++ }
++
++ r = getexeccon(&fcon);
++ if (r < 0) {
++ r = -EINVAL;
++ goto out;
++ }
++
++ if (!fcon) {
++ /* If there is no context set for next exec let's use context
++ of target executable */
++ r = getfilecon(exe, &fcon);
++ if (r < 0) {
++ r = -errno;
++ goto out;
++ }
++ }
++
++ bcon = context_new(mycon);
++ if (!bcon) {
++ r = -ENOMEM;
++ goto out;
++ }
++
++ pcon = context_new(peercon);
++ if (!pcon) {
++ r = -ENOMEM;
++ goto out;
++ }
++
++ range = context_range_get(pcon);
++ if (!range) {
++ r = -errno;
++ goto out;
++ }
++
++ r = context_range_set(bcon, range);
++ if (r) {
++ r = -errno;
++ goto out;
++ }
++
++ freecon(mycon);
++ mycon = context_str(bcon);
++ if (!mycon) {
++ r = -errno;
++ goto out;
++ }
++
++ sclass = string_to_security_class("process");
++ r = security_compute_create(mycon, fcon, sclass, &ret);
++ if (r < 0) {
++ r = -EINVAL;
++ goto out;
++ }
++
++ *label = ret;
++ r = 0;
++
++out:
++ if (r < 0 && security_getenforce() == 1)
++ return r;
++#endif
++ return r;
++}
++
+ int label_context_set(const char *path, mode_t mode) {
+ int r = 0;
+
+diff --git a/src/shared/label.h b/src/shared/label.h
+index 09e15e3..d8a281c 100644
+--- a/src/shared/label.h
++++ b/src/shared/label.h
+@@ -39,6 +39,8 @@ void label_context_clear(void);
+ void label_free(const char *label);
+
+ int label_get_create_label_from_exe(const char *exe, char **label);
++int label_get_our_label(char **label);
++int label_get_child_mls_label(int socket_fd, const char *exec, char **label);
+
+ int label_mkdir(const char *path, mode_t mode);
+
diff --git a/SOURCES/0290-sysctl-make-prefix-allow-all-kinds-of-sysctl-paths.patch b/SOURCES/0290-sysctl-make-prefix-allow-all-kinds-of-sysctl-paths.patch
new file mode 100644
index 0000000..943dccf
--- /dev/null
+++ b/SOURCES/0290-sysctl-make-prefix-allow-all-kinds-of-sysctl-paths.patch
@@ -0,0 +1,101 @@
+From 5024f01fec5e6c8fd05ca5451176878084e3f18f Mon Sep 17 00:00:00 2001
+From: David Herrmann <dh.herrmann@gmail.com>
+Date: Wed, 17 Sep 2014 09:06:49 +0200
+Subject: [PATCH] sysctl: make --prefix allow all kinds of sysctl paths
+
+Currently, we save arguments passed as --prefix directly and compare them
+later to absolute sysctl file-system paths. That is, you are required to
+specify arguments to --prefix with leading /proc/sys/. This is kinda
+uselesss. Furthermore, we replace dots by slashes in the name, which makes
+it impossible to match on specific sysfs paths that have dots in their
+name (like netdev names). The intention of this argument is clear, but it
+never worked as expected.
+
+This patch modifies --prefix to accept any kind of sysctl paths. It
+supports paths prefixed with /proc/sys for compatibility (but drops the
+erroneous dot->slash conversion), but instead applies normalize_sysctl()
+which turns any name or path into a proper path. It then appends
+/proc/sys/ so we can properly use it in matches.
+
+Thanks to Jan Synacek <jsynacek@redhat.com> for catching this!
+
+Conflicts:
+ src/sysctl/sysctl.c
+
+(cherry picked from commit 0e1f579227b08832437a7ac2227c7e4007a89d23)
+
+Resolves: #1138591
+---
+ src/sysctl/sysctl.c | 40 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
+index a9d4d53..d6f48dd 100644
+--- a/src/sysctl/sysctl.c
++++ b/src/sysctl/sysctl.c
+@@ -51,9 +51,23 @@ static const char conf_file_dirs[] =
+ static char *normalize_sysctl(char *s) {
+ char *n;
+
+- for (n = s; *n; n++)
++ n = strpbrk(s, "/.");
++ /* If the first separator is a slash, the path is
++ * assumed to be normalized and slashes remain slashes
++ * and dots remains dots. */
++ if (!n || *n == '/')
++ return s;
++
++ /* Otherwise, dots become slashes and slashes become
++ * dots. Fun. */
++ while (n) {
+ if (*n == '.')
+ *n = '/';
++ else
++ *n = '.';
++
++ n = strpbrk(n + 1, "/.");
++ }
+
+ return s;
+ }
+@@ -205,7 +219,7 @@ static int help(void) {
+ printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
+ "Applies kernel sysctl settings.\n\n"
+ " -h --help Show this help\n"
+- " --prefix=PATH Only apply rules that apply to paths with the specified prefix\n",
++ " --prefix=PATH Only apply rules with the specified prefix\n",
+ program_invocation_short_name);
+
+ return 0;
+@@ -238,18 +252,22 @@ static int parse_argv(int argc, char *argv[]) {
+
+ case ARG_PREFIX: {
+ char *p;
+- char **l;
+
+- for (p = optarg; *p; p++)
+- if (*p == '.')
+- *p = '/';
+-
+- l = strv_append(arg_prefixes, optarg);
+- if (!l)
++ /* We used to require people to specify absolute paths
++ * in /proc/sys in the past. This is kinda useless, but
++ * we need to keep compatibility. We now support any
++ * sysctl name available. */
++ normalize_sysctl(optarg);
++ if (startswith(optarg, "/proc/sys"))
++ p = strdup(optarg);
++ else
++ p = strappend("/proc/sys/", optarg);
++
++ if (!p)
+ return log_oom();
+
+- strv_free(arg_prefixes);
+- arg_prefixes = l;
++ if (strv_push(&arg_prefixes, p) < 0)
++ return log_oom();
+
+ break;
+ }
diff --git a/SOURCES/0291-core-make-sure-to-serialize-jobs-for-all-units.patch b/SOURCES/0291-core-make-sure-to-serialize-jobs-for-all-units.patch
new file mode 100644
index 0000000..b3b713e
--- /dev/null
+++ b/SOURCES/0291-core-make-sure-to-serialize-jobs-for-all-units.patch
@@ -0,0 +1,112 @@
+From bbfce083901a7c7b0ca93297453796c2183a237d Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 16 May 2014 01:15:03 +0200
+Subject: [PATCH] core: make sure to serialize jobs for all units
+
+Previously we wouldn't serialize jobs for units that themselves have
+nothing to serialize.
+
+http://lists.freedesktop.org/archives/systemd-devel/2014-May/019051.html
+
+Conflicts:
+ src/core/unit.c
+
+(cherry-picked from 9bdb98c59451ed090f8d35d470a54710f389ce71)
+
+Related: #1138546
+---
+ src/core/manager.c | 3 ---
+ src/core/unit.c | 45 +++++++++++++++++++++------------------------
+ 2 files changed, 21 insertions(+), 27 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index a2810b4..4ad26e1 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -2169,9 +2169,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
+ if (u->id != t)
+ continue;
+
+- if (!unit_can_serialize(u))
+- continue;
+-
+ /* Start marker */
+ fputs(u->id, f);
+ fputc('\n', f);
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 17792d1..855e135 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -2296,24 +2296,10 @@ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
+ assert(f);
+ assert(fds);
+
+- if (!unit_can_serialize(u))
+- return 0;
+-
+- r = UNIT_VTABLE(u)->serialize(u, f, fds);
+- if (r < 0)
+- return r;
+-
+-
+- if (serialize_jobs) {
+- if (u->job) {
+- fprintf(f, "job\n");
+- job_serialize(u->job, f, fds);
+- }
+-
+- if (u->nop_job) {
+- fprintf(f, "job\n");
+- job_serialize(u->nop_job, f, fds);
+- }
++ if (unit_can_serialize(u)) {
++ r = UNIT_VTABLE(u)->serialize(u, f, fds);
++ if (r < 0)
++ return r;
+ }
+
+ dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp);
+@@ -2330,6 +2316,18 @@ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
+ if (u->cgroup_path)
+ unit_serialize_item(u, f, "cgroup", u->cgroup_path);
+
++ if (serialize_jobs) {
++ if (u->job) {
++ fprintf(f, "job\n");
++ job_serialize(u->job, f, fds);
++ }
++
++ if (u->nop_job) {
++ fprintf(f, "job\n");
++ job_serialize(u->nop_job, f, fds);
++ }
++ }
++
+ /* End marker */
+ fputc('\n', f);
+ return 0;
+@@ -2369,9 +2367,6 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
+ assert(f);
+ assert(fds);
+
+- if (!unit_can_serialize(u))
+- return 0;
+-
+ for (;;) {
+ char line[LINE_MAX], *l, *v;
+ size_t k;
+@@ -2484,9 +2479,11 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
+ continue;
+ }
+
+- r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
+- if (r < 0)
+- return r;
++ if (unit_can_serialize(u)) {
++ r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
++ if (r < 0)
++ return r;
++ }
+ }
+ }
+
diff --git a/SOURCES/0292-man-mention-localectl-in-locale.conf.patch b/SOURCES/0292-man-mention-localectl-in-locale.conf.patch
new file mode 100644
index 0000000..7ae99b0
--- /dev/null
+++ b/SOURCES/0292-man-mention-localectl-in-locale.conf.patch
@@ -0,0 +1,35 @@
+From 6c3574cb20ee440a2293a64ef140dc0d073a93a5 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Thu, 18 Sep 2014 14:13:31 +0200
+Subject: [PATCH] man: mention localectl in locale.conf
+
+rhel-only (in other patch in upstream)
+
+Resolves: #1049286
+---
+ man/locale.conf.xml | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/man/locale.conf.xml b/man/locale.conf.xml
+index e970921..408f18f 100644
+--- a/man/locale.conf.xml
++++ b/man/locale.conf.xml
+@@ -96,6 +96,10 @@
+ configuration files might be checked for locale
+ configuration as well, however only as
+ fallback.</para>
++
++ <para><citerefentry><refentrytitle>localectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
++ may be used to alter the settings in this file during
++ runtime from the command line.</para>
+ </refsect1>
+
+ <refsect1>
+@@ -142,6 +146,7 @@ LC_MESSAGES=en_US.UTF-8</programlisting>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>locale</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
++ <citerefentry><refentrytitle>localectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-localed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>
diff --git a/SOURCES/0293-rules-automatically-online-hot-added-CPUs.patch b/SOURCES/0293-rules-automatically-online-hot-added-CPUs.patch
new file mode 100644
index 0000000..29beacc
--- /dev/null
+++ b/SOURCES/0293-rules-automatically-online-hot-added-CPUs.patch
@@ -0,0 +1,37 @@
+From fa5a7d49ecbe40e2e33f1d165a4522d9b4315531 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 22 Sep 2014 07:41:06 +0200
+Subject: [PATCH] rules: automatically online hot-added CPUs
+
+RHEL-only patch
+
+Resolves: #968811
+---
+ Makefile.am | 3 ++-
+ rules/40-redhat.rules | 3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+ create mode 100644 rules/40-redhat.rules
+
+diff --git a/Makefile.am b/Makefile.am
+index 30ab13c..54941c0 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2220,7 +2220,8 @@ dist_udevrules_DATA += \
+ rules/75-tty-description.rules \
+ rules/78-sound-card.rules \
+ rules/80-net-name-slot.rules \
+- rules/95-udev-late.rules
++ rules/95-udev-late.rules \
++ rules/40-redhat.rules
+
+ dist_udevhwdb_DATA = \
+ hwdb/20-pci-vendor-model.hwdb \
+diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
+new file mode 100644
+index 0000000..2b494e5
+--- /dev/null
++++ b/rules/40-redhat.rules
+@@ -0,0 +1,3 @@
++# do not edit this file, it will be overwritten on update
++
++SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
diff --git a/SOURCES/0294-rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch b/SOURCES/0294-rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch
new file mode 100644
index 0000000..5168276
--- /dev/null
+++ b/SOURCES/0294-rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch
@@ -0,0 +1,41 @@
+From eb8c33c65906ba721c6becb4053b8e0b56447aec Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 22 Sep 2014 07:53:52 +0200
+Subject: [PATCH] rules: add rule for naming Dell iDRAC USB Virtual NIC as
+ 'idrac'
+
+RHEL-only patch
+
+Resolves: #1054477
+---
+ Makefile.am | 3 ++-
+ rules/73-idrac.rules | 6 ++++++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+ create mode 100644 rules/73-idrac.rules
+
+diff --git a/Makefile.am b/Makefile.am
+index 54941c0..d54a556 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2221,7 +2221,8 @@ dist_udevrules_DATA += \
+ rules/78-sound-card.rules \
+ rules/80-net-name-slot.rules \
+ rules/95-udev-late.rules \
+- rules/40-redhat.rules
++ rules/40-redhat.rules \
++ rules/73-idrac.rules
+
+ dist_udevhwdb_DATA = \
+ hwdb/20-pci-vendor-model.hwdb \
+diff --git a/rules/73-idrac.rules b/rules/73-idrac.rules
+new file mode 100644
+index 0000000..d67fc42
+--- /dev/null
++++ b/rules/73-idrac.rules
+@@ -0,0 +1,6 @@
++# do not edit this file, it will be overwritten on update
++
++# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
++# with terminates in the iDRAC. Help identify this with 'idrac'
++
++ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac"
diff --git a/SOURCES/0295-bash-completion-add-verb-set-property.patch b/SOURCES/0295-bash-completion-add-verb-set-property.patch
new file mode 100644
index 0000000..1fbd4e9
--- /dev/null
+++ b/SOURCES/0295-bash-completion-add-verb-set-property.patch
@@ -0,0 +1,54 @@
+From 233b0373a3d75e277ad5a232a65567395da57f0e Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Tue, 23 Sep 2014 14:59:11 +0200
+Subject: [PATCH] bash-completion: add verb set-property
+
+Resolves: #1064487
+---
+ shell-completion/bash/systemctl | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/shell-completion/bash/systemctl b/shell-completion/bash/systemctl
+index 84149e3..efe8485 100644
+--- a/shell-completion/bash/systemctl
++++ b/shell-completion/bash/systemctl
+@@ -25,7 +25,7 @@ __systemctl() {
+ __systemd_properties() {
+ local mode=$1
+ { __systemctl -a $mode show;
+- systemd --dump-configuration-items; } |
++ /usr/lib/systemd/systemd --dump-configuration-items; } |
+ while IFS='=' read -r key value; do
+ [[ $value ]] && echo "$key"
+ done
+@@ -77,6 +77,8 @@ _systemctl () {
+ [ARG]='--host -H --kill-mode --kill-who --property -p --signal -s --type -t --state --root'
+ )
+
++ local -A PROPS='CPUAccounting= MemoryAccounting= BlockIOAccounting= MemoryLimit= CPUShares= BlockIOWeight= DevicePolicy= DeviceAllow= BlockIOReadBandwidth= BlockIOWriteBandwidth= BlockIODeviceWeight='
++
+ if __contains_word "--user" ${COMP_WORDS[*]}; then
+ mode=--user
+ else
+@@ -136,6 +138,7 @@ _systemctl () {
+ [MASKED_UNITS]='unmask'
+ [JOBS]='cancel'
+ [SNAPSHOTS]='delete'
++ [PROPERTIES]='set-property'
+ [ENVS]='set-environment unset-environment'
+ [STANDALONE]='daemon-reexec daemon-reload default
+ emergency exit halt hibernate hybrid-sleep kexec list-jobs
+@@ -220,6 +223,13 @@ _systemctl () {
+ elif __contains_word "$verb" ${VERBS[TARGETS]}; then
+ comps=$( __systemctl $mode list-unit-files --type target --full --all \
+ | { while read -r a b; do echo " $a"; done; } )
++ elif __contains_word "$verb" ${VERBS[PROPERTIES]}; then
++ if __contains_word "$prev" ${VERBS[PROPERTIES]}; then
++ comps=$( __get_active_units $mode )
++ else
++ comps=$PROPS
++ compopt -o nospace
++ fi
+ fi
+
+ COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
diff --git a/SOURCES/0296-man-update-journald-rate-limit-defaults.patch b/SOURCES/0296-man-update-journald-rate-limit-defaults.patch
new file mode 100644
index 0000000..40d490d
--- /dev/null
+++ b/SOURCES/0296-man-update-journald-rate-limit-defaults.patch
@@ -0,0 +1,29 @@
+From e11d039c50d13ac638c2ef77285af3543805a2f2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com>
+Date: Wed, 30 Apr 2014 19:53:13 +0300
+Subject: [PATCH] man: update journald rate limit defaults
+
+This brings the man page back into sync with the actual code.
+
+(cherry picked from commit 8f18f550e7023948f199616fdfbb0f09711fd615)
+
+Resolves: #1145352
+---
+ man/journald.conf.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/journald.conf.xml b/man/journald.conf.xml
+index b362c5d..87e13b2 100644
+--- a/man/journald.conf.xml
++++ b/man/journald.conf.xml
+@@ -190,8 +190,8 @@
+ limiting is applied per-service, so
+ that two services which log do not
+ interfere with each other's
+- limits. Defaults to 200 messages in
+- 10s. The time specification for
++ limits. Defaults to 1000 messages in
++ 30s. The time specification for
+ <varname>RateLimitInterval=</varname>
+ may be specified in the following
+ units: <literal>s</literal>,
diff --git a/SOURCES/0297-core-don-t-try-to-connect-to-d-bus-after-switchroot.patch b/SOURCES/0297-core-don-t-try-to-connect-to-d-bus-after-switchroot.patch
new file mode 100644
index 0000000..d585e6b
--- /dev/null
+++ b/SOURCES/0297-core-don-t-try-to-connect-to-d-bus-after-switchroot.patch
@@ -0,0 +1,25 @@
+From 376c59b17a8d90b623533f639c2045276d1009d7 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Wed, 24 Sep 2014 13:20:29 +0200
+Subject: [PATCH] core: don't try to connect to d-bus after switchroot
+
+rhel-only
+
+Resolves: #1083300
+---
+ src/core/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index afd5f6f..d4bf8ba 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -1543,7 +1543,7 @@ int main(int argc, char *argv[]) {
+ if (arg_running_as == SYSTEMD_SYSTEM)
+ bump_rlimit_nofile(&saved_rlimit_nofile);
+
+- r = manager_new(arg_running_as, !!serialization, &m);
++ r = manager_new(arg_running_as, !!serialization && !arg_switched_root, &m);
+ if (r < 0) {
+ log_error("Failed to allocate manager object: %s", strerror(-r));
+ goto finish;
diff --git a/SOURCES/0298-localed-log-locale-keymap-changes-in-detail.patch b/SOURCES/0298-localed-log-locale-keymap-changes-in-detail.patch
new file mode 100644
index 0000000..d5ed8ac
--- /dev/null
+++ b/SOURCES/0298-localed-log-locale-keymap-changes-in-detail.patch
@@ -0,0 +1,244 @@
+From d522b56345f2fe53a5ccac396c669d8f74088a6b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 3 Sep 2014 22:55:16 -0400
+Subject: [PATCH] localed: log locale/keymap changes in detail
+
+Converting X11 to legacy keymaps and back is a fucking mess. Let's
+make it at least possible to request detailed logs of what is being
+changed and why (LOG_DEBUG level).
+
+At LOG_INFO level, we would log the requested change of X11 or console
+keymap, but not the resulting change after conversion to console or X11.
+Make sure that every change of configuration on disk has a matching
+line in the logs.
+
+Conflicts:
+ src/locale/localed.c
+
+(cherry picked from commit 502f961425f9dea1a85239766a3189695194da63)
+
+Related: #1109145
+---
+ src/locale/localed.c | 84 ++++++++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 61 insertions(+), 23 deletions(-)
+
+diff --git a/src/locale/localed.c b/src/locale/localed.c
+index a93b309..c22e12d 100644
+--- a/src/locale/localed.c
++++ b/src/locale/localed.c
+@@ -337,9 +337,11 @@ static int read_data(void) {
+ return r < 0 ? r : q < 0 ? q : p;
+ }
+
+-static int write_data_locale(void) {
++static int write_data_locale(char ***settings) {
+ int r, p;
+- char **l = NULL;
++ _cleanup_strv_free_ char **l = NULL;
++
++ /* Set values will be returned as strv in *settings on success. */
+
+ r = load_env_file("/etc/locale.conf", NULL, &l);
+ if (r < 0 && r != -ENOENT)
+@@ -355,14 +357,12 @@ static int write_data_locale(void) {
+ continue;
+ }
+
+- if (asprintf(&t, "%s=%s", names[p], data[p]) < 0) {
+- strv_free(l);
++ if (asprintf(&t, "%s=%s", names[p], data[p]) < 0)
+ return -ENOMEM;
+- }
++
+
+ u = strv_env_set(l, t);
+ free(t);
+- strv_free(l);
+
+ if (!u)
+ return -ENOMEM;
+@@ -371,8 +371,6 @@ static int write_data_locale(void) {
+ }
+
+ if (strv_isempty(l)) {
+- strv_free(l);
+-
+ if (unlink("/etc/locale.conf") < 0)
+ return errno == ENOENT ? 0 : -errno;
+
+@@ -380,7 +378,11 @@ static int write_data_locale(void) {
+ }
+
+ r = write_env_file_label("/etc/locale.conf", l);
+- strv_free(l);
++ if (r < 0)
++ return r;
++
++ *settings = l;
++ l = NULL;
+
+ return r;
+ }
+@@ -771,6 +773,12 @@ static int convert_vconsole_to_x11(DBusConnection *connection) {
+ if (r < 0)
+ log_error("Failed to set X11 keyboard layout: %s", strerror(-r));
+
++ log_info("Changed X11 keyboard layout to '%s' model '%s' variant '%s' options '%s'",
++ strempty(state.x11_layout),
++ strempty(state.x11_model),
++ strempty(state.x11_variant),
++ strempty(state.x11_options));
++
+ changed = bus_properties_changed_new(
+ "/org/freedesktop/locale1",
+ "org.freedesktop.locale1",
+@@ -787,7 +795,8 @@ static int convert_vconsole_to_x11(DBusConnection *connection) {
+
+ if (!b)
+ return -ENOMEM;
+- }
++ } else
++ log_debug("X11 keyboard layout was not modified.");
+
+ return 0;
+ }
+@@ -805,13 +814,18 @@ static int find_converted_keymap(char **new_keymap) {
+
+ NULSTR_FOREACH(dir, KBD_KEYMAP_DIRS) {
+ _cleanup_free_ char *p = NULL, *pz = NULL;
++ bool uncompressed;
+
+ p = strjoin(dir, "xkb/", n, ".map", NULL);
+ pz = strjoin(dir, "xkb/", n, ".map.gz", NULL);
+ if (!p || !pz)
+ return -ENOMEM;
+
+- if (access(p, F_OK) == 0 || access(pz, F_OK) == 0) {
++ uncompressed = access(p, F_OK) == 0;
++ if (uncompressed || access(pz, F_OK) == 0) {
++ log_debug("Found converted keymap %s at %s",
++ n, uncompressed ? p : pz);
++
+ *new_keymap = n;
+ n = NULL;
+ return 1;
+@@ -885,13 +899,19 @@ static int find_legacy_keymap(char **new_keymap) {
+ }
+
+ /* The best matching entry so far, then let's save that */
+- if (matching > best_matching) {
+- best_matching = matching;
++ if (matching >= MAX(best_matching, 1u)) {
++ log_debug("Found legacy keymap %s with score %u",
++ a[0], matching);
+
+- free(*new_keymap);
+- *new_keymap = strdup(a[0]);
+- if (!*new_keymap)
+- return -ENOMEM;
++ if (matching > best_matching) {
++ best_matching = matching;
++
++ free(*new_keymap);
++ *new_keymap = strdup(a[0]);
++
++ if (!*new_keymap)
++ return -ENOMEM;
++ }
+ }
+ }
+
+@@ -943,6 +963,9 @@ static int convert_x11_to_vconsole(DBusConnection *connection) {
+ if (r < 0)
+ log_error("Failed to set virtual console keymap: %s", strerror(-r));
+
++ log_info("Changed virtual console keymap to '%s' toggle '%s'",
++ strempty(state.vc_keymap), strempty(state.vc_keymap_toggle));
++
+ changed = bus_properties_changed_new(
+ "/org/freedesktop/locale1",
+ "org.freedesktop.locale1",
+@@ -959,7 +982,8 @@ static int convert_x11_to_vconsole(DBusConnection *connection) {
+ return -ENOMEM;
+
+ return load_vconsole_keymap(connection, NULL);
+- }
++ } else
++ log_debug("Virtual console keymap was not modified.");
+
+ return 0;
+ }
+@@ -968,6 +992,7 @@ static int append_locale(DBusMessageIter *i, const char *property, void *userdat
+ int r, c = 0, p;
+ char **l;
+
++ /* Check whether a variable changed and if it is valid */
+ l = new0(char*, _PROP_MAX+1);
+ if (!l)
+ return -ENOMEM;
+@@ -1086,6 +1111,7 @@ static DBusHandlerResult locale_message_handler(
+ }
+
+ if (modified) {
++ _cleanup_strv_free_ char **settings = NULL;
+
+ r = verify_polkit(connection, message, "org.freedesktop.locale1.set-locale", interactive, NULL, &error);
+ if (r < 0) {
+@@ -1127,7 +1153,7 @@ static DBusHandlerResult locale_message_handler(
+
+ simplify();
+
+- r = write_data_locale();
++ r = write_data_locale(&settings);
+ if (r < 0) {
+ log_error("Failed to set locale: %s", strerror(-r));
+ return bus_send_error_reply(connection, message, NULL, r);
+@@ -1135,7 +1161,13 @@ static DBusHandlerResult locale_message_handler(
+
+ push_data(connection);
+
+- log_info("Changed locale information.");
++ if (settings) {
++ _cleanup_free_ char *line;
++
++ line = strv_join(settings, ", ");
++ log_info("Changed locale to %s.", strnull(line));
++ } else
++ log_info("Changed locale to unset.");
+
+ changed = bus_properties_changed_new(
+ "/org/freedesktop/locale1",
+@@ -1143,8 +1175,10 @@ static DBusHandlerResult locale_message_handler(
+ "Locale\0");
+ if (!changed)
+ goto oom;
+- } else
++ } else {
++ log_debug("Locale settings were not modified.");
+ strv_free(l);
++ }
+
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.locale1", "SetVConsoleKeyboard")) {
+
+@@ -1188,7 +1222,8 @@ static DBusHandlerResult locale_message_handler(
+ return bus_send_error_reply(connection, message, NULL, r);
+ }
+
+- log_info("Changed virtual console keymap to '%s'", strempty(state.vc_keymap));
++ log_info("Changed virtual console keymap to '%s' toggle '%s'",
++ strempty(state.vc_keymap), strempty(state.vc_keymap_toggle));
+
+ r = load_vconsole_keymap(connection, NULL);
+ if (r < 0)
+@@ -1266,7 +1301,10 @@ static DBusHandlerResult locale_message_handler(
+ return bus_send_error_reply(connection, message, NULL, r);
+ }
+
+- log_info("Changed X11 keyboard layout to '%s'", strempty(state.x11_layout));
++ log_info("Changed X11 keyboard layout to '%s' model '%s' variant '%s' options '%s'", strempty(state.x11_layout),
++ strempty(state.x11_model),
++ strempty(state.x11_variant),
++ strempty(state.x11_options));
+
+ changed = bus_properties_changed_new(
+ "/org/freedesktop/locale1",
diff --git a/SOURCES/0299-localed-introduce-helper-function-to-simplify-matchi.patch b/SOURCES/0299-localed-introduce-helper-function-to-simplify-matchi.patch
new file mode 100644
index 0000000..2440a08
--- /dev/null
+++ b/SOURCES/0299-localed-introduce-helper-function-to-simplify-matchi.patch
@@ -0,0 +1,63 @@
+From 31ad188e3cec2909ce0041aa43ca816d0eee6ed1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 3 Sep 2014 22:55:52 -0400
+Subject: [PATCH] localed: introduce helper function to simplify matching
+
+Conflicts:
+ src/locale/localed.c
+
+(cherry picked from commit 81fd105a5f9762fa2f2e42bc949876e32b3a126f)
+
+Related: #1109145
+---
+ src/locale/localed.c | 22 ++++++++++------------
+ 1 file changed, 10 insertions(+), 12 deletions(-)
+
+diff --git a/src/locale/localed.c b/src/locale/localed.c
+index c22e12d..56900a6 100644
+--- a/src/locale/localed.c
++++ b/src/locale/localed.c
+@@ -145,6 +145,12 @@ static int free_and_set(char **s, const char *v) {
+ return 0;
+ }
+
++static bool startswith_comma(const char *s, const char *prefix) {
++ const char *t;
++
++ return s && (t = startswith(s, prefix)) && (*t == ',');
++}
++
+ static void free_data_locale(void) {
+ int p;
+
+@@ -861,26 +867,18 @@ static int find_legacy_keymap(char **new_keymap) {
+ /* If we got an exact match, this is best */
+ matching = 10;
+ else {
+- size_t x;
+-
+- x = strcspn(state.x11_layout, ",");
+-
+ /* We have multiple X layouts, look for an
+ * entry that matches our key with everything
+ * but the first layout stripped off. */
+- if (x > 0 &&
+- strlen(a[1]) == x &&
+- strneq(state.x11_layout, a[1], x))
++ if (startswith_comma(state.x11_layout, a[1]))
+ matching = 5;
+ else {
+- size_t w;
++ char *x;
+
+ /* If that didn't work, strip off the
+ * other layouts from the entry, too */
+- w = strcspn(a[1], ",");
+-
+- if (x > 0 && x == w &&
+- memcmp(state.x11_layout, a[1], x) == 0)
++ x = strndupa(a[1], strcspn(a[1], ","));
++ if (startswith_comma(state.x11_layout, x))
+ matching = 1;
+ }
+ }
diff --git a/SOURCES/0300-localed-check-for-partially-matching-converted-keyma.patch b/SOURCES/0300-localed-check-for-partially-matching-converted-keyma.patch
new file mode 100644
index 0000000..64bddd1
--- /dev/null
+++ b/SOURCES/0300-localed-check-for-partially-matching-converted-keyma.patch
@@ -0,0 +1,113 @@
+From 6dd719fad5521a24f6278cf005c250c99292a762 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 3 Sep 2014 22:55:54 -0400
+Subject: [PATCH] localed: check for partially matching converted keymaps
+
+If a user specifies multiple X11 keymaps, with a (at least the first
+one) nonempty variant, and we don't match the whole combo, use
+a converted keymap which includes the variant in preference to
+the default, variantless, keymap.
+
+E.g.: We would convert X11 config "layout=fr variant=mac" to "fr-mac",
+but "layout=fr,us variant=mac," to "fr", because we don't have a
+converted keymap which would match "fr,us", and we don't have a legacy
+mapping for "fr,us". This is unexpected, and if we cannot match both,
+it is still better to match the primary mapping and use "fr-mac".
+
+Conflicts:
+ src/locale/localed.c
+
+(cherry picked from commit 78bd12a05a9252cf573da28394b23e2b891cbba8)
+
+Resolves: #1109145
+---
+ src/locale/localed.c | 36 ++++++++++++++++++++++++++++--------
+ 1 file changed, 28 insertions(+), 8 deletions(-)
+
+diff --git a/src/locale/localed.c b/src/locale/localed.c
+index 56900a6..592fab9 100644
+--- a/src/locale/localed.c
++++ b/src/locale/localed.c
+@@ -776,8 +776,10 @@ static int convert_vconsole_to_x11(DBusConnection *connection) {
+ int r;
+
+ r = write_data_x11();
+- if (r < 0)
++ if (r < 0) {
+ log_error("Failed to set X11 keyboard layout: %s", strerror(-r));
++ return r;
++ }
+
+ log_info("Changed X11 keyboard layout to '%s' model '%s' variant '%s' options '%s'",
+ strempty(state.x11_layout),
+@@ -807,14 +809,14 @@ static int convert_vconsole_to_x11(DBusConnection *connection) {
+ return 0;
+ }
+
+-static int find_converted_keymap(char **new_keymap) {
++static int find_converted_keymap(const char *x11_layout, const char *x11_variant, char **new_keymap) {
+ const char *dir;
+ _cleanup_free_ char *n;
+
+- if (state.x11_variant)
+- n = strjoin(state.x11_layout, "-", state.x11_variant, NULL);
++ if (x11_variant)
++ n = strjoin(x11_layout, "-", x11_variant, NULL);
+ else
+- n = strdup(state.x11_layout);
++ n = strdup(x11_layout);
+ if (!n)
+ return -ENOMEM;
+
+@@ -845,7 +847,7 @@ static int find_legacy_keymap(char **new_keymap) {
+ _cleanup_fclose_ FILE *f;
+ unsigned n = 0;
+ unsigned best_matching = 0;
+-
++ int r;
+
+ f = fopen(SYSTEMD_KBD_MODEL_MAP, "re");
+ if (!f)
+@@ -854,7 +856,6 @@ static int find_legacy_keymap(char **new_keymap) {
+ for (;;) {
+ _cleanup_strv_free_ char **a = NULL;
+ unsigned matching = 0;
+- int r;
+
+ r = read_next_mapping(f, &n, &a);
+ if (r < 0)
+@@ -913,6 +914,25 @@ static int find_legacy_keymap(char **new_keymap) {
+ }
+ }
+
++ if (best_matching < 10 && state.x11_layout) {
++ /* The best match is only the first part of the X11
++ * keymap. Check if we have a converted map which
++ * matches just the first layout.
++ */
++ char *l, *v = NULL, *converted;
++
++ l = strndupa(state.x11_layout, strcspn(state.x11_layout, ","));
++ if (state.x11_variant)
++ v = strndupa(state.x11_variant, strcspn(state.x11_variant, ","));
++ r = find_converted_keymap(l, v, &converted);
++ if (r < 0)
++ return r;
++ if (r > 0) {
++ free(*new_keymap);
++ *new_keymap = converted;
++ }
++ }
++
+ return 0;
+ }
+
+@@ -932,7 +952,7 @@ static int convert_x11_to_vconsole(DBusConnection *connection) {
+ } else {
+ char *new_keymap = NULL;
+
+- r = find_converted_keymap(&new_keymap);
++ r = find_converted_keymap(state.x11_layout, state.x11_variant, &new_keymap);
+ if (r < 0)
+ return r;
+ else if (r == 0) {
diff --git a/SOURCES/0301-fileio-make-parse_env_file-return-number-of-parsed-i.patch b/SOURCES/0301-fileio-make-parse_env_file-return-number-of-parsed-i.patch
new file mode 100644
index 0000000..97a7897
--- /dev/null
+++ b/SOURCES/0301-fileio-make-parse_env_file-return-number-of-parsed-i.patch
@@ -0,0 +1,130 @@
+From 3a68febdb636924b941a84e123b6e51e042e1273 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 22 Sep 2014 09:38:38 +0200
+Subject: [PATCH] fileio: make parse_env_file() return number of parsed items
+
+This commit introduces possibility to call parse_env_file_internal() and hand
+over extra argument where we will accumulate how many items were successfully
+parsed and pushed by callback. We make use of this in parse_env_file() and
+return number of parsed items on success instead of always returning zero.
+
+As a side-effect this commit should fix bug that locale settings in
+/etc/locale.conf are not overriden by options passed via kernel command line.
+
+Conflicts:
+ src/shared/fileio.c
+
+(cherry picked from commit a5f6c30da3ac58081108221bf8a0f6f1d84b33a9)
+
+Resolves: #1069420
+---
+ src/shared/fileio.c | 30 +++++++++++++++++++-----------
+ 1 file changed, 19 insertions(+), 11 deletions(-)
+
+diff --git a/src/shared/fileio.c b/src/shared/fileio.c
+index 733b320..fbc28bd 100644
+--- a/src/shared/fileio.c
++++ b/src/shared/fileio.c
+@@ -180,8 +180,9 @@ static int parse_env_file_internal(
+ const char *fname,
+ const char *newline,
+ int (*push) (const char *filename, unsigned line,
+- const char *key, char *value, void *userdata),
+- void *userdata) {
++ const char *key, char *value, void *userdata, int *n_pushed),
++ void *userdata,
++ int *n_pushed) {
+
+ _cleanup_free_ char *contents = NULL, *key = NULL;
+ size_t key_alloc = 0, n_key = 0, value_alloc = 0, n_value = 0, last_value_whitespace = (size_t) -1, last_key_whitespace = (size_t) -1;
+@@ -268,7 +269,7 @@ static int parse_env_file_internal(
+ if (last_key_whitespace != (size_t) -1)
+ key[last_key_whitespace] = 0;
+
+- r = push(fname, line, key, value, userdata);
++ r = push(fname, line, key, value, userdata, n_pushed);
+ if (r < 0)
+ goto fail;
+
+@@ -313,7 +314,7 @@ static int parse_env_file_internal(
+ if (last_key_whitespace != (size_t) -1)
+ key[last_key_whitespace] = 0;
+
+- r = push(fname, line, key, value, userdata);
++ r = push(fname, line, key, value, userdata, n_pushed);
+ if (r < 0)
+ goto fail;
+
+@@ -448,7 +449,7 @@ static int parse_env_file_internal(
+ if (last_key_whitespace != (size_t) -1)
+ key[last_key_whitespace] = 0;
+
+- r = push(fname, line, key, value, userdata);
++ r = push(fname, line, key, value, userdata, n_pushed);
+ if (r < 0)
+ goto fail;
+ }
+@@ -461,7 +462,7 @@ fail:
+ }
+
+ static int parse_env_file_push(const char *filename, unsigned line,
+- const char *key, char *value, void *userdata) {
++ const char *key, char *value, void *userdata, int *n_pushed) {
+ assert(utf8_is_valid(key));
+
+ if (value && !utf8_is_valid(value))
+@@ -484,6 +485,10 @@ static int parse_env_file_push(const char *filename, unsigned line,
+ va_end(aq);
+ free(*v);
+ *v = value;
++
++ if (n_pushed)
++ (*n_pushed)++;
++
+ return 1;
+ }
+ }
+@@ -500,20 +505,20 @@ int parse_env_file(
+ const char *newline, ...) {
+
+ va_list ap;
+- int r;
++ int r, n_pushed = 0;
+
+ if (!newline)
+ newline = NEWLINE;
+
+ va_start(ap, newline);
+- r = parse_env_file_internal(fname, newline, parse_env_file_push, &ap);
++ r = parse_env_file_internal(fname, newline, parse_env_file_push, &ap, &n_pushed);
+ va_end(ap);
+
+- return r;
++ return r < 0 ? r : n_pushed;
+ }
+
+ static int load_env_file_push(const char *filename, unsigned line,
+- const char *key, char *value, void *userdata) {
++ const char *key, char *value, void *userdata, int *n_pushed) {
+ assert(utf8_is_valid(key));
+
+ if (value && !utf8_is_valid(value))
+@@ -534,6 +539,9 @@ static int load_env_file_push(const char *filename, unsigned line,
+ free(p);
+ return r;
+ }
++
++ if (n_pushed)
++ (*n_pushed)++;
+ }
+
+ free(value);
+@@ -547,7 +555,7 @@ int load_env_file(const char *fname, const char *newline, char ***rl) {
+ if (!newline)
+ newline = NEWLINE;
+
+- r = parse_env_file_internal(fname, newline, load_env_file_push, &m);
++ r = parse_env_file_internal(fname, newline, load_env_file_push, &m, NULL);
+ if (r < 0) {
+ strv_free(m);
+ return r;
diff --git a/SOURCES/0302-localectl-print-warning-when-there-are-options-given.patch b/SOURCES/0302-localectl-print-warning-when-there-are-options-given.patch
new file mode 100644
index 0000000..78d86bc
--- /dev/null
+++ b/SOURCES/0302-localectl-print-warning-when-there-are-options-given.patch
@@ -0,0 +1,292 @@
+From 7664fb3e7ebba889d52c4e7ba653dbbba9035969 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 24 Sep 2014 13:17:43 +0200
+Subject: [PATCH] localectl: print warning when there are options given on
+ kernel cmdline
+
+Conflicts:
+ src/locale/localectl.c
+
+(cherry picked from commit a34286684ebb78dd3db0d7f34feb2c121c9d00cc)
+
+Related: #1069420
+---
+ Makefile.am | 2 ++
+ src/core/locale-setup.c | 47 +++++---------------------------------------
+ src/locale/localectl.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++
+ src/shared/locale-util.c | 42 +++++++++++++++++++++++++++++++++++++++
+ src/shared/locale-util.h | 47 ++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 147 insertions(+), 42 deletions(-)
+ create mode 100644 src/shared/locale-util.c
+ create mode 100644 src/shared/locale-util.h
+
+diff --git a/Makefile.am b/Makefile.am
+index d54a556..dab55ba 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -656,6 +656,8 @@ libsystemd_shared_la_SOURCES = \
+ src/shared/path-util.h \
+ src/shared/time-util.c \
+ src/shared/time-util.h \
++ src/shared/locale-util.c \
++ src/shared/locale-util.h \
+ src/shared/hashmap.c \
+ src/shared/hashmap.h \
+ src/shared/set.c \
+diff --git a/src/core/locale-setup.c b/src/core/locale-setup.c
+index 276deb9..69e9bca 100644
+--- a/src/core/locale-setup.c
++++ b/src/core/locale-setup.c
+@@ -30,48 +30,11 @@
+ #include "fileio.h"
+ #include "strv.h"
+ #include "env-util.h"
+-
+-enum {
+- /* We don't list LC_ALL here on purpose. People should be
+- * using LANG instead. */
+-
+- VARIABLE_LANG,
+- VARIABLE_LANGUAGE,
+- VARIABLE_LC_CTYPE,
+- VARIABLE_LC_NUMERIC,
+- VARIABLE_LC_TIME,
+- VARIABLE_LC_COLLATE,
+- VARIABLE_LC_MONETARY,
+- VARIABLE_LC_MESSAGES,
+- VARIABLE_LC_PAPER,
+- VARIABLE_LC_NAME,
+- VARIABLE_LC_ADDRESS,
+- VARIABLE_LC_TELEPHONE,
+- VARIABLE_LC_MEASUREMENT,
+- VARIABLE_LC_IDENTIFICATION,
+- _VARIABLE_MAX
+-};
+-
+-static const char * const variable_names[_VARIABLE_MAX] = {
+- [VARIABLE_LANG] = "LANG",
+- [VARIABLE_LANGUAGE] = "LANGUAGE",
+- [VARIABLE_LC_CTYPE] = "LC_CTYPE",
+- [VARIABLE_LC_NUMERIC] = "LC_NUMERIC",
+- [VARIABLE_LC_TIME] = "LC_TIME",
+- [VARIABLE_LC_COLLATE] = "LC_COLLATE",
+- [VARIABLE_LC_MONETARY] = "LC_MONETARY",
+- [VARIABLE_LC_MESSAGES] = "LC_MESSAGES",
+- [VARIABLE_LC_PAPER] = "LC_PAPER",
+- [VARIABLE_LC_NAME] = "LC_NAME",
+- [VARIABLE_LC_ADDRESS] = "LC_ADDRESS",
+- [VARIABLE_LC_TELEPHONE] = "LC_TELEPHONE",
+- [VARIABLE_LC_MEASUREMENT] = "LC_MEASUREMENT",
+- [VARIABLE_LC_IDENTIFICATION] = "LC_IDENTIFICATION"
+-};
++#include "locale-util.h"
+
+ int locale_setup(char ***environment) {
+ char **add;
+- char *variables[_VARIABLE_MAX] = {};
++ char *variables[_VARIABLE_LC_MAX] = {};
+ int r = 0, i;
+
+ if (detect_container(NULL) <= 0) {
+@@ -121,13 +84,13 @@ int locale_setup(char ***environment) {
+ }
+
+ add = NULL;
+- for (i = 0; i < _VARIABLE_MAX; i++) {
++ for (i = 0; i < _VARIABLE_LC_MAX; i++) {
+ char *s;
+
+ if (!variables[i])
+ continue;
+
+- s = strjoin(variable_names[i], "=", variables[i], NULL);
++ s = strjoin(locale_variable_to_string(i), "=", variables[i], NULL);
+ if (!s) {
+ r = -ENOMEM;
+ goto finish;
+@@ -158,7 +121,7 @@ int locale_setup(char ***environment) {
+ finish:
+ strv_free(add);
+
+- for (i = 0; i < _VARIABLE_MAX; i++)
++ for (i = 0; i < _VARIABLE_LC_MAX; i++)
+ free(variables[i]);
+
+ return r;
+diff --git a/src/locale/localectl.c b/src/locale/localectl.c
+index d3c6152..fdef3a0 100644
+--- a/src/locale/localectl.c
++++ b/src/locale/localectl.c
+@@ -39,6 +39,9 @@
+ #include "path-util.h"
+ #include "utf8.h"
+ #include "def.h"
++#include "virt.h"
++#include "fileio.h"
++#include "locale-util.h"
+
+ static bool arg_no_pager = false;
+ static enum transport {
+@@ -79,6 +82,53 @@ typedef struct StatusInfo {
+ const char *x11_options;
+ } StatusInfo;
+
++static void print_overriden_variables(void) {
++ int r;
++ char *variables[_VARIABLE_LC_MAX] = {};
++ LocaleVariable j;
++ bool print_warning = true;
++
++ if (detect_container(NULL) > 0 || arg_host)
++ return;
++
++ r = parse_env_file("/proc/cmdline", WHITESPACE,
++ "locale.LANG", &variables[VARIABLE_LANG],
++ "locale.LANGUAGE", &variables[VARIABLE_LANGUAGE],
++ "locale.LC_CTYPE", &variables[VARIABLE_LC_CTYPE],
++ "locale.LC_NUMERIC", &variables[VARIABLE_LC_NUMERIC],
++ "locale.LC_TIME", &variables[VARIABLE_LC_TIME],
++ "locale.LC_COLLATE", &variables[VARIABLE_LC_COLLATE],
++ "locale.LC_MONETARY", &variables[VARIABLE_LC_MONETARY],
++ "locale.LC_MESSAGES", &variables[VARIABLE_LC_MESSAGES],
++ "locale.LC_PAPER", &variables[VARIABLE_LC_PAPER],
++ "locale.LC_NAME", &variables[VARIABLE_LC_NAME],
++ "locale.LC_ADDRESS", &variables[VARIABLE_LC_ADDRESS],
++ "locale.LC_TELEPHONE", &variables[VARIABLE_LC_TELEPHONE],
++ "locale.LC_MEASUREMENT", &variables[VARIABLE_LC_MEASUREMENT],
++ "locale.LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION],
++ NULL);
++
++ if (r < 0 && r != -ENOENT) {
++ log_warning("Failed to read /proc/cmdline: %s", strerror(-r));
++ goto finish;
++ }
++
++ for (j = VARIABLE_LANG; j < _VARIABLE_LC_MAX; j++)
++ if (variables[j]) {
++ if (print_warning) {
++ printf("Warning: Settings on Kernel Command Line override system locale settings in /etc/locale.conf\n");
++ printf(" Command Line: %s=%s\n", locale_variable_to_string(j), variables[j]);
++
++ print_warning = false;
++ continue;
++ }
++ printf(" %s=%s\n", locale_variable_to_string(j), variables[j]);
++ }
++ finish:
++ for (j = VARIABLE_LANG; j < _VARIABLE_LC_MAX; j++)
++ free(variables[j]);
++}
++
+ static void print_status_info(StatusInfo *i) {
+ assert(i);
+
+@@ -218,6 +268,7 @@ static int show_status(DBusConnection *bus, char **args, unsigned n) {
+ dbus_message_iter_next(&sub);
+ }
+
++ print_overriden_variables();
+ print_status_info(&info);
+ strv_free(info.locale);
+ return 0;
+diff --git a/src/shared/locale-util.c b/src/shared/locale-util.c
+new file mode 100644
+index 0000000..d53b16c
+--- /dev/null
++++ b/src/shared/locale-util.c
+@@ -0,0 +1,42 @@
++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
++
++/***
++ This file is part of systemd.
++
++ Copyright 2014 Lennart Poettering
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++***/
++
++#include "util.h"
++#include "locale-util.h"
++
++static const char * const locale_variable_table[_VARIABLE_LC_MAX] = {
++ [VARIABLE_LANG] = "LANG",
++ [VARIABLE_LANGUAGE] = "LANGUAGE",
++ [VARIABLE_LC_CTYPE] = "LC_CTYPE",
++ [VARIABLE_LC_NUMERIC] = "LC_NUMERIC",
++ [VARIABLE_LC_TIME] = "LC_TIME",
++ [VARIABLE_LC_COLLATE] = "LC_COLLATE",
++ [VARIABLE_LC_MONETARY] = "LC_MONETARY",
++ [VARIABLE_LC_MESSAGES] = "LC_MESSAGES",
++ [VARIABLE_LC_PAPER] = "LC_PAPER",
++ [VARIABLE_LC_NAME] = "LC_NAME",
++ [VARIABLE_LC_ADDRESS] = "LC_ADDRESS",
++ [VARIABLE_LC_TELEPHONE] = "LC_TELEPHONE",
++ [VARIABLE_LC_MEASUREMENT] = "LC_MEASUREMENT",
++ [VARIABLE_LC_IDENTIFICATION] = "LC_IDENTIFICATION"
++};
++
++DEFINE_STRING_TABLE_LOOKUP(locale_variable, LocaleVariable);
+diff --git a/src/shared/locale-util.h b/src/shared/locale-util.h
+new file mode 100644
+index 0000000..420a89d
+--- /dev/null
++++ b/src/shared/locale-util.h
+@@ -0,0 +1,47 @@
++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
++
++/***
++ This file is part of systemd.
++
++ Copyright 2014 Lennart Poettering
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++***/
++
++#include "util.h"
++
++typedef enum LocaleVariable {
++ /* We don't list LC_ALL here on purpose. People should be
++ * using LANG instead. */
++
++ VARIABLE_LANG,
++ VARIABLE_LANGUAGE,
++ VARIABLE_LC_CTYPE,
++ VARIABLE_LC_NUMERIC,
++ VARIABLE_LC_TIME,
++ VARIABLE_LC_COLLATE,
++ VARIABLE_LC_MONETARY,
++ VARIABLE_LC_MESSAGES,
++ VARIABLE_LC_PAPER,
++ VARIABLE_LC_NAME,
++ VARIABLE_LC_ADDRESS,
++ VARIABLE_LC_TELEPHONE,
++ VARIABLE_LC_MEASUREMENT,
++ VARIABLE_LC_IDENTIFICATION,
++ _VARIABLE_LC_MAX,
++ _VARIABLE_LC_INVALID = -1
++} LocaleVariable;
++
++const char* locale_variable_to_string(LocaleVariable i) _const_;
++LocaleVariable locale_variable_from_string(const char *s) _pure_;
diff --git a/SOURCES/0303-dbus-fix-crash-when-appending-selinux-context.patch b/SOURCES/0303-dbus-fix-crash-when-appending-selinux-context.patch
new file mode 100644
index 0000000..9aff9d2
--- /dev/null
+++ b/SOURCES/0303-dbus-fix-crash-when-appending-selinux-context.patch
@@ -0,0 +1,43 @@
+From 48a85bb45ff9d3ee302594ac41d102fa16b31350 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Sat, 27 Sep 2014 20:40:11 +0200
+Subject: [PATCH] dbus: fix crash when appending selinux context
+
+RHEL-only
+
+Related: #1113790
+---
+ src/core/dbus-execute.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
+index 8162f1c..ae65be1 100644
+--- a/src/core/dbus-execute.c
++++ b/src/core/dbus-execute.c
+@@ -376,6 +376,7 @@ static int bus_execute_append_selinux_context(DBusMessageIter *i, const char *pr
+ ExecContext *c = data;
+ dbus_bool_t selinux_context_ignore;
+ const char *selinux_context = NULL;
++ DBusMessageIter sub;
+
+ assert(i);
+ assert(property);
+@@ -387,10 +388,16 @@ static int bus_execute_append_selinux_context(DBusMessageIter *i, const char *pr
+
+ selinux_context_ignore = c->selinux_context_ignore;
+
+- if (!dbus_message_iter_append_basic(i, DBUS_TYPE_BOOLEAN, &selinux_context_ignore))
++ if (!dbus_message_iter_open_container(i, DBUS_TYPE_STRUCT, NULL, &sub))
++ return -ENOMEM;
++
++ if (!dbus_message_iter_append_basic(&sub, DBUS_TYPE_BOOLEAN, &selinux_context_ignore))
+ return -ENOMEM;
+
+- if (!dbus_message_iter_append_basic(i, DBUS_TYPE_STRING, &selinux_context))
++ if (!dbus_message_iter_append_basic(&sub, DBUS_TYPE_STRING, &selinux_context))
++ return -ENOMEM;
++
++ if (!dbus_message_iter_close_container(i, &sub))
+ return -ENOMEM;
+
+ return 0;
diff --git a/SOURCES/0304-tmpfiles-minor-modernizations.patch b/SOURCES/0304-tmpfiles-minor-modernizations.patch
new file mode 100644
index 0000000..29e507e
--- /dev/null
+++ b/SOURCES/0304-tmpfiles-minor-modernizations.patch
@@ -0,0 +1,66 @@
+From 50720580bc5333e594032b124a9a1114e66dc7ae Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 12 Jun 2014 23:07:17 +0200
+Subject: [PATCH] tmpfiles: minor modernizations
+
+(cherry-picked from 753615e85d990077c303ae4a42a53e792ffb12ca)
+
+Resolves: #1147524
+---
+ src/tmpfiles/tmpfiles.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index ff51062..df6c99a 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -990,7 +990,9 @@ static int process_item(Item *i) {
+ }
+
+ static void item_free(Item *i) {
+- assert(i);
++
++ if (!i)
++ return;
+
+ free(i->path);
+ free(i->argument);
+@@ -1122,7 +1124,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
+ }
+ }
+
+- switch(type) {
++ switch (type) {
+
+ case CREATE_FILE:
+ case TRUNCATE_FILE:
+@@ -1171,7 +1173,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
+ }
+
+ default:
+- log_error("[%s:%u] Unknown file type '%c'.", fname, line, type);
++ log_error("[%s:%u] Unknown command type '%c'.", fname, line, type);
+ return -EBADMSG;
+ }
+
+@@ -1355,9 +1357,11 @@ static int parse_argv(int argc, char *argv[]) {
+ break;
+
+ case ARG_ROOT:
++ free(arg_root);
+ arg_root = path_make_absolute_cwd(optarg);
+ if (!arg_root)
+ return log_oom();
++
+ path_kill_slashes(arg_root);
+ break;
+
+@@ -1456,7 +1460,7 @@ int main(int argc, char *argv[]) {
+
+ r = parse_argv(argc, argv);
+ if (r <= 0)
+- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
++ goto finish;
+
+ log_set_target(LOG_TARGET_AUTO);
+ log_parse_environment();
diff --git a/SOURCES/0305-install-when-looking-for-a-unit-file-for-enabling-se.patch b/SOURCES/0305-install-when-looking-for-a-unit-file-for-enabling-se.patch
new file mode 100644
index 0000000..c00ae0c
--- /dev/null
+++ b/SOURCES/0305-install-when-looking-for-a-unit-file-for-enabling-se.patch
@@ -0,0 +1,126 @@
+From f73a446c8a1db5c255e6cf1bf6c5d68fe6448f10 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 17 Jun 2014 00:13:48 +0200
+Subject: [PATCH] install: when looking for a unit file for enabling, search
+ for templates only after traversing all search directories
+
+Let's always make sure to look in all search directories for the full
+unit names first, before looking for templates for them.
+
+(cherry-picked from e50bd775163cd96be1888943a8785a436be710e8)
+
+Resolves: #1147524
+---
+ src/shared/install.c | 74 +++++++++++++++++++++++++++-------------------------
+ 1 file changed, 38 insertions(+), 36 deletions(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 2c8f907..dc8842b 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1074,67 +1074,69 @@ static int unit_file_search(
+ assert(paths);
+
+ if (info->path) {
+- char *full_path = NULL;
++ const char *path;
+
+- if (!isempty(root_dir))
+- full_path = strappenda(root_dir, info->path);
++ if (isempty(root_dir))
++ path = info->path;
++ else
++ path = strappenda(root_dir, info->path);
+
+- return unit_file_load(c, info, full_path ?: info->path, allow_symlink);
++ return unit_file_load(c, info, path, allow_symlink);
+ }
+
+ assert(info->name);
+
+ STRV_FOREACH(p, paths->unit_path) {
+- _cleanup_free_ char *path = NULL, *full_path = NULL;
++ _cleanup_free_ char *path = NULL;
+
+- path = strjoin(*p, "/", info->name, NULL);
++ if (isempty(root_dir))
++ path = strjoin(*p, "/", info->name, NULL);
++ else
++ path = strjoin(root_dir, "/", *p, "/", info->name, NULL);
+ if (!path)
+ return -ENOMEM;
+
+- if (!isempty(root_dir)) {
+- full_path = strappend(root_dir, path);
+- if (!full_path)
+- return -ENOMEM;
+- }
+-
+- r = unit_file_load(c, info, full_path ?: path, allow_symlink);
++ r = unit_file_load(c, info, path, allow_symlink);
+ if (r >= 0) {
+ info->path = path;
+ path = NULL;
+- } else if (r == -ENOENT && unit_name_is_instance(info->name)) {
+- /* Unit file doesn't exist, however instance enablement was requested.
+- * We will check if it is possible to load template unit file. */
+- _cleanup_free_ char *template = NULL, *template_dir = NULL;
++ return r;
++ }
++ if (r != -ENOENT && r != -ELOOP)
++ return r;
++ }
+
+- template = unit_name_template(info->name);
+- if (!template)
+- return -ENOMEM;
++ if (unit_name_is_instance(info->name)) {
+
+- /* We will reuse path variable since we don't need it anymore. */
+- template_dir = path;
+- *(strrchr(template_dir, '/') + 1) = '\0';
++ /* Unit file doesn't exist, however instance
++ * enablement was requested. We will check if it is
++ * possible to load template unit file. */
+
+- path = strappend(template_dir, template);
++ _cleanup_free_ char *template = NULL, *template_dir = NULL;
++
++ template = unit_name_template(info->name);
++ if (!template)
++ return -ENOMEM;
++
++ STRV_FOREACH(p, paths->unit_path) {
++ _cleanup_free_ char *path = NULL;
++
++ if (isempty(root_dir))
++ path = strjoin(*p, "/", template, NULL);
++ else
++ path = strjoin(root_dir, "/", *p, "/", template, NULL);
+ if (!path)
+ return -ENOMEM;
+
+- if (!isempty(root_dir)) {
+- free(full_path);
+- full_path = strappend(root_dir, path);
+- if (!full_path)
+- return -ENOMEM;
+- }
+-
+- /* Let's try to load template unit. */
+- r = unit_file_load(c, info, full_path ?: path, allow_symlink);
++ r = unit_file_load(c, info, path, allow_symlink);
+ if (r >= 0) {
+ info->path = path;
+ path = NULL;
++ return r;
+ }
++ if (r != -ENOENT && r != -ELOOP)
++ return r;
+ }
+-
+- if (r != -ENOENT && r != -ELOOP)
+- return r;
+ }
+
+ return -ENOENT;
diff --git a/SOURCES/0306-install-remove-unused-variable.patch b/SOURCES/0306-install-remove-unused-variable.patch
new file mode 100644
index 0000000..cfde10e
--- /dev/null
+++ b/SOURCES/0306-install-remove-unused-variable.patch
@@ -0,0 +1,25 @@
+From 9d05d80b64a04e2bf9a61d992b7bd22b23949d1e Mon Sep 17 00:00:00 2001
+From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
+Date: Tue, 17 Jun 2014 21:22:01 +0200
+Subject: [PATCH] install: remove unused variable
+
+(cherry-picked from de228aabc833901e7c75aab8d62e58229e2a8bfc)
+
+Resolves: #1147524
+---
+ src/shared/install.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index dc8842b..dd5e22b 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1112,7 +1112,7 @@ static int unit_file_search(
+ * enablement was requested. We will check if it is
+ * possible to load template unit file. */
+
+- _cleanup_free_ char *template = NULL, *template_dir = NULL;
++ _cleanup_free_ char *template = NULL;
+
+ template = unit_name_template(info->name);
+ if (!template)
diff --git a/SOURCES/0307-bootctl-typo-fix-in-help-message.patch b/SOURCES/0307-bootctl-typo-fix-in-help-message.patch
new file mode 100644
index 0000000..909d4aa
--- /dev/null
+++ b/SOURCES/0307-bootctl-typo-fix-in-help-message.patch
@@ -0,0 +1,25 @@
+From 5f9893fe56014642bbdb2d15eb829e3447dac265 Mon Sep 17 00:00:00 2001
+From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
+Date: Wed, 6 Nov 2013 00:29:49 +0100
+Subject: [PATCH] bootctl: typo fix in help message
+
+(cherry-picked from 82de16f92ca5259e9ddb4f328f086cb6a9f043b0)
+
+Resolves: #1147524
+---
+ src/boot/bootctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
+index af694fd..d25ddef 100644
+--- a/src/boot/bootctl.c
++++ b/src/boot/bootctl.c
+@@ -34,7 +34,7 @@
+
+ static int help(void) {
+ printf("%s [OPTIONS...] COMMAND ...\n\n"
+- "Query or change firmware and boot mananger settings.\n\n"
++ "Query or change firmware and boot manager settings.\n\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n"
+ "Commands:\n"
diff --git a/SOURCES/0308-logind-ignore-failing-close-on-session-devices.patch b/SOURCES/0308-logind-ignore-failing-close-on-session-devices.patch
new file mode 100644
index 0000000..683440f
--- /dev/null
+++ b/SOURCES/0308-logind-ignore-failing-close-on-session-devices.patch
@@ -0,0 +1,59 @@
+From b1c42aa11792c00cf359bec452022b73cbe2c79d Mon Sep 17 00:00:00 2001
+From: David Herrmann <dh.herrmann@gmail.com>
+Date: Thu, 28 Nov 2013 14:51:40 +0100
+Subject: [PATCH] logind: ignore failing close() on session-devices
+
+Unfortunately, close() on a revoked/removed character-device fails with
+ENODEV. I tried tracking this down in the kernel, but couldn't figure out
+were exactly it comes from. However, can be easily reproduced with:
+ fd = open("/dev/input/event0", O_RDWR);
+ ioctl(fd, EVIOCREVOKE, 0);
+ r = close(fd);
+A second close on @fd would return EBADF so the close is actually valid.
+
+We simply ignore close() errors for all session-devices as their access
+may be revoked asynchronously, or the device might get unplugged.
+We use close_nointr() in case anyone ever looks at the return value (or
+anyone runs "grep 'close(' -r src/" to find broken close() calls).
+
+Fixes:
+ systemd-logind[31992]: Assertion 'close_nointr(fd) == 0' failed at src/shared/util.c:185, function close_nointr_nofail(). Aborting.
+
+(cherry-picked from d1107170f9e0fa2cb6e8d18586a003f0d96abfc3)
+
+Resolves: #1147524
+---
+ src/login/logind-session-device.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c
+index 6605935..fd02b43 100644
+--- a/src/login/logind-session-device.c
++++ b/src/login/logind-session-device.c
+@@ -162,7 +162,7 @@ static int session_device_open(SessionDevice *sd, bool active) {
+ * state. */
+ r = sd_drmsetmaster(fd);
+ if (r < 0) {
+- close(fd);
++ close_nointr(fd);
+ return r;
+ }
+ } else {
+@@ -209,7 +209,7 @@ static int session_device_start(SessionDevice *sd) {
+ r = session_device_open(sd, true);
+ if (r < 0)
+ return r;
+- close_nointr_nofail(sd->fd);
++ close_nointr(sd->fd);
+ sd->fd = r;
+ break;
+ case DEVICE_TYPE_UNKNOWN:
+@@ -407,7 +407,7 @@ void session_device_free(SessionDevice *sd) {
+
+ session_device_stop(sd);
+ session_device_notify(sd, SESSION_DEVICE_RELEASE);
+- close_nointr_nofail(sd->fd);
++ close_nointr(sd->fd);
+
+ LIST_REMOVE(SessionDevice, sd_by_device, sd->device->session_devices, sd);
+
diff --git a/SOURCES/0309-sysfs-show.c-return-negative-error.patch b/SOURCES/0309-sysfs-show.c-return-negative-error.patch
new file mode 100644
index 0000000..eeafc02
--- /dev/null
+++ b/SOURCES/0309-sysfs-show.c-return-negative-error.patch
@@ -0,0 +1,27 @@
+From 8d5952a7659d735958119b64d05ceab34be9e454 Mon Sep 17 00:00:00 2001
+From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
+Date: Sat, 30 Nov 2013 21:59:40 +0100
+Subject: [PATCH] sysfs-show.c: return negative error
+
+introduced in 1ca208fb4f93e5869704af1812cbff7130a2fc03
+
+(cherry-picked from a051da35ce96923e31a532c86a530bfd40d5dc76)
+
+Resolves: #1147524
+---
+ src/login/sysfs-show.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/login/sysfs-show.c b/src/login/sysfs-show.c
+index 9fc3054..cb12ebf 100644
+--- a/src/login/sysfs-show.c
++++ b/src/login/sysfs-show.c
+@@ -164,7 +164,7 @@ int show_sysfs(const char *seat, const char *prefix, unsigned n_columns) {
+
+ e = udev_enumerate_new(udev);
+ if (!e)
+- return ENOMEM;
++ return -ENOMEM;
+
+ if (!streq(seat, "seat0"))
+ r = udev_enumerate_add_match_tag(e, seat);
diff --git a/SOURCES/0310-core-only-send-SIGHUP-when-doing-first-kill-not-when.patch b/SOURCES/0310-core-only-send-SIGHUP-when-doing-first-kill-not-when.patch
new file mode 100644
index 0000000..b5cdad2
--- /dev/null
+++ b/SOURCES/0310-core-only-send-SIGHUP-when-doing-first-kill-not-when.patch
@@ -0,0 +1,61 @@
+From 2f960b84dad97c50c819f2c11812fe6f302ec2ca Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 6 Feb 2014 01:50:41 +0100
+Subject: [PATCH] core: only send SIGHUP when doing first kill, not when doing
+ final sigkill
+
+Conflicts:
+ src/core/unit.c
+
+(cherry-picked from 97e0691f85da6e7ea131ce80bd61e2d47a737a61)
+
+Resolves: #1147524
+---
+ src/core/unit.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 855e135..fe1864a 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -3113,7 +3113,7 @@ int unit_kill_context(
+ } else {
+ wait_for_exit = !main_pid_alien;
+
+- if (c->send_sighup)
++ if (c->send_sighup && !sigkill)
+ kill(main_pid, SIGHUP);
+ }
+ }
+@@ -3131,7 +3131,7 @@ int unit_kill_context(
+ } else {
+ wait_for_exit = true;
+
+- if (c->send_sighup)
++ if (c->send_sighup && !sigkill)
+ kill(control_pid, SIGHUP);
+ }
+ }
+@@ -3149,8 +3149,20 @@ int unit_kill_context(
+ if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
+ log_warning_unit(u->id, "Failed to kill control group: %s", strerror(-r));
+ } else if (r > 0) {
+- wait_for_exit = true;
+- if (c->send_sighup) {
++
++ /* FIXME: Now, we don't actually wait for any
++ * of the processes that are neither control
++ * nor main process. We should wait for them
++ * of course, but that's hard since the cgroup
++ * notification logic is so unreliable. It is
++ * not available at all in containers, and on
++ * the host it gets confused by
++ * subgroups. Hence, for now, let's not wait
++ * for these processes -- but when the kernel
++ * gets fixed we really should correct
++ * that. */
++
++ if (c->send_sighup && !sigkill) {
+ set_free(pid_set);
+
+ pid_set = unit_pid_set(main_pid, control_pid);
diff --git a/SOURCES/0311-cgroup-make-sure-to-properly-send-SIGCONT-to-all-pro.patch b/SOURCES/0311-cgroup-make-sure-to-properly-send-SIGCONT-to-all-pro.patch
new file mode 100644
index 0000000..f07310d
--- /dev/null
+++ b/SOURCES/0311-cgroup-make-sure-to-properly-send-SIGCONT-to-all-pro.patch
@@ -0,0 +1,33 @@
+From 0c5ef7a5535c4b3aebfc61793c28919f696d5e99 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 6 Feb 2014 19:27:59 +0100
+Subject: [PATCH] cgroup: make sure to properly send SIGCONT to all processes
+ of a cgroup if that's requested
+
+(cherry-picked from 6e8314c420eb375847c9e526745c2caec802399d)
+
+Resolves: #1147524
+---
+ src/shared/cgroup-util.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c
+index 8a4edda..b58d8b8 100644
+--- a/src/shared/cgroup-util.c
++++ b/src/shared/cgroup-util.c
+@@ -194,12 +194,12 @@ int cg_kill(const char *controller, const char *path, int sig, bool sigcont, boo
+ if (kill(pid, sig) < 0) {
+ if (ret >= 0 && errno != ESRCH)
+ ret = -errno;
+- } else if (ret == 0) {
+-
++ } else {
+ if (sigcont)
+ kill(pid, SIGCONT);
+
+- ret = 1;
++ if (ret == 0)
++ ret = 1;
+ }
+
+ done = false;
diff --git a/SOURCES/0312-core-don-t-send-duplicate-SIGCONT-when-killing-units.patch b/SOURCES/0312-core-don-t-send-duplicate-SIGCONT-when-killing-units.patch
new file mode 100644
index 0000000..a0134d0
--- /dev/null
+++ b/SOURCES/0312-core-don-t-send-duplicate-SIGCONT-when-killing-units.patch
@@ -0,0 +1,25 @@
+From 1368259de25f91b0130fcf9a8dd1623b3354ba10 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 6 Feb 2014 19:46:46 +0100
+Subject: [PATCH] core: don't send duplicate SIGCONT when killing units
+
+(cherry-picked from 8190da36f71a887945297cd65d6426c78b466a50)
+
+Resolves: #1147524
+---
+ src/core/unit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index fe1864a..87a6385 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -3169,7 +3169,7 @@ int unit_kill_context(
+ if (!pid_set)
+ return -ENOMEM;
+
+- cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, SIGHUP, true, true, false, pid_set);
++ cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, SIGHUP, false, true, false, pid_set);
+ }
+ }
+ }
diff --git a/SOURCES/0313-efi-fix-Undefined-reference-efi_loader_get_boot_usec.patch b/SOURCES/0313-efi-fix-Undefined-reference-efi_loader_get_boot_usec.patch
new file mode 100644
index 0000000..ea63c99
--- /dev/null
+++ b/SOURCES/0313-efi-fix-Undefined-reference-efi_loader_get_boot_usec.patch
@@ -0,0 +1,28 @@
+From d19e3171725a0afd00c094e8d2b9012309b91f21 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
+Date: Tue, 11 Feb 2014 09:54:49 -0300
+Subject: [PATCH] efi: fix Undefined reference efi_loader_get_boot_usec when
+ EFI support is disabled
+
+(cherry-picked from 70d9b9fc0a4fa1698ff00e364c61bb875244efa1)
+
+Resolves: #1147524
+---
+ src/shared/boot-timestamps.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/boot-timestamps.c b/src/shared/boot-timestamps.c
+index 9449965..d656685 100644
+--- a/src/shared/boot-timestamps.c
++++ b/src/shared/boot-timestamps.c
+@@ -40,8 +40,10 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time
+
+ r = acpi_get_boot_usec(&x, &y);
+ if (r < 0) {
++#ifdef ENABLE_EFI
+ r = efi_loader_get_boot_usec(&x, &y);
+ if (r < 0)
++#endif
+ return r;
+ }
+
diff --git a/SOURCES/0314-macro-better-make-IN_SET-macro-use-const-arrays.patch b/SOURCES/0314-macro-better-make-IN_SET-macro-use-const-arrays.patch
new file mode 100644
index 0000000..ef19db1
--- /dev/null
+++ b/SOURCES/0314-macro-better-make-IN_SET-macro-use-const-arrays.patch
@@ -0,0 +1,38 @@
+From 87eaadf84215ef31e453d26c4935f82ec7ab1ef0 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 3 Dec 2013 16:41:06 +0100
+Subject: [PATCH] macro: better make IN_SET() macro use const arrays
+
+Conflicts:
+ src/shared/macro.h
+
+(cherry-picked from 059d9fbb)
+
+Resolves: #1147524
+---
+ src/shared/macro.h | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/shared/macro.h b/src/shared/macro.h
+index d4f92b6..27a02d4 100644
+--- a/src/shared/macro.h
++++ b/src/shared/macro.h
+@@ -287,4 +287,18 @@ do { \
+ #define SET_FLAG(v, flag, b) \
+ (v) = (b) ? ((v) | (flag)) : ((v) & ~(flag))
+
++#define IN_SET(x, ...) \
++ ({ \
++ const typeof(x) _x = (x); \
++ unsigned _i; \
++ bool _found = false; \
++ for (_i = 0; _i < sizeof((const typeof(_x)[]) { __VA_ARGS__ })/sizeof(const typeof(_x)); _i++) \
++ if (((const typeof(_x)[]) { __VA_ARGS__ })[_i] == _x) { \
++ _found = true; \
++ break; \
++ } \
++ _found; \
++ })
++
++
+ #include "log.h"
diff --git a/SOURCES/0315-macro-make-sure-we-can-use-IN_SET-also-with-complex-.patch b/SOURCES/0315-macro-make-sure-we-can-use-IN_SET-also-with-complex-.patch
new file mode 100644
index 0000000..9cd02cc
--- /dev/null
+++ b/SOURCES/0315-macro-make-sure-we-can-use-IN_SET-also-with-complex-.patch
@@ -0,0 +1,49 @@
+From 28a4b5dd0895ba41d1327dcaf824f8adffea73f7 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 12 Mar 2014 22:26:22 +0100
+Subject: [PATCH] macro: make sure we can use IN_SET() also with complex
+ function calls as first argument
+
+(cherry-picked from dc36d78e)
+
+Resolves: #1147524
+---
+ src/shared/macro.h | 9 +++++----
+ src/test/test-util.c | 1 -
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/shared/macro.h b/src/shared/macro.h
+index 27a02d4..21039eb 100644
+--- a/src/shared/macro.h
++++ b/src/shared/macro.h
+@@ -287,13 +287,14 @@ do { \
+ #define SET_FLAG(v, flag, b) \
+ (v) = (b) ? ((v) | (flag)) : ((v) & ~(flag))
+
+-#define IN_SET(x, ...) \
++#define IN_SET(x, y, ...) \
+ ({ \
+- const typeof(x) _x = (x); \
++ const typeof(y) _y = (y); \
++ const typeof(_y) _x = (x); \
+ unsigned _i; \
+ bool _found = false; \
+- for (_i = 0; _i < sizeof((const typeof(_x)[]) { __VA_ARGS__ })/sizeof(const typeof(_x)); _i++) \
+- if (((const typeof(_x)[]) { __VA_ARGS__ })[_i] == _x) { \
++ for (_i = 0; _i < 1 + sizeof((const typeof(_x)[]) { __VA_ARGS__ })/sizeof(const typeof(_x)); _i++) \
++ if (((const typeof(_x)[]) { _y, __VA_ARGS__ })[_i] == _x) { \
+ _found = true; \
+ break; \
+ } \
+diff --git a/src/test/test-util.c b/src/test/test-util.c
+index c5762ed..8527f13 100644
+--- a/src/test/test-util.c
++++ b/src/test/test-util.c
+@@ -571,7 +571,6 @@ static void test_fstab_node_to_udev_node(void) {
+ assert_se(streq(n, "/dev/disk/by-partuuid/037b9d94-148e-4ee4-8d38-67bfe15bb535"));
+ free(n);
+
+-
+ n = fstab_node_to_udev_node("PONIES=awesome");
+ puts(n);
+ assert_se(streq(n, "PONIES=awesome"));
diff --git a/SOURCES/0316-core-fix-property-changes-in-transient-units.patch b/SOURCES/0316-core-fix-property-changes-in-transient-units.patch
new file mode 100644
index 0000000..e1a7765
--- /dev/null
+++ b/SOURCES/0316-core-fix-property-changes-in-transient-units.patch
@@ -0,0 +1,93 @@
+From e091fcc1cc628b9e2192104c47e2be103bc8577a Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 17 Feb 2014 01:58:33 +0100
+Subject: [PATCH] core: fix property changes in transient units
+
+(cherry-picked from 6d2357247b198314d972932415d65a42f83a9b6e)
+
+Resolves: #1147524
+---
+ src/core/dbus-unit.c | 3 ---
+ src/core/unit.c | 13 ++++++-------
+ 2 files changed, 6 insertions(+), 10 deletions(-)
+
+diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
+index 2ea59b2..a185f5c 100644
+--- a/src/core/dbus-unit.c
++++ b/src/core/dbus-unit.c
+@@ -962,9 +962,6 @@ int bus_unit_set_properties(
+ assert(u);
+ assert(iter);
+
+- if (u->transient)
+- mode &= UNIT_RUNTIME;
+-
+ /* We iterate through the array twice. First run we just check
+ * if all passed data is valid, second run actually applies
+ * it. This is to implement transaction-like behaviour without
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 87a6385..e56971b 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -2904,7 +2904,6 @@ static int drop_in_file(Unit *u, UnitSetPropertiesMode mode, const char *name, c
+ assert(name);
+ assert(_p);
+ assert(_q);
+- assert(mode & (UNIT_PERSISTENT|UNIT_RUNTIME));
+
+ b = xescape(name, "/.");
+ if (!b)
+@@ -2923,7 +2922,7 @@ static int drop_in_file(Unit *u, UnitSetPropertiesMode mode, const char *name, c
+ return -ENOENT;
+
+ p = strjoin(c, "/", u->id, ".d", NULL);
+- } else if (mode & UNIT_PERSISTENT)
++ } else if (mode == UNIT_PERSISTENT && !u->transient)
+ p = strjoin("/etc/systemd/system/", u->id, ".d", NULL);
+ else
+ p = strjoin("/run/systemd/system/", u->id, ".d", NULL);
+@@ -2949,7 +2948,7 @@ int unit_write_drop_in(Unit *u, UnitSetPropertiesMode mode, const char *name, co
+ assert(name);
+ assert(data);
+
+- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
++ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+ return 0;
+
+ r = drop_in_file(u, mode, name, &p, &q);
+@@ -2969,7 +2968,7 @@ int unit_write_drop_in_format(Unit *u, UnitSetPropertiesMode mode, const char *n
+ assert(name);
+ assert(format);
+
+- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
++ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+ return 0;
+
+ va_start(ap, format);
+@@ -2992,7 +2991,7 @@ int unit_write_drop_in_private(Unit *u, UnitSetPropertiesMode mode, const char *
+ if (!UNIT_VTABLE(u)->private_section)
+ return -EINVAL;
+
+- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
++ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+ return 0;
+
+ ndata = strjoin("[", UNIT_VTABLE(u)->private_section, "]\n", data, NULL);
+@@ -3011,7 +3010,7 @@ int unit_write_drop_in_private_format(Unit *u, UnitSetPropertiesMode mode, const
+ assert(name);
+ assert(format);
+
+- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
++ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+ return 0;
+
+ va_start(ap, format);
+@@ -3030,7 +3029,7 @@ int unit_remove_drop_in(Unit *u, UnitSetPropertiesMode mode, const char *name) {
+
+ assert(u);
+
+- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
++ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+ return 0;
+
+ r = drop_in_file(u, mode, name, &p, &q);
diff --git a/SOURCES/0317-load-modules-properly-return-a-failing-error-code-if.patch b/SOURCES/0317-load-modules-properly-return-a-failing-error-code-if.patch
new file mode 100644
index 0000000..1f5b8b5
--- /dev/null
+++ b/SOURCES/0317-load-modules-properly-return-a-failing-error-code-if.patch
@@ -0,0 +1,34 @@
+From 85658c05781da6137bf8c93d1454aa588ab98696 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 18 Feb 2014 21:23:16 +0100
+Subject: [PATCH] load-modules: properly return a failing error code if some
+ module fails to load
+
+This is the missing part of b857193b1def5172e3641ca1d5bc9e08ae81aac4.
+
+(cherry-picked from 4b462d1a28461b302586b117736ef288fba1012f)
+
+Resolves: #1147524
+---
+ src/modules-load/modules-load.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c
+index cba7c55..5d2ca4d 100644
+--- a/src/modules-load/modules-load.c
++++ b/src/modules-load/modules-load.c
+@@ -306,9 +306,11 @@ int main(int argc, char *argv[]) {
+ r = k;
+ }
+
+- r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
+- if (r < 0) {
+- log_error("Failed to enumerate modules-load.d files: %s", strerror(-r));
++ k = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
++ if (k < 0) {
++ log_error("Failed to enumerate modules-load.d files: %s", strerror(-k));
++ if (r == 0)
++ r = k;
+ goto finish;
+ }
+
diff --git a/SOURCES/0318-core-unit-fix-unit_add_target_dependencies-for-units.patch b/SOURCES/0318-core-unit-fix-unit_add_target_dependencies-for-units.patch
new file mode 100644
index 0000000..26b22bd
--- /dev/null
+++ b/SOURCES/0318-core-unit-fix-unit_add_target_dependencies-for-units.patch
@@ -0,0 +1,34 @@
+From 22eebbf0b5ab380173b3d8bab558719b1f408a2e Mon Sep 17 00:00:00 2001
+From: Daniel Mack <zonque@gmail.com>
+Date: Thu, 20 Feb 2014 13:29:54 +0100
+Subject: [PATCH] core/unit: fix unit_add_target_dependencies() for units with
+ no dependencies
+
+For units without any dependencies, r needs to be initialized to 0.
+Otherwise, the return value of unit_add_target_dependencies() is
+unspecified.
+
+Conflicts:
+ src/core/unit.c
+
+(cherry-picked from db57f3c6d11864f4227bb6734a0d509695a32a7d)
+
+Resolves: #1147524
+---
+ src/core/unit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index e56971b..b51e351 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -923,8 +923,8 @@ static int unit_add_default_dependencies(Unit *u) {
+
+ Unit *target;
+ Iterator i;
+- int r;
+ unsigned k;
++ int r = 0;
+
+ assert(u);
+
diff --git a/SOURCES/0319-man-there-is-no-ExecStopPre-for-service-units.patch b/SOURCES/0319-man-there-is-no-ExecStopPre-for-service-units.patch
new file mode 100644
index 0000000..1bce347
--- /dev/null
+++ b/SOURCES/0319-man-there-is-no-ExecStopPre-for-service-units.patch
@@ -0,0 +1,27 @@
+From 7d34b04e8dc4e1253d6360eeefbfaf686f58991b Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 21 Feb 2014 15:06:44 +0100
+Subject: [PATCH] man: there is no ExecStopPre= for service units
+
+https://bugs.freedesktop.org/show_bug.cgi?id=73177
+
+(cherry-picked from c32acc96ef74d13d0059a680cdede5f05db1981a)
+
+Resolves: #1147524
+---
+ man/systemd.service.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/systemd.service.xml b/man/systemd.service.xml
+index 4fb21ba..80d6951 100644
+--- a/man/systemd.service.xml
++++ b/man/systemd.service.xml
+@@ -678,7 +678,7 @@ ExecStart=/bin/echo $ONE $TWO ${TWO}
+ specified with
+ <varname>ExecStartPre=</varname>,
+ <varname>ExecStartPost=</varname>,
+- <varname>ExecStopPre=</varname>,
++ <varname>ExecStop=</varname>,
+ <varname>ExecStopPost=</varname>, or
+ <varname>ExecReload=</varname>.
+ When the death of the process is a
diff --git a/SOURCES/0320-man-document-that-per-interface-sysctl-variables-are.patch b/SOURCES/0320-man-document-that-per-interface-sysctl-variables-are.patch
new file mode 100644
index 0000000..9a6d9a6
--- /dev/null
+++ b/SOURCES/0320-man-document-that-per-interface-sysctl-variables-are.patch
@@ -0,0 +1,36 @@
+From 1c06bbbcbc55b2404cdece020411f06b28b4b2b3 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Sun, 23 Feb 2014 16:43:19 +0100
+Subject: [PATCH] man: document that per-interface sysctl variables are applied
+ as network interfaces show up
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1062955
+
+(cherry-picked from 8f03fd08911016d8bbcad5892b2c07b30a4c2306)
+
+Resolves: #1147524
+---
+ man/sysctl.d.xml | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml
+index 5544283..00a857b 100644
+--- a/man/sysctl.d.xml
++++ b/man/sysctl.d.xml
+@@ -103,6 +103,16 @@
+ <filename>/dev/null</filename> in
+ <filename>/etc/sysctl.d/</filename> bearing the
+ same filename.</para>
++
++ <para>The settings configured with
++ <filename>sysctl.d</filename> files will be applied
++ early on boot. The network interface-specific options
++ will also be applied individually for each network
++ interface as it shows up in the system. (More
++ specifically, that is
++ <filename>net.ipv4.conf.*</filename>,
++ <filename>net.ipv6.conf.*</filename>,
++ <filename>net.ipv4.neigh.*</filename> and <filename>net.ipv6.neigh.*</filename>)</para>
+ </refsect1>
+
+ <refsect1>
diff --git a/SOURCES/0321-journal-downgrade-vaccuum-message-to-debug-level.patch b/SOURCES/0321-journal-downgrade-vaccuum-message-to-debug-level.patch
new file mode 100644
index 0000000..f136f6a
--- /dev/null
+++ b/SOURCES/0321-journal-downgrade-vaccuum-message-to-debug-level.patch
@@ -0,0 +1,27 @@
+From 68272275166ad738ccf7c70ac0a6b8c72470c95f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Sun, 23 Feb 2014 17:05:37 +0100
+Subject: [PATCH] journal: downgrade vaccuum message to debug level
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1047148
+
+(cherry-picked from 3bb621e1e66b704c0c2dcef31c66f7c646dd47f6)
+
+Resolves: #1147524
+---
+ src/journal/journal-vacuum.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/journal/journal-vacuum.c b/src/journal/journal-vacuum.c
+index d4a1c6c..88c67a1 100644
+--- a/src/journal/journal-vacuum.c
++++ b/src/journal/journal-vacuum.c
+@@ -336,7 +336,7 @@ finish:
+ free(list[i].filename);
+ free(list);
+
+- log_info("Vacuuming done, freed %"PRIu64" bytes", freed);
++ log_debug("Vacuuming done, freed %"PRIu64" bytes", freed);
+
+ return r;
+ }
diff --git a/SOURCES/0322-logs-show-fix-corrupt-output-with-empty-messages.patch b/SOURCES/0322-logs-show-fix-corrupt-output-with-empty-messages.patch
new file mode 100644
index 0000000..bc7025c
--- /dev/null
+++ b/SOURCES/0322-logs-show-fix-corrupt-output-with-empty-messages.patch
@@ -0,0 +1,42 @@
+From b5915d4a5870668442d3ef08a3b1f6b0028ea97f Mon Sep 17 00:00:00 2001
+From: Uoti Urpala <uoti.urpala@pp1.inet.fi>
+Date: Thu, 20 Feb 2014 03:00:09 +0200
+Subject: [PATCH] logs-show: fix corrupt output with empty messages
+
+If a message had zero length, journalctl would print no newline, and
+two output lines would be concatenated. Fix. The problem was
+introduced in commit 31f7bf199452 ("logs-show: print multiline
+messages"). Affected short and verbose output modes.
+
+Before fix:
+
+Feb 09 21:16:17 glyph dhclient[1323]: Feb 09 21:16:17 glyph NetworkManager[788]: <info> (enp4s2): DHCPv4 state changed nbi -> preinit
+
+after:
+
+Feb 09 21:16:17 glyph dhclient[1323]:
+Feb 09 21:16:17 glyph NetworkManager[788]: <info> (enp4s2): DHCPv4 state changed nbi -> preinit
+
+(cherry-picked from 47d80904a1f72d559962cc5ad32fffd46672a34a)
+
+Resolves: #1147524
+---
+ src/shared/logs-show.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
+index 7bb19b4..91eefb3 100644
+--- a/src/shared/logs-show.c
++++ b/src/shared/logs-show.c
+@@ -121,6 +121,11 @@ static bool print_multiline(FILE *f, unsigned prefix, unsigned n_columns, Output
+ }
+ }
+
++ /* A special case: make sure that we print a newline when
++ the message is empty. */
++ if (message_len == 0)
++ fputs("\n", f);
++
+ for (pos = message;
+ pos < message + message_len;
+ pos = end + 1, line++) {
diff --git a/SOURCES/0323-journalctl-refuse-extra-arguments-with-verify-and-si.patch b/SOURCES/0323-journalctl-refuse-extra-arguments-with-verify-and-si.patch
new file mode 100644
index 0000000..289f375
--- /dev/null
+++ b/SOURCES/0323-journalctl-refuse-extra-arguments-with-verify-and-si.patch
@@ -0,0 +1,31 @@
+From f951a4b2dbbfdb8c387a802d0ae56ce47470f679 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 26 Feb 2014 23:01:43 -0500
+Subject: [PATCH] journalctl: refuse extra arguments with --verify and similar
+
+Positional arguments only make sense with the default action.
+For other actions, complain instead of ignoring them silently.
+
+(cherry-picked from 0b6b7c2004317da48e5bbd3078c5662d8f0061b6)
+
+Resolves: #1147524
+---
+ src/journal/journalctl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
+index 54e3ddd..3113e65 100644
+--- a/src/journal/journalctl.c
++++ b/src/journal/journalctl.c
+@@ -584,6 +584,11 @@ static int parse_argv(int argc, char *argv[]) {
+ return -EINVAL;
+ }
+
++ if (arg_action != ACTION_SHOW && optind < argc) {
++ log_error("Extraneous arguments starting with '%s'", argv[optind]);
++ return -EINVAL;
++ }
++
+ return 1;
+ }
+
diff --git a/SOURCES/0324-journal-assume-that-next-entry-is-after-previous-ent.patch b/SOURCES/0324-journal-assume-that-next-entry-is-after-previous-ent.patch
new file mode 100644
index 0000000..6186ad2
--- /dev/null
+++ b/SOURCES/0324-journal-assume-that-next-entry-is-after-previous-ent.patch
@@ -0,0 +1,71 @@
+From 559cbd8367f3eb2c7ce49f923a688e7f83c5b439 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 27 Feb 2014 00:07:29 -0500
+Subject: [PATCH] journal: assume that next entry is after previous entry
+
+With a corrupted file, we can get in a situation where two entries
+in the entry array point to the same object. Then journal_file_next_entry
+will find the first one using generic_arrray_bisect, and try to move to
+the second one, but since the address is the same, generic_array_get will
+return the first one. journal_file_next_entry ends up in an infinite loop.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1047039
+
+(cherry-picked from fb099c8d2af6620db2709e826a258089d10cdfe8)
+
+Resolves: #1147524
+---
+ src/journal/journal-file.c | 26 ++++++++++++++++++++------
+ 1 file changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
+index 9dbd674..f101a1f 100644
+--- a/src/journal/journal-file.c
++++ b/src/journal/journal-file.c
+@@ -1359,7 +1359,7 @@ int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const st
+ }
+
+ typedef struct ChainCacheItem {
+- uint64_t first; /* the array at the begin of the chain */
++ uint64_t first; /* the array at the beginning of the chain */
+ uint64_t array; /* the cached array */
+ uint64_t begin; /* the first item in the cached array */
+ uint64_t total; /* the total number of items in all arrays before this one in the chain */
+@@ -1945,7 +1945,7 @@ int journal_file_next_entry(
+ direction_t direction,
+ Object **ret, uint64_t *offset) {
+
+- uint64_t i, n;
++ uint64_t i, n, ofs;
+ int r;
+
+ assert(f);
+@@ -1986,10 +1986,24 @@ int journal_file_next_entry(
+ }
+
+ /* And jump to it */
+- return generic_array_get(f,
+- le64toh(f->header->entry_array_offset),
+- i,
+- ret, offset);
++ r = generic_array_get(f,
++ le64toh(f->header->entry_array_offset),
++ i,
++ ret, &ofs);
++ if (r <= 0)
++ return r;
++
++ if (p > 0 &&
++ (direction == DIRECTION_DOWN ? ofs <= p : ofs >= p)) {
++ log_debug("%s: entry array corrupted at entry %"PRIu64,
++ f->path, i);
++ return -EBADMSG;
++ }
++
++ if (offset)
++ *offset = ofs;
++
++ return 1;
+ }
+
+ int journal_file_skip_entry(
diff --git a/SOURCES/0325-journal-forget-file-after-encountering-an-error.patch b/SOURCES/0325-journal-forget-file-after-encountering-an-error.patch
new file mode 100644
index 0000000..bce17cd
--- /dev/null
+++ b/SOURCES/0325-journal-forget-file-after-encountering-an-error.patch
@@ -0,0 +1,75 @@
+From 1ff08dbb562d007bbca2323ab219324058fe8adb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 27 Feb 2014 00:11:54 -0500
+Subject: [PATCH] journal: forget file after encountering an error
+
+If we encounter an inconsistency in a file, let's just
+ignore it. Otherwise, after previous patch, we would try,
+and fail, to use this file in every invocation of sd_journal_next
+or sd_journal_previous that happens afterwards.
+
+(cherry-picked from a9a245c128af6c0418085062c60251bc51fa4a94)
+
+Resolves: #1147524
+---
+ src/journal/sd-journal.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
+index 67a77e6..8e3bb0c 100644
+--- a/src/journal/sd-journal.c
++++ b/src/journal/sd-journal.c
+@@ -50,6 +50,8 @@
+
+ #define DEFAULT_DATA_THRESHOLD (64*1024)
+
++static void remove_file_real(sd_journal *j, JournalFile *f);
++
+ static bool journal_pid_changed(sd_journal *j) {
+ assert(j);
+
+@@ -895,6 +897,7 @@ static int real_journal_next(sd_journal *j, direction_t direction) {
+ r = next_beyond_location(j, f, direction, &o, &p);
+ if (r < 0) {
+ log_debug("Can't iterate through %s, ignoring: %s", f->path, strerror(-r));
++ remove_file_real(j, f);
+ continue;
+ } else if (r == 0)
+ continue;
+@@ -1368,7 +1371,7 @@ static int add_file(sd_journal *j, const char *prefix, const char *filename) {
+ }
+
+ static int remove_file(sd_journal *j, const char *prefix, const char *filename) {
+- char *path;
++ _cleanup_free_ char *path;
+ JournalFile *f;
+
+ assert(j);
+@@ -1380,10 +1383,17 @@ static int remove_file(sd_journal *j, const char *prefix, const char *filename)
+ return -ENOMEM;
+
+ f = hashmap_get(j->files, path);
+- free(path);
+ if (!f)
+ return 0;
+
++ remove_file_real(j, f);
++ return 0;
++}
++
++static void remove_file_real(sd_journal *j, JournalFile *f) {
++ assert(j);
++ assert(f);
++
+ hashmap_remove(j->files, f->path);
+
+ log_debug("File %s removed.", f->path);
+@@ -1401,8 +1411,6 @@ static int remove_file(sd_journal *j, const char *prefix, const char *filename)
+ journal_file_close(f);
+
+ j->current_invalidate_counter ++;
+-
+- return 0;
+ }
+
+ static int add_directory(sd_journal *j, const char *prefix, const char *dirname) {
diff --git a/SOURCES/0326-man-update-link-to-LSB.patch b/SOURCES/0326-man-update-link-to-LSB.patch
new file mode 100644
index 0000000..64a213c
--- /dev/null
+++ b/SOURCES/0326-man-update-link-to-LSB.patch
@@ -0,0 +1,36 @@
+From da1a97ff0f6637cb2e1d68ab0289b0f1125dc4df Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 6 Mar 2014 08:10:19 -0500
+Subject: [PATCH] man: update link to LSB
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1073402
+
+(cherry-picked from 27d14fb331ba8144f99f4da2d13f15cf5c8b8a9f)
+
+Resolves: #1147524
+---
+ man/daemon.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/daemon.xml b/man/daemon.xml
+index 105826a..418a7e9 100644
+--- a/man/daemon.xml
++++ b/man/daemon.xml
+@@ -251,7 +251,7 @@
+ detect service errors and problems. It
+ is recommended to follow the exit code
+ scheme as defined in the <ulink
+- url="http://refspecs.freestandards.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
++ url="http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
+ recommendations for SysV init
+ scripts</ulink>.</para></listitem>
+
+@@ -394,7 +394,7 @@
+ exclusively on boot (and manually by the
+ administrator) via SysV init scripts, as
+ detailed in the <ulink
+- url="http://refspecs.freestandards.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
++ url="http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
+ Linux Standard Base Core
+ Specification</ulink>. This method of
+ activation is supported ubiquitously on Linux
diff --git a/SOURCES/0327-man-systemd-bootchart-fix-spacing-in-command.patch b/SOURCES/0327-man-systemd-bootchart-fix-spacing-in-command.patch
new file mode 100644
index 0000000..d3a958b
--- /dev/null
+++ b/SOURCES/0327-man-systemd-bootchart-fix-spacing-in-command.patch
@@ -0,0 +1,29 @@
+From a7711e81f0192e06fbc97705bf757410fc33724c Mon Sep 17 00:00:00 2001
+From: Zachary Cook <zachcook1991@gmail.com>
+Date: Thu, 6 Mar 2014 03:49:49 -0500
+Subject: [PATCH] man: systemd-bootchart - fix spacing in command
+
+Use the same formatting as the systemd-analyze man page, so that man shows a space.
+
+(cherry-picked from 82ed60080d327d7301fcd55f5a1f8511f894b9d5)
+
+Resolves: #1147524
+---
+ man/systemd-bootchart.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/systemd-bootchart.xml b/man/systemd-bootchart.xml
+index ae432b5..818afa1 100644
+--- a/man/systemd-bootchart.xml
++++ b/man/systemd-bootchart.xml
+@@ -76,8 +76,8 @@
+ in which order, and where possible problems
+ exist in the startup sequence of the system.
+ It is essentially a more detailed version of
+- the <command>systemd-analyze</command>
+- <command>plot</command> function.
++ the <command>systemd-analyze plot</command>
++ function.
+ </para>
+ <para>
+ Of course, bootchart can also be used at any
diff --git a/SOURCES/0328-man-add-missing-comma.patch b/SOURCES/0328-man-add-missing-comma.patch
new file mode 100644
index 0000000..91e4440
--- /dev/null
+++ b/SOURCES/0328-man-add-missing-comma.patch
@@ -0,0 +1,27 @@
+From 958e9706f20d69608c703808731bb9ff523d8462 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 6 Mar 2014 23:54:13 -0500
+Subject: [PATCH] man: add missing comma
+
+marcosf0> missing comma in udevadm "see also" section
+
+(cherry-picked from 7d06ef0a5cd2f0a4e021d3d12f3841cce529e0f2)
+
+Resolves: #1147524
+---
+ man/udevadm.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/udevadm.xml b/man/udevadm.xml
+index ca3713f..6fc6783 100644
+--- a/man/udevadm.xml
++++ b/man/udevadm.xml
+@@ -514,7 +514,7 @@
+ <title>See Also</title>
+ <para><citerefentry>
+ <refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum>
+- </citerefentry>
++ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry></para>
diff --git a/SOURCES/0329-units-Do-not-unescape-instance-name-in-systemd-backl.patch b/SOURCES/0329-units-Do-not-unescape-instance-name-in-systemd-backl.patch
new file mode 100644
index 0000000..3f9d6c3
--- /dev/null
+++ b/SOURCES/0329-units-Do-not-unescape-instance-name-in-systemd-backl.patch
@@ -0,0 +1,39 @@
+From 51aa47339565893e48a3533250d392fcdb80a675 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20B=C3=A4chler?= <thomas@archlinux.org>
+Date: Fri, 7 Mar 2014 01:50:34 +0100
+Subject: [PATCH] units: Do not unescape instance name in
+ systemd-backlight@.service
+
+The instance name is never escaped in the udev rule, but unescaped in the unit.
+This results in the following error message on Asus boards:
+
+ Failed to get backlight or LED device 'backlight:eeepc/wmi': No such file or directory
+
+(cherry-picked from 6c49212741253dae05b89d22374186f092ef1e5a)
+
+Resolves: #1147524
+---
+ units/systemd-backlight@.service.in | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in
+index 5caa5d5..e945d87 100644
+--- a/units/systemd-backlight@.service.in
++++ b/units/systemd-backlight@.service.in
+@@ -6,7 +6,7 @@
+ # (at your option) any later version.
+
+ [Unit]
+-Description=Load/Save Screen Backlight Brightness of %I
++Description=Load/Save Screen Backlight Brightness of %i
+ Documentation=man:systemd-backlight@.service(8)
+ DefaultDependencies=no
+ RequiresMountsFor=/var/lib/systemd/backlight
+@@ -17,5 +17,5 @@ Before=sysinit.target shutdown.target
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+-ExecStart=@rootlibexecdir@/systemd-backlight load %I
+-ExecStop=@rootlibexecdir@/systemd-backlight save %I
++ExecStart=@rootlibexecdir@/systemd-backlight load %i
++ExecStop=@rootlibexecdir@/systemd-backlight save %i
diff --git a/SOURCES/0330-manager-flush-memory-stream-before-using-the-buffer.patch b/SOURCES/0330-manager-flush-memory-stream-before-using-the-buffer.patch
new file mode 100644
index 0000000..c3ad052
--- /dev/null
+++ b/SOURCES/0330-manager-flush-memory-stream-before-using-the-buffer.patch
@@ -0,0 +1,75 @@
+From 0fca5aae90d5a4e292db8db7b9c31c8390799368 Mon Sep 17 00:00:00 2001
+From: Daniel Mack <zonque@gmail.com>
+Date: Fri, 7 Mar 2014 14:43:59 +0100
+Subject: [PATCH] manager: flush memory stream before using the buffer
+
+When the manager receives a SIGUSR2 signal, it opens a memory stream
+with open_memstream(), uses the returned file handle for logging, and
+dumps the logged content with log_dump().
+
+However, the char* buffer is only safe to use after the file handle has
+been flushed with fflush, as the man pages states:
+
+ When the stream is closed (fclose(3)) or flushed (fflush(3)), the
+ locations pointed to by ptr and sizeloc are updated to contain,
+ respectively, a pointer to the buffer and the current size of the
+ buffer.
+ These values remain valid only as long as the caller performs no
+ further output on the stream. If further output is performed, then the
+ stream must again be flushed before trying to access these variables.
+
+Without that call, dump remains NULL and the daemon crashes in
+log_dump().
+
+Conflicts:
+ src/core/manager.c
+
+(cherry-picked from b2cdc6664ef6b56e47d38649d69b9943d9f9f5d0)
+
+Resolves: #1147524
+---
+ src/core/manager.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 4ad26e1..e48ea36 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1536,11 +1536,12 @@ static int manager_process_signal_fd(Manager *m) {
+ }
+
+ case SIGUSR2: {
+- FILE *f;
+- char *dump = NULL;
++ _cleanup_free_ char *dump = NULL;
++ _cleanup_fclose_ FILE *f = NULL;
+ size_t size;
+
+- if (!(f = open_memstream(&dump, &size))) {
++ f = open_memstream(&dump, &size);
++ if (!f) {
+ log_warning("Failed to allocate memory stream.");
+ break;
+ }
+@@ -1549,16 +1550,16 @@ static int manager_process_signal_fd(Manager *m) {
+ manager_dump_jobs(m, f, "\t");
+
+ if (ferror(f)) {
+- fclose(f);
+- free(dump);
+ log_warning("Failed to write status stream");
+ break;
+ }
+
+- fclose(f);
+- log_dump(LOG_INFO, dump);
+- free(dump);
++ if (fflush(f)) {
++ log_warning("Failed to flush status stream");
++ break;
++ }
+
++ log_dump(LOG_INFO, dump);
+ break;
+ }
+
diff --git a/SOURCES/0331-man-multiple-sleep-modes-are-to-be-separated-by-whit.patch b/SOURCES/0331-man-multiple-sleep-modes-are-to-be-separated-by-whit.patch
new file mode 100644
index 0000000..d52f697
--- /dev/null
+++ b/SOURCES/0331-man-multiple-sleep-modes-are-to-be-separated-by-whit.patch
@@ -0,0 +1,63 @@
+From ccbe3369a69af38dbf8fdf3a0a1b27ba534506ea Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 11 Mar 2014 05:23:39 +0100
+Subject: [PATCH] man: multiple sleep modes are to be separated by whitespace,
+ not commas
+
+As pointed out by Jason A. Donenfeld.
+
+Conflicts:
+ man/systemd-sleep.conf.xml
+
+(cherry-picked from 252094eb05c58270a0bc35b14ad30a126ddbb3bb)
+
+Resolves: #1147524
+---
+ man/systemd-sleep.conf.xml | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/man/systemd-sleep.conf.xml b/man/systemd-sleep.conf.xml
+index dc4b0da..d0ea6d8 100644
+--- a/man/systemd-sleep.conf.xml
++++ b/man/systemd-sleep.conf.xml
+@@ -127,10 +127,10 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ <citerefentry><refentrytitle>systemd-suspend.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-hibernate.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, or
+ <citerefentry><refentrytitle>systemd-hybrid-sleep.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+- More than one value can be specified by seperating
+- multiple values with commas. They will be tried
++ More than one value can be specified by separating
++ multiple values with whitespace. They will be tried
+ in turn, until one is written without error. If
+- neither suceeds, the operation will be aborted.
++ neither succeeds, the operation will be aborted.
+ </para></listitem>
+ </varlistentry>
+
+@@ -145,10 +145,10 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ <citerefentry><refentrytitle>systemd-suspend.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-hibernate.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, or
+ <citerefentry><refentrytitle>systemd-hybrid-sleep.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+- More than one value can be specified by seperating
+- multiple values with commas. They will be tried
++ More than one value can be specified by separating
++ multiple values with whitespace. They will be tried
+ in turn, until one is written without error. If
+- neither suceeds, the operation will be aborted.
++ neither succeeds, the operation will be aborted.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+@@ -160,10 +160,8 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ <para>Example: to exploit the <quote>freeze</quote> mode added
+ in Linux 3.9, one can use <command>systemctl suspend</command>
+ with
+- <programlisting>
+-[Sleep]
+-SuspendState=freeze
+- </programlisting></para>
++ <programlisting>[Sleep]
++SuspendState=freeze</programlisting></para>
+ </refsect1>
+
+ <refsect1>
diff --git a/SOURCES/0332-man-fix-description-of-systemctl-after-before.patch b/SOURCES/0332-man-fix-description-of-systemctl-after-before.patch
new file mode 100644
index 0000000..beb81e2
--- /dev/null
+++ b/SOURCES/0332-man-fix-description-of-systemctl-after-before.patch
@@ -0,0 +1,30 @@
+From 603f2c62ba1a64aa22223b66dfdd455ca6589b91 Mon Sep 17 00:00:00 2001
+From: Andrey Borzenkov <arvidjaar@gmail.com>
+Date: Fri, 21 Feb 2014 20:44:06 +0400
+Subject: [PATCH] man: fix description of systemctl --after/--before
+
+It was backward - --after fetches After property, so units shown really
+come *before* unit given as argument. Same for --before.
+
+(cherry-picked from 4a77ca700d1841c2b8a86ed5b7f3495db61c236d)
+
+Resolves: #1147524
+---
+ man/systemctl.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index d1fda61..045d520 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -176,8 +176,8 @@ systemctl start foo
+ <term><option>--before</option></term>
+
+ <listitem>
+- <para>Show which units are started after or before
+- with <command>list-dependencies</command>, respectively.
++ <para>Show after (before) which units the specified unit is started
++ with <command>list-dependencies</command>.
+ </para>
+ </listitem>
+ </varlistentry>
diff --git a/SOURCES/0333-udev-properly-detect-reference-to-unexisting-part-of.patch b/SOURCES/0333-udev-properly-detect-reference-to-unexisting-part-of.patch
new file mode 100644
index 0000000..8969cb5
--- /dev/null
+++ b/SOURCES/0333-udev-properly-detect-reference-to-unexisting-part-of.patch
@@ -0,0 +1,26 @@
+From 2e13dee991178518480d68e89d323666b047d182 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Mon, 24 Feb 2014 17:06:21 +0100
+Subject: [PATCH] udev: properly detect reference to unexisting part of
+ PROGRAM's result
+
+(cherry-picked from 66390abefae6530981446970ffd7ff4d1085e254)
+
+Resolves: #1147524
+---
+ src/udev/udev-event.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index d69d7ba..aa7c793 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -254,6 +254,8 @@ subst:
+ cpos++;
+ while (isspace(cpos[0]))
+ cpos++;
++ if (cpos[0] == '\0')
++ break;
+ }
+ if (i > 0) {
+ log_error("requested part of result string not found\n");
diff --git a/SOURCES/0334-gpt-auto-generator-don-t-return-OOM-on-parentless-de.patch b/SOURCES/0334-gpt-auto-generator-don-t-return-OOM-on-parentless-de.patch
new file mode 100644
index 0000000..ac3d6d0
--- /dev/null
+++ b/SOURCES/0334-gpt-auto-generator-don-t-return-OOM-on-parentless-de.patch
@@ -0,0 +1,25 @@
+From c8135d12561727f7ed8513cb5f113866ee963194 Mon Sep 17 00:00:00 2001
+From: Tomasz Torcz <tomek@pipebreaker.pl>
+Date: Wed, 12 Mar 2014 19:25:11 +0100
+Subject: [PATCH] gpt-auto-generator: don't return OOM on parentless devices
+
+(cherry-picked from 9c4495ca561624c2f0085507dd1288ed5f1247c5)
+
+Resolves: #1147524
+---
+ src/gpt-auto-generator/gpt-auto-generator.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
+index 8436d26..6a4c9d8 100644
+--- a/src/gpt-auto-generator/gpt-auto-generator.c
++++ b/src/gpt-auto-generator/gpt-auto-generator.c
+@@ -252,7 +252,7 @@ static int enumerate_partitions(struct udev *udev, dev_t dev) {
+
+ parent = udev_device_get_parent(d);
+ if (!parent)
+- return log_oom();
++ return 0;
+
+ r = udev_enumerate_add_match_parent(e, parent);
+ if (r < 0)
diff --git a/SOURCES/0335-man-improve-wording-of-systemctl-s-after-before.patch b/SOURCES/0335-man-improve-wording-of-systemctl-s-after-before.patch
new file mode 100644
index 0000000..eaaf62b
--- /dev/null
+++ b/SOURCES/0335-man-improve-wording-of-systemctl-s-after-before.patch
@@ -0,0 +1,57 @@
+From 8c346633426ec3476f87e7558407b75d9da1d5a4 Mon Sep 17 00:00:00 2001
+From: "Jason St. John" <jstjohn@purdue.edu>
+Date: Mon, 17 Mar 2014 00:03:46 -0400
+Subject: [PATCH] man: improve wording of systemctl's --after/--before
+
+Commit 4a77ca7 was an attempt at fixing the wording of --after and --before,
+but the new wording was unclear.
+
+Split the combined --after/--before section into a separate section for
+each, explicitly state what each option does, and add information about
+how these lists are generated.
+
+Reported-by: Andrey Borzenkov <arvidjaar@gmail.com>
+Reported-by: Lennart Poettering <lennart@poettering.net>
+
+(cherry-picked from 9029f64298cb70c12ecf638fddee7f41b056fcf1)
+
+Resolves: #1147524
+---
+ man/systemctl.xml | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index 045d520..cb63bb0 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -173,12 +173,27 @@ systemctl start foo
+
+ <varlistentry>
+ <term><option>--after</option></term>
++
++ <listitem>
++ <para>With <command>list-dependencies</command>, show the
++ units that are ordered before the specified unit. In other
++ words, list the units that are in the <varname>After=</varname>
++ directive of the specified unit, have the specified unit in
++ their <varname>Before=</varname> directive, or are otherwise
++ implicit dependencies of the specified unit.</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term><option>--before</option></term>
+
+ <listitem>
+- <para>Show after (before) which units the specified unit is started
+- with <command>list-dependencies</command>.
+- </para>
++ <para>With <command>list-dependencies</command>, show the
++ units that are ordered after the specified unit. In other
++ words, list the units that are in the <varname>Before=</varname>
++ directive of the specified unit, have the specified unit in
++ their <varname>After=</varname> directive, or otherwise depend
++ on the specified unit.</para>
+ </listitem>
+ </varlistentry>
+
diff --git a/SOURCES/0336-cgroup-it-s-not-OK-to-invoke-alloca-in-loops.patch b/SOURCES/0336-cgroup-it-s-not-OK-to-invoke-alloca-in-loops.patch
new file mode 100644
index 0000000..25952cb
--- /dev/null
+++ b/SOURCES/0336-cgroup-it-s-not-OK-to-invoke-alloca-in-loops.patch
@@ -0,0 +1,80 @@
+From aab1a9e316bfa55ab41ecad102c90c6b7eeac52e Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 18 Mar 2014 04:06:36 +0100
+Subject: [PATCH] cgroup: it's not OK to invoke alloca() in loops
+
+(cherry-picked from a641dcd9bf05418d6a6c165e1c0cff615b4a0f47)
+
+Resolves: #1147524
+---
+ src/core/mount-setup.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 4359f59..679f289 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -210,10 +210,10 @@ int mount_setup_early(void) {
+ }
+
+ int mount_cgroup_controllers(char ***join_controllers) {
+- int r;
+- char buf[LINE_MAX];
+ _cleanup_set_free_free_ Set *controllers = NULL;
+ _cleanup_fclose_ FILE *f;
++ char buf[LINE_MAX];
++ int r;
+
+ /* Mount all available cgroup controllers that are built into the kernel. */
+
+@@ -256,6 +256,7 @@ int mount_cgroup_controllers(char ***join_controllers) {
+ }
+
+ for (;;) {
++ _cleanup_free_ char *options = NULL, *controller = NULL, *where = NULL;
+ MountPoint p = {
+ .what = "cgroup",
+ .type = "cgroup",
+@@ -263,7 +264,6 @@ int mount_cgroup_controllers(char ***join_controllers) {
+ .mode = MNT_IN_CONTAINER,
+ };
+ char ***k = NULL;
+- _cleanup_free_ char *options = NULL, *controller;
+
+ controller = set_steal_first(controllers);
+ if (!controller)
+@@ -280,7 +280,7 @@ int mount_cgroup_controllers(char ***join_controllers) {
+ for (i = *k, j = *k; *i; i++) {
+
+ if (!streq(*i, controller)) {
+- char _cleanup_free_ *t;
++ _cleanup_free_ char *t;
+
+ t = set_remove(controllers, *i);
+ if (!t) {
+@@ -302,7 +302,11 @@ int mount_cgroup_controllers(char ***join_controllers) {
+ controller = NULL;
+ }
+
+- p.where = strappenda("/sys/fs/cgroup/", options);
++ where = strappend("/sys/fs/cgroup/", options);
++ if (!where)
++ return log_oom();
++
++ p.where = where;
+ p.options = options;
+
+ r = mount_one(&p, true);
+@@ -313,7 +317,11 @@ int mount_cgroup_controllers(char ***join_controllers) {
+ char **i;
+
+ for (i = *k; *i; i++) {
+- char *t = strappenda("/sys/fs/cgroup/", *i);
++ _cleanup_free_ char *t = NULL;
++
++ t = strappend("/sys/fs/cgroup/", *i);
++ if (!t)
++ return log_oom();
+
+ r = symlink(options, t);
+ if (r < 0 && errno != EEXIST) {
diff --git a/SOURCES/0337-core-don-t-try-to-relabel-mounts-before-we-loaded-th.patch b/SOURCES/0337-core-don-t-try-to-relabel-mounts-before-we-loaded-th.patch
new file mode 100644
index 0000000..bcb14c8
--- /dev/null
+++ b/SOURCES/0337-core-don-t-try-to-relabel-mounts-before-we-loaded-th.patch
@@ -0,0 +1,28 @@
+From 5e102f2c8212a94b3a5221b5cf79eaafef693cc7 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 24 Mar 2014 21:04:02 +0100
+Subject: [PATCH] core: don't try to relabel mounts before we loaded the policy
+
+(cherry-picked from c4bfd1691f4d3e26d6d7f34dbca941e119956e8a)
+
+Resolves: #1147524
+---
+ src/core/mount-setup.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 679f289..cff83d3 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -166,7 +166,10 @@ static int mount_one(const MountPoint *p, bool relabel) {
+
+ /* The access mode here doesn't really matter too much, since
+ * the mounted file system will take precedence anyway. */
+- mkdir_p_label(p->where, 0755);
++ if (relabel)
++ mkdir_p_label(p->where, 0755);
++ else
++ mkdir_p(p->where, 0755);
+
+ log_debug("Mounting %s to %s of type %s with options %s.",
+ p->what,
diff --git a/SOURCES/0338-systemctl-kill-mode-is-long-long-gone-don-t-mention-.patch b/SOURCES/0338-systemctl-kill-mode-is-long-long-gone-don-t-mention-.patch
new file mode 100644
index 0000000..aa89da3
--- /dev/null
+++ b/SOURCES/0338-systemctl-kill-mode-is-long-long-gone-don-t-mention-.patch
@@ -0,0 +1,53 @@
+From 597dd2168bb3e7f62842b07c9df1bb7c7c47b793 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 25 Mar 2014 00:31:48 +0100
+Subject: [PATCH] systemctl: --kill-mode is long long gone, don't mention it in
+ the man page
+
+(cherry-picked from 0088d63151e088d62104d88f866e9eb049091c22)
+
+Resolves: #1147524
+---
+ man/systemctl.xml | 5 ++---
+ shell-completion/bash/systemctl | 5 +----
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index cb63bb0..f68b606 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -672,9 +672,8 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
+ <listitem>
+ <para>Send a signal to one or more processes of the
+ unit. Use <option>--kill-who=</option> to select which
+- process to kill. Use <option>--kill-mode=</option> to select
+- the kill mode and <option>--signal=</option> to select the
+- signal to send.</para>
++ process to kill. Use <option>--signal=</option> to select
++ the signal to send.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+diff --git a/shell-completion/bash/systemctl b/shell-completion/bash/systemctl
+index efe8485..cbf0eb7 100644
+--- a/shell-completion/bash/systemctl
++++ b/shell-completion/bash/systemctl
+@@ -74,7 +74,7 @@ _systemctl () {
+ [STANDALONE]='--all -a --reverse --after --before --defaults --fail --ignore-dependencies --failed --force -f --full -l --global
+ --help -h --no-ask-password --no-block --no-legend --no-pager --no-reload --no-wall
+ --quiet -q --privileged -P --system --user --version --runtime'
+- [ARG]='--host -H --kill-mode --kill-who --property -p --signal -s --type -t --state --root'
++ [ARG]='--host -H --kill-who --property -p --signal -s --type -t --state --root'
+ )
+
+ local -A PROPS='CPUAccounting= MemoryAccounting= BlockIOAccounting= MemoryLimit= CPUShares= BlockIOWeight= DevicePolicy= DeviceAllow= BlockIOReadBandwidth= BlockIOWriteBandwidth= BlockIODeviceWeight='
+@@ -101,9 +101,6 @@ _systemctl () {
+ --kill-who)
+ comps='all control main'
+ ;;
+- --kill-mode)
+- comps='control-group process'
+- ;;
+ --root)
+ comps=$(compgen -A directory -- "$cur" )
+ compopt -o filenames
diff --git a/SOURCES/0339-ask-password-when-the-user-types-a-overly-long-passw.patch b/SOURCES/0339-ask-password-when-the-user-types-a-overly-long-passw.patch
new file mode 100644
index 0000000..ba22ef7
--- /dev/null
+++ b/SOURCES/0339-ask-password-when-the-user-types-a-overly-long-passw.patch
@@ -0,0 +1,34 @@
+From e02c7fe6cff60803c19dcfe3c21c69bc9c8bdef8 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 25 Mar 2014 01:27:05 +0100
+Subject: [PATCH] ask-password: when the user types a overly long password,
+ beep and refuse
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Based on a similar patch from David Härdeman.
+
+(cherry-picked from 036eeac5a1799fa2c0ae11a14d8c667b5d303189)
+
+Resolves: #1147524
+---
+ src/shared/ask-password-api.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
+index 4557155..25367d0 100644
+--- a/src/shared/ask-password-api.c
++++ b/src/shared/ask-password-api.c
+@@ -207,6 +207,11 @@ int ask_password_tty(
+ if (ttyfd >= 0)
+ loop_write(ttyfd, "(no echo) ", 10, false);
+ } else {
++ if (p >= sizeof(passphrase)-1) {
++ loop_write(ttyfd, "\a", 1, false);
++ continue;
++ }
++
+ passphrase[p++] = c;
+
+ if (!silent_mode && ttyfd >= 0)
diff --git a/SOURCES/0340-logind-don-t-print-error-if-devices-vanish-during-AC.patch b/SOURCES/0340-logind-don-t-print-error-if-devices-vanish-during-AC.patch
new file mode 100644
index 0000000..3a196d3
--- /dev/null
+++ b/SOURCES/0340-logind-don-t-print-error-if-devices-vanish-during-AC.patch
@@ -0,0 +1,39 @@
+From 02d57e30f6e8f0a1f0828d4ee0e1d3b87b54d8f6 Mon Sep 17 00:00:00 2001
+From: David Herrmann <dh.herrmann@gmail.com>
+Date: Wed, 2 Apr 2014 16:20:13 +0200
+Subject: [PATCH] logind: don't print error if devices vanish during ACL-init
+
+If a device is unplugged while we initialize it, we will get ENOENT for
+ACL-init (and related stuff). We currently print errors then, which is
+misleading. Print a debug-message early and continue.
+
+Conflicts:
+ src/login/logind-acl.c
+
+(cherry-picked from 8016b904849a2d2bd8b0171ed8493db5524b5ff7)
+
+Resolves: #1147524
+---
+ src/login/logind-acl.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c
+index 25abcbc..6582b8c 100644
+--- a/src/login/logind-acl.c
++++ b/src/login/logind-acl.c
+@@ -283,8 +283,14 @@ int devnode_acl_all(struct udev *udev,
+ }
+
+ SET_FOREACH(n, nodes, i) {
++ int k;
++
+ log_debug("Fixing up ACLs at %s for seat %s", n, seat);
+- r = devnode_acl(n, flush, del, old_uid, add, new_uid);
++ k = devnode_acl(n, flush, del, old_uid, add, new_uid);
++ if (k == -ENOENT)
++ log_debug("Device %s disappeared while setting ACLs", n);
++ else if (k < 0)
++ r = k;
+ }
+
+ finish:
diff --git a/SOURCES/0341-tty-ask-password-agent-return-negative-errno.patch b/SOURCES/0341-tty-ask-password-agent-return-negative-errno.patch
new file mode 100644
index 0000000..8c2555c
--- /dev/null
+++ b/SOURCES/0341-tty-ask-password-agent-return-negative-errno.patch
@@ -0,0 +1,30 @@
+From 2ae90f52f6ce48f24dcb585b8c0b02dc461cfc4e Mon Sep 17 00:00:00 2001
+From: Florian Albrechtskirchinger <falbrechtskirchinger@gmail.com>
+Date: Thu, 3 Apr 2014 21:17:20 +0200
+Subject: [PATCH] tty-ask-password-agent: return negative errno
+
+Return negative errno in wall_tty_block(). get_ctty_devnr() already
+returns a negative errno in case of failure, no need to negate it again.
+
+Reported-by: Simon <hwold@odai.homelinux.net>
+
+(cherry-picked from ee0e4cca5ac37a094dfe1074907dae70c7b7701c)
+
+Resolves: #1147524
+---
+ src/tty-ask-password-agent/tty-ask-password-agent.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
+index f463662..256c21d 100644
+--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
++++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
+@@ -438,7 +438,7 @@ static int wall_tty_block(void) {
+
+ r = get_ctty_devnr(0, &devnr);
+ if (r < 0)
+- return -r;
++ return r;
+
+ if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0)
+ return -ENOMEM;
diff --git a/SOURCES/0342-journal-cleanup-up-error-handling-in-update_catalog.patch b/SOURCES/0342-journal-cleanup-up-error-handling-in-update_catalog.patch
new file mode 100644
index 0000000..103582f
--- /dev/null
+++ b/SOURCES/0342-journal-cleanup-up-error-handling-in-update_catalog.patch
@@ -0,0 +1,105 @@
+From 4896a8507ea140f8f38bc88dc044b2e516a54cbf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 11 Apr 2014 08:44:55 -0400
+Subject: [PATCH] journal: cleanup up error handling in update_catalog()
+
+- Negative/positive errno mixup caused duplicates not to be detected properly.
+ Now we get a warning about some duplicate entries in our own catalogs...
+- Errors in update_catalog would be ignored, but they should not be.
+
+(cherry-picked from e3b9d9c8027a7c4c55cf1614e0fe9423fad69e8f)
+
+Resolves: #1147524
+---
+ src/journal/catalog.c | 25 +++++++++++++------------
+ src/journal/test-catalog.c | 3 ++-
+ 2 files changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/src/journal/catalog.c b/src/journal/catalog.c
+index 90ca008..e5342be 100644
+--- a/src/journal/catalog.c
++++ b/src/journal/catalog.c
+@@ -109,7 +109,7 @@ static int finish_item(
+ const char *payload) {
+
+ ssize_t offset;
+- CatalogItem *i;
++ _cleanup_free_ CatalogItem *i = NULL;
+ int r;
+
+ assert(h);
+@@ -129,13 +129,14 @@ static int finish_item(
+ i->offset = htole64((uint64_t) offset);
+
+ r = hashmap_put(h, i, i);
+- if (r == EEXIST) {
++ if (r == -EEXIST) {
+ log_warning("Duplicate entry for " SD_ID128_FORMAT_STR ".%s, ignoring.",
+ SD_ID128_FORMAT_VAL(id), language ? language : "C");
+- free(i);
+ return 0;
+- }
++ } else if (r < 0)
++ return r;
+
++ i = NULL;
+ return 0;
+ }
+
+@@ -348,8 +349,8 @@ error:
+ int catalog_update(const char* database, const char* root, const char* const* dirs) {
+ _cleanup_strv_free_ char **files = NULL;
+ char **f;
+- Hashmap *h;
+ struct strbuf *sb = NULL;
++ _cleanup_hashmap_free_free_ Hashmap *h = NULL;
+ _cleanup_free_ CatalogItem *items = NULL;
+ CatalogItem *i;
+ Iterator j;
+@@ -371,13 +372,17 @@ int catalog_update(const char* database, const char* root, const char* const* di
+ }
+
+ STRV_FOREACH(f, files) {
+- log_debug("reading file '%s'", *f);
+- catalog_import_file(h, sb, *f);
++ log_debug("Reading file '%s'", *f);
++ r = catalog_import_file(h, sb, *f);
++ if (r < 0) {
++ log_error("Failed to import file '%s': %s.",
++ *f, strerror(-r));
++ goto finish;
++ }
+ }
+
+ if (hashmap_size(h) <= 0) {
+ log_info("No items in catalog.");
+- r = 0;
+ goto finish;
+ } else
+ log_debug("Found %u items in catalog.", hashmap_size(h));
+@@ -408,11 +413,7 @@ int catalog_update(const char* database, const char* root, const char* const* di
+ log_debug("%s: wrote %u items, with %zu bytes of strings, %ld total size.",
+ database, n, sb->len, r);
+
+- r = 0;
+-
+ finish:
+- if (h)
+- hashmap_free_free(h);
+ if (sb)
+ strbuf_cleanup(sb);
+
+diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c
+index 5db5bed..f021dbf 100644
+--- a/src/journal/test-catalog.c
++++ b/src/journal/test-catalog.c
+@@ -126,7 +126,8 @@ int main(int argc, char *argv[]) {
+
+ setlocale(LC_ALL, "de_DE.UTF-8");
+
+- log_set_max_level(LOG_DEBUG);
++ log_parse_environment();
++ log_open();
+
+ test_catalog_importing();
+
diff --git a/SOURCES/0343-bash-completion-fix-__get_startable_units.patch b/SOURCES/0343-bash-completion-fix-__get_startable_units.patch
new file mode 100644
index 0000000..ae4700d
--- /dev/null
+++ b/SOURCES/0343-bash-completion-fix-__get_startable_units.patch
@@ -0,0 +1,25 @@
+From ab6c4755057a7d852f1eaed62920ef1b25a19507 Mon Sep 17 00:00:00 2001
+From: Dan Kilman <dankilman@gmail.com>
+Date: Sun, 13 Apr 2014 18:06:13 +0300
+Subject: [PATCH] bash completion: fix __get_startable_units
+
+(cherry-picked from a163b64c4b08e8a4ad39a9a295acf3d1634024a3)
+
+Resolves: #1147524
+---
+ shell-completion/bash/systemctl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/shell-completion/bash/systemctl b/shell-completion/bash/systemctl
+index cbf0eb7..c1cd416 100644
+--- a/shell-completion/bash/systemctl
++++ b/shell-completion/bash/systemctl
+@@ -56,7 +56,7 @@ __get_all_units () { __systemctl $1 list-units --all \
+ __get_active_units () { __systemctl $1 list-units \
+ | { while read -r a b; do echo " $a"; done; }; }
+ __get_startable_units () { __systemctl $1 list-units --all -t service,timer,socket,mount,automount,path,snapshot,swap \
+- | { while read -r a b c d; do [[ $c == "inactive" || $c == "failed " ]] && echo " $a"; done; }; }
++ | { while read -r a b c d; do [[ $c == "inactive" || $c == "failed" ]] && echo " $a"; done; }; }
+ __get_failed_units () { __systemctl $1 list-units \
+ | { while read -r a b c d; do [[ $c == "failed" ]] && echo " $a"; done; }; }
+ __get_enabled_units () { __systemctl $1 list-unit-files \
diff --git a/SOURCES/0344-core-check-the-right-variable-for-failed-open.patch b/SOURCES/0344-core-check-the-right-variable-for-failed-open.patch
new file mode 100644
index 0000000..752e8fd
--- /dev/null
+++ b/SOURCES/0344-core-check-the-right-variable-for-failed-open.patch
@@ -0,0 +1,25 @@
+From 31cd4f1513656008646ee542e451338112fc8158 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C5=81ukasz=20Stelmach?= <l.stelmach@samsung.com>
+Date: Thu, 8 May 2014 12:57:26 +0200
+Subject: [PATCH] core: check the right variable for failed open()
+
+(cherry-picked from cd7affaeea16d3904354b810a292e594dfef25dd)
+
+Resolves: #1147524
+---
+ src/core/cgroup.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index 32e2599..c215a86 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -661,7 +661,7 @@ int manager_setup_cgroup(Manager *m) {
+ close_nointr_nofail(m->pin_cgroupfs_fd);
+
+ m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK);
+- if (r < 0) {
++ if (m->pin_cgroupfs_fd < 0) {
+ log_error("Failed to open pin file: %m");
+ return -errno;
+ }
diff --git a/SOURCES/0345-util-allow-trailing-semicolons-on-define_trivial_cle.patch b/SOURCES/0345-util-allow-trailing-semicolons-on-define_trivial_cle.patch
new file mode 100644
index 0000000..3c95a1c
--- /dev/null
+++ b/SOURCES/0345-util-allow-trailing-semicolons-on-define_trivial_cle.patch
@@ -0,0 +1,209 @@
+From 30725ba0d69c5ba935c64ce9c3892494687e4c9b Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 14 Oct 2013 04:59:26 +0200
+Subject: [PATCH] util: allow trailing semicolons on
+ define_trivial_cleanup_func lines
+
+Emacs C indenting really gets confused by these lines if they carry no
+trailing semicolon, hence let's make this nicer for good old emacs. The
+other macros which define functions already do this too, so let's copy
+the scheme here.
+
+Also, let's use an uppercase name for the macro. So far our rough rule
+was that macros that are totally not function-like (like this ones,
+which define a function) are uppercase. (Well, admittedly it is a rough
+rule only, for example function and variable decorators are all
+lower-case SINCE THE CONSTANT YELLING IN THE SOURCES WOULD SUCK, and
+also they at least got underscore prefixes.) Also, the macros that
+define functions that we already have are all uppercase, so let's do the
+same here...
+
+(cherry-picked from cd7affaeea16d3904354b810a292e594dfef25dd)
+
+Related: #1147524
+---
+ src/gpt-auto-generator/gpt-auto-generator.c | 2 +-
+ src/journal/journal-internal.h | 2 +-
+ src/shared/fdset.h | 2 +-
+ src/shared/hashmap.h | 8 ++++++++
+ src/shared/label.c | 4 ++--
+ src/shared/set.h | 4 ++--
+ src/shared/strv.h | 2 +-
+ src/shared/udev-util.h | 10 +++++-----
+ src/shared/util.h | 19 ++++++++++---------
+ src/tmpfiles/tmpfiles.c | 2 +-
+ 10 files changed, 32 insertions(+), 23 deletions(-)
+
+diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
+index 6a4c9d8..eb281b5 100644
+--- a/src/gpt-auto-generator/gpt-auto-generator.c
++++ b/src/gpt-auto-generator/gpt-auto-generator.c
+@@ -51,7 +51,7 @@
+
+ static const char *arg_dest = "/tmp";
+
+-define_trivial_cleanup_func(blkid_probe, blkid_free_probe)
++DEFINE_TRIVIAL_CLEANUP_FUNC(blkid_probe, blkid_free_probe);
+ #define _cleanup_blkid_freep_probe_ _cleanup_(blkid_free_probep)
+
+ static int verify_gpt_partition(const char *node, sd_id128_t *type, unsigned *nr, char **fstype) {
+diff --git a/src/journal/journal-internal.h b/src/journal/journal-internal.h
+index 1bc912c..3355fca 100644
+--- a/src/journal/journal-internal.h
++++ b/src/journal/journal-internal.h
+@@ -135,7 +135,7 @@ struct sd_journal {
+ char *journal_make_match_string(sd_journal *j);
+ void journal_print_header(sd_journal *j);
+
+-define_trivial_cleanup_func(sd_journal*, sd_journal_close)
++DEFINE_TRIVIAL_CLEANUP_FUNC(sd_journal*, sd_journal_close);
+ #define _cleanup_journal_close_ _cleanup_(sd_journal_closep)
+
+ #define JOURNAL_FOREACH_DATA_RETVAL(j, data, l, retval) \
+diff --git a/src/shared/fdset.h b/src/shared/fdset.h
+index 6277e46..907acd7 100644
+--- a/src/shared/fdset.h
++++ b/src/shared/fdset.h
+@@ -49,5 +49,5 @@ int fdset_iterate(FDSet *s, Iterator *i);
+ #define FDSET_FOREACH(fd, fds, i) \
+ for ((i) = ITERATOR_FIRST, (fd) = fdset_iterate((fds), &(i)); (fd) >= 0; (fd) = fdset_iterate((fds), &(i)))
+
+-define_trivial_cleanup_func(FDSet*, fdset_free)
++DEFINE_TRIVIAL_CLEANUP_FUNC(FDSet*, fdset_free);
+ #define _cleanup_fdset_free_ _cleanup_(fdset_freep)
+diff --git a/src/shared/hashmap.h b/src/shared/hashmap.h
+index 3d4f672..b912af8 100644
+--- a/src/shared/hashmap.h
++++ b/src/shared/hashmap.h
+@@ -24,6 +24,7 @@
+ #include <stdbool.h>
+
+ #include "macro.h"
++#include "util.h"
+
+ /* Pretty straightforward hash table implementation. As a minor
+ * optimization a NULL hashmap object will be treated as empty hashmap
+@@ -104,3 +105,10 @@ char **hashmap_get_strv(Hashmap *h);
+
+ #define HASHMAP_FOREACH_BACKWARDS(e, h, i) \
+ for ((i) = ITERATOR_LAST, (e) = hashmap_iterate_backwards((h), &(i), NULL); (e); (e) = hashmap_iterate_backwards((h), &(i), NULL))
++
++DEFINE_TRIVIAL_CLEANUP_FUNC(Hashmap*, hashmap_free);
++DEFINE_TRIVIAL_CLEANUP_FUNC(Hashmap*, hashmap_free_free);
++DEFINE_TRIVIAL_CLEANUP_FUNC(Hashmap*, hashmap_free_free_free);
++#define _cleanup_hashmap_free_ _cleanup_(hashmap_freep)
++#define _cleanup_hashmap_free_free_ _cleanup_(hashmap_free_freep)
++#define _cleanup_hashmap_free_free_free_ _cleanup_(hashmap_free_free_freep)
+diff --git a/src/shared/label.c b/src/shared/label.c
+index 4dab93e..8f7dfb4 100644
+--- a/src/shared/label.c
++++ b/src/shared/label.c
+@@ -40,8 +40,8 @@
+ #include <selinux/label.h>
+ #include <selinux/context.h>
+
+-define_trivial_cleanup_func(security_context_t, freecon);
+-define_trivial_cleanup_func(context_t, context_free);
++DEFINE_TRIVIAL_CLEANUP_FUNC(security_context_t, freecon);
++DEFINE_TRIVIAL_CLEANUP_FUNC(context_t, context_free);
+
+ #define _cleanup_security_context_free_ _cleanup_(freeconp)
+ #define _cleanup_context_free_ _cleanup_(context_freep)
+diff --git a/src/shared/set.h b/src/shared/set.h
+index a291470..5612478 100644
+--- a/src/shared/set.h
++++ b/src/shared/set.h
+@@ -73,7 +73,7 @@ char **set_get_strv(Set *s);
+ #define SET_FOREACH_BACKWARDS(e, s, i) \
+ for ((i) = ITERATOR_LAST, (e) = set_iterate_backwards((s), &(i)); (e); (e) = set_iterate_backwards((s), &(i)))
+
+-define_trivial_cleanup_func(Set*, set_free)
+-define_trivial_cleanup_func(Set*, set_free_free)
++DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free);
++DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free_free);
+ #define _cleanup_set_free_ _cleanup_(set_freep)
+ #define _cleanup_set_free_free_ _cleanup_(set_free_freep)
+diff --git a/src/shared/strv.h b/src/shared/strv.h
+index 4d117f8..f6fb033 100644
+--- a/src/shared/strv.h
++++ b/src/shared/strv.h
+@@ -30,7 +30,7 @@ char *strv_find(char **l, const char *name) _pure_;
+ char *strv_find_prefix(char **l, const char *name) _pure_;
+
+ void strv_free(char **l);
+-define_trivial_cleanup_func(char**, strv_free)
++DEFINE_TRIVIAL_CLEANUP_FUNC(char**, strv_free);
+ #define _cleanup_strv_free_ _cleanup_(strv_freep)
+
+ char **strv_copy(char * const *l);
+diff --git a/src/shared/udev-util.h b/src/shared/udev-util.h
+index bff8f5f..27677af 100644
+--- a/src/shared/udev-util.h
++++ b/src/shared/udev-util.h
+@@ -24,11 +24,11 @@
+ #include "udev.h"
+ #include "util.h"
+
+-define_trivial_cleanup_func(struct udev*, udev_unref)
+-define_trivial_cleanup_func(struct udev_device*, udev_device_unref)
+-define_trivial_cleanup_func(struct udev_enumerate*, udev_enumerate_unref)
+-define_trivial_cleanup_func(struct udev_event*, udev_event_unref)
+-define_trivial_cleanup_func(struct udev_rules*, udev_rules_unref)
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev*, udev_unref);
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_device*, udev_device_unref);
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_enumerate*, udev_enumerate_unref);
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_event*, udev_event_unref);
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_rules*, udev_rules_unref);
+
+ #define _cleanup_udev_unref_ _cleanup_(udev_unrefp)
+ #define _cleanup_udev_device_unref_ _cleanup_(udev_device_unrefp)
+diff --git a/src/shared/util.h b/src/shared/util.h
+index 5a9bc99..d68f385 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -558,11 +558,12 @@ static inline void freep(void *p) {
+ free(*(void**) p);
+ }
+
+-#define define_trivial_cleanup_func(type, func) \
+- static inline void func##p(type *p) { \
+- if (*p) \
+- func(*p); \
+- } \
++#define DEFINE_TRIVIAL_CLEANUP_FUNC(type, func) \
++ static inline void func##p(type *p) { \
++ if (*p) \
++ func(*p); \
++ } \
++ struct __useless_struct_to_allow_trailing_semicolon__
+
+ static inline void closep(int *fd) {
+ if (*fd >= 0)
+@@ -573,10 +574,10 @@ static inline void umaskp(mode_t *u) {
+ umask(*u);
+ }
+
+-define_trivial_cleanup_func(FILE*, fclose)
+-define_trivial_cleanup_func(FILE*, pclose)
+-define_trivial_cleanup_func(DIR*, closedir)
+-define_trivial_cleanup_func(FILE*, endmntent)
++DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, fclose);
++DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, pclose);
++DEFINE_TRIVIAL_CLEANUP_FUNC(DIR*, closedir);
++DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, endmntent);
+
+ #define _cleanup_free_ _cleanup_(freep)
+ #define _cleanup_close_ _cleanup_(closep)
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index df6c99a..9917514 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -999,7 +999,7 @@ static void item_free(Item *i) {
+ free(i);
+ }
+
+-define_trivial_cleanup_func(Item*, item_free)
++DEFINE_TRIVIAL_CLEANUP_FUNC(Item*, item_free);
+ #define _cleanup_item_free_ _cleanup_(item_freep)
+
+ static bool item_equal(Item *a, Item *b) {
diff --git a/SOURCES/0346-man-sd_journal_send-does-nothing-when-journald-is-no.patch b/SOURCES/0346-man-sd_journal_send-does-nothing-when-journald-is-no.patch
new file mode 100644
index 0000000..9e76321
--- /dev/null
+++ b/SOURCES/0346-man-sd_journal_send-does-nothing-when-journald-is-no.patch
@@ -0,0 +1,31 @@
+From 4dd641efa81998ed328fd2c74be8beee7aa32dad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 9 May 2014 08:39:25 -0400
+Subject: [PATCH] man: sd_journal_send does nothing when journald is not
+ available
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1096067
+
+(cherry-picked from bdf9fc1a940e342afb7a78075984419cb3bc3135)
+
+Resolves: #1147524
+---
+ man/sd_journal_print.xml | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/man/sd_journal_print.xml b/man/sd_journal_print.xml
+index a716cc3..d934b0a 100644
+--- a/man/sd_journal_print.xml
++++ b/man/sd_journal_print.xml
+@@ -218,6 +218,11 @@ sd_journal_send("MESSAGE=Hello World, this is PID %lu!", (unsigned long) getpid(
+ errno-style error code. The
+ <citerefentry><refentrytitle>errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ variable itself is not altered.</para>
++
++ <para>If
++ <citerefentry><refentrytitle>systemd-journald</refentrytitle><manvolnum>8</manvolnum></citerefentry>
++ is not running (the socket is not present), those
++ functions do nothing, and also return 0.</para>
+ </refsect1>
+
+ <refsect1>
diff --git a/SOURCES/0347-man-clarify-that-the-ExecReload-command-should-be-sy.patch b/SOURCES/0347-man-clarify-that-the-ExecReload-command-should-be-sy.patch
new file mode 100644
index 0000000..19bf9a7
--- /dev/null
+++ b/SOURCES/0347-man-clarify-that-the-ExecReload-command-should-be-sy.patch
@@ -0,0 +1,40 @@
+From 191c7ee3810782c8968def5b23e46b442a8f530d Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 16 May 2014 01:33:22 +0200
+Subject: [PATCH] man: clarify that the ExecReload= command should be
+ synchronous
+
+http://lists.freedesktop.org/archives/systemd-devel/2014-May/019054.html
+
+(cherry-picked from 33169701b0640d3629d4c36cf8c71dc26d2cb7e1)
+
+Resolves: #1147524
+---
+ man/systemd.service.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/man/systemd.service.xml b/man/systemd.service.xml
+index 80d6951..8df4b87 100644
+--- a/man/systemd.service.xml
++++ b/man/systemd.service.xml
+@@ -525,6 +525,20 @@ ExecStart=/bin/echo $ONE $TWO ${TWO}
+ following:</para>
+
+ <programlisting>/bin/kill -HUP $MAINPID</programlisting>
++
++ <para>Note however that reloading a
++ daemon by sending a signal (as with
++ the example line above) is usually not
++ a good choice, because this is an
++ asynchronous operation and hence not
++ suitable to order reloads of multiple
++ services against each other. It is
++ strongly recommended to set
++ <varname>ExecReload=</varname> to a
++ command that no only triggers a
++ configuration reload of the daemon,
++ but also synchronously waits for it
++ complete.</para>
+ </listitem>
+ </varlistentry>
+
diff --git a/SOURCES/0348-conf-parser-never-consider-it-an-error-if-we-cannot-.patch b/SOURCES/0348-conf-parser-never-consider-it-an-error-if-we-cannot-.patch
new file mode 100644
index 0000000..c64d9d5
--- /dev/null
+++ b/SOURCES/0348-conf-parser-never-consider-it-an-error-if-we-cannot-.patch
@@ -0,0 +1,30 @@
+From 762f7d479be5217a2109dbf0f97fe82e1155e6ee Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 22 May 2014 16:47:46 +0900
+Subject: [PATCH] conf-parser: never consider it an error if we cannot load a
+ drop-in file because it is missing
+
+After all, we want to be able to boot with /etc empty one day...
+
+(cherry-picked from 9f43a07f10639c5b41b45448e551e43914eefe32)
+
+Resolves: #1147524
+---
+ src/shared/conf-parser.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
+index 6085d33..db71168 100644
+--- a/src/shared/conf-parser.c
++++ b/src/shared/conf-parser.c
+@@ -320,8 +320,8 @@ int config_parse(const char *unit,
+ if (!f) {
+ f = ours = fopen(filename, "re");
+ if (!f) {
+- log_error("Failed to open configuration file '%s': %m", filename);
+- return -errno;
++ log_full(errno == ENOENT ? LOG_DEBUG : LOG_ERR, "Failed to open configuration file '%s': %m", filename);
++ return errno == ENOENT ? 0 : -errno;
+ }
+ }
+
diff --git a/SOURCES/0349-socket-properly-handle-if-our-service-vanished-durin.patch b/SOURCES/0349-socket-properly-handle-if-our-service-vanished-durin.patch
new file mode 100644
index 0000000..3b16964
--- /dev/null
+++ b/SOURCES/0349-socket-properly-handle-if-our-service-vanished-durin.patch
@@ -0,0 +1,30 @@
+From e1c7d367b8523ec8c9ef3deb81a1cfd879944171 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 22 May 2014 16:56:21 +0900
+Subject: [PATCH] socket: properly handle if our service vanished during
+ runtime
+
+(cherry-picked from 640ace4a8de907994a1b95f6d368c3e6a8fcf60f)
+
+Resolves: #1147524
+---
+ src/core/socket.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 35fc204..958d063 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -1610,6 +1610,12 @@ static void socket_enter_running(Socket *s, int cfd) {
+ }
+
+ if (!pending) {
++ if (!UNIT_ISSET(s->service)) {
++ log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
++ r = -ENOENT;
++ goto fail;
++ }
++
+ r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
+ if (r < 0)
+ goto fail;
diff --git a/SOURCES/0350-Do-not-unescape-unit-names-in-Install-section.patch b/SOURCES/0350-Do-not-unescape-unit-names-in-Install-section.patch
new file mode 100644
index 0000000..14c7012
--- /dev/null
+++ b/SOURCES/0350-Do-not-unescape-unit-names-in-Install-section.patch
@@ -0,0 +1,27 @@
+From 5db48e390d876be7e00c3403953d7fe80ff6c87b Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 26 May 2014 20:09:45 +0200
+Subject: [PATCH] Do not unescape unit names in [Install] section
+
+https://bugs.freedesktop.org/show_bug.cgi?id=49316
+
+(cherry-picked from 000f6e5667eb4f73e137cbd0d7395a9f9db7728a)
+
+Resolves: #1147524
+---
+ src/shared/conf-parser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
+index db71168..b356687 100644
+--- a/src/shared/conf-parser.c
++++ b/src/shared/conf-parser.c
+@@ -670,7 +670,7 @@ int config_parse_strv(const char *unit,
+ FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ _cleanup_free_ char *n;
+
+- n = cunescape_length(w, l);
++ n = strndup(w, l);
+ if (!n)
+ return log_oom();
+
diff --git a/SOURCES/0351-util-ignore_file-should-not-allow-files-ending-with.patch b/SOURCES/0351-util-ignore_file-should-not-allow-files-ending-with.patch
new file mode 100644
index 0000000..80fdab8
--- /dev/null
+++ b/SOURCES/0351-util-ignore_file-should-not-allow-files-ending-with.patch
@@ -0,0 +1,29 @@
+From 45914d5301d694730965872962fc71b9d11f9b3d Mon Sep 17 00:00:00 2001
+From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
+Date: Sat, 31 May 2014 21:36:23 +0200
+Subject: [PATCH] util: ignore_file should not allow files ending with '~'
+
+ignore_file currently allows any file ending with '~' while it
+seems that the opposite was intended:
+a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
+
+(cherry-picked from 93f1a06374e335e8508d89e1bdaadf45be6ab777)
+
+Resolves: #1147524
+---
+ src/shared/util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/util.c b/src/shared/util.c
+index 9f25b15..1590c3a 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -1502,7 +1502,7 @@ bool ignore_file(const char *filename) {
+ assert(filename);
+
+ if (endswith(filename, "~"))
+- return false;
++ return true;
+
+ return ignore_file_allow_backup(filename);
+ }
diff --git a/SOURCES/0352-core-fix-invalid-free-in-killall.patch b/SOURCES/0352-core-fix-invalid-free-in-killall.patch
new file mode 100644
index 0000000..93a0721
--- /dev/null
+++ b/SOURCES/0352-core-fix-invalid-free-in-killall.patch
@@ -0,0 +1,33 @@
+From 250a6ce38605fe172541fb75e8d64132f2ec38d4 Mon Sep 17 00:00:00 2001
+From: Andreas Henriksson <andreas@fatal.se>
+Date: Fri, 13 Jun 2014 18:48:19 +0200
+Subject: [PATCH] core: fix invalid free() in killall()
+
+static int killall(....) in ./src/core/killall.c tries to get "s"
+initialized by calling get_process_comm(...) which calls
+read_one_line_file(...) which if it fails will mean it is left
+uninitialized.
+It is then used in argument to strna(s) call where it is
+dereferenced(!), in addition to nothing else initializing it before
+the scope it is in finishes.
+
+(cherry-picked from 3e09eb5c83e56bc0184bd9d9c44f76047464f77c)
+
+Resolves: #1147524
+---
+ src/core/killall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/killall.c b/src/core/killall.c
+index e395050..967dac0 100644
+--- a/src/core/killall.c
++++ b/src/core/killall.c
+@@ -167,7 +167,7 @@ static int killall(int sig, Set *pids) {
+ continue;
+
+ if (sig == SIGKILL) {
+- _cleanup_free_ char *s;
++ _cleanup_free_ char *s = NULL;
+
+ get_process_comm(pid, &s);
+ log_notice("Sending SIGKILL to PID %lu (%s).", (unsigned long) pid, strna(s));
diff --git a/SOURCES/0353-install-fix-invalid-free-in-unit_file_mask.patch b/SOURCES/0353-install-fix-invalid-free-in-unit_file_mask.patch
new file mode 100644
index 0000000..c964279
--- /dev/null
+++ b/SOURCES/0353-install-fix-invalid-free-in-unit_file_mask.patch
@@ -0,0 +1,31 @@
+From b1de3eb93bfdc4cf3872d9e1005166bb9867b0b2 Mon Sep 17 00:00:00 2001
+From: Andreas Henriksson <andreas@fatal.se>
+Date: Fri, 13 Jun 2014 18:48:18 +0200
+Subject: [PATCH] install: fix invalid free() in unit_file_mask()
+
+int unit_file_mask(...) in ./src/shared/install.c calls
+get_config_path(...) which can in 4 error cases return without setting
+"ret", and thus "prefix" can be uninitialized when unit_file_mask(...)
+finishes (which it does directly after the error is returned from
+get_config_path(...)).
+
+(cherry-picked from 223217749e57996336d5730b0a28716cca56d45d)
+
+Resolves: #1147524
+---
+ src/shared/install.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index dd5e22b..1662c5f 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -598,7 +598,7 @@ int unit_file_mask(
+ unsigned *n_changes) {
+
+ char **i;
+- _cleanup_free_ char *prefix;
++ _cleanup_free_ char *prefix = NULL;
+ int r;
+
+ assert(scope >= 0);
diff --git a/SOURCES/0354-unit-name-fix-detection-of-unit-templates-instances.patch b/SOURCES/0354-unit-name-fix-detection-of-unit-templates-instances.patch
new file mode 100644
index 0000000..0305b54
--- /dev/null
+++ b/SOURCES/0354-unit-name-fix-detection-of-unit-templates-instances.patch
@@ -0,0 +1,59 @@
+From 14b393f9d9b7caffcd48557c6bd4eb63de4942ad Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 16 Jun 2014 17:01:26 +0200
+Subject: [PATCH] unit-name: fix detection of unit templates/instances
+
+We need to check for the last dot, not the first one in a unit name, for
+the suffix. Correct that.
+
+(cherry-picked from 6ef9eeed61a291cc42b7d911f5cf5a4deca742a3)
+
+Resolves: #1147524
+---
+ src/shared/unit-name.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/shared/unit-name.c b/src/shared/unit-name.c
+index bc8094d..577f7e7 100644
+--- a/src/shared/unit-name.c
++++ b/src/shared/unit-name.c
+@@ -334,7 +334,7 @@ char *unit_name_path_unescape(const char *f) {
+ }
+
+ bool unit_name_is_template(const char *n) {
+- const char *p;
++ const char *p, *e;
+
+ assert(n);
+
+@@ -342,11 +342,15 @@ bool unit_name_is_template(const char *n) {
+ if (!p)
+ return false;
+
+- return p[1] == '.';
++ e = strrchr(p+1, '.');
++ if (!e)
++ return false;
++
++ return e == p + 1;
+ }
+
+ bool unit_name_is_instance(const char *n) {
+- const char *p;
++ const char *p, *e;
+
+ assert(n);
+
+@@ -354,7 +358,11 @@ bool unit_name_is_instance(const char *n) {
+ if (!p)
+ return false;
+
+- return p[1] != '.';
++ e = strrchr(p+1, '.');
++ if (!e)
++ return false;
++
++ return e > p + 1;
+ }
+
+ char *unit_name_replace_instance(const char *f, const char *i) {
diff --git a/SOURCES/0355-journald-make-MaxFileSec-really-default-to-1month.patch b/SOURCES/0355-journald-make-MaxFileSec-really-default-to-1month.patch
new file mode 100644
index 0000000..0206426
--- /dev/null
+++ b/SOURCES/0355-journald-make-MaxFileSec-really-default-to-1month.patch
@@ -0,0 +1,36 @@
+From 72c01067d266a49796b5c64018b2d8c92840255a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20Bartoszkiewicz?= <mbartoszkiewicz@gmail.com>
+Date: Thu, 26 Jun 2014 22:11:35 +0200
+Subject: [PATCH] journald: make MaxFileSec really default to 1month
+
+journald.conf(5) states that the default for MaxFileSec is one month,
+but the code didn't respect that.
+
+(cherry-picked from e150e82097211f09b911c7784a89ef9efed713ca)
+
+Resolves: #1147524
+---
+ src/journal/journald-server.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 1fcb3d5..a289a50 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -67,6 +67,7 @@
+ #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
+ #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
+ #define DEFAULT_RATE_LIMIT_BURST 1000
++#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
+
+ #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
+
+@@ -1476,6 +1477,8 @@ int server_init(Server *s) {
+
+ s->forward_to_syslog = true;
+
++ s->max_file_usec = DEFAULT_MAX_FILE_USEC;
++
+ s->max_level_store = LOG_DEBUG;
+ s->max_level_syslog = LOG_DEBUG;
+ s->max_level_kmsg = LOG_NOTICE;
diff --git a/SOURCES/0356-bootchart-it-s-not-OK-to-return-1-from-a-main-progra.patch b/SOURCES/0356-bootchart-it-s-not-OK-to-return-1-from-a-main-progra.patch
new file mode 100644
index 0000000..d999614
--- /dev/null
+++ b/SOURCES/0356-bootchart-it-s-not-OK-to-return-1-from-a-main-progra.patch
@@ -0,0 +1,27 @@
+From 131d8e2cf65eb3c6dfc691676ca6f0a55ae44d71 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 11 Aug 2014 18:23:47 +0200
+Subject: [PATCH] bootchart: it's not OK to return -1 from a main program
+
+(cherry-picked from 4155f7d4be5053d5f34a26e5437fd85e1fe00fa3)
+
+Resolves: #1147524
+---
+ src/bootchart/bootchart.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/bootchart/bootchart.c b/src/bootchart/bootchart.c
+index 14ccd3e..4a8d6c2 100644
+--- a/src/bootchart/bootchart.c
++++ b/src/bootchart/bootchart.c
+@@ -346,8 +346,8 @@ int main(int argc, char *argv[]) {
+
+ sampledata = new0(struct list_sample_data, 1);
+ if (sampledata == NULL) {
+- log_error("Failed to allocate memory for a node: %m");
+- return -1;
++ log_oom();
++ return EXIT_FAILURE;
+ }
+
+ sampledata->sampletime = gettime_ns();
diff --git a/SOURCES/0357-journald-Fix-off-by-one-error-in-Missed-X-kernel-mes.patch b/SOURCES/0357-journald-Fix-off-by-one-error-in-Missed-X-kernel-mes.patch
new file mode 100644
index 0000000..de08892
--- /dev/null
+++ b/SOURCES/0357-journald-Fix-off-by-one-error-in-Missed-X-kernel-mes.patch
@@ -0,0 +1,30 @@
+From db22c5d0a16eb30b78cdeef927df8c2d0b895ef1 Mon Sep 17 00:00:00 2001
+From: Eelco Dolstra <eelco.dolstra@logicblox.com>
+Date: Wed, 6 Aug 2014 13:14:51 +0200
+Subject: [PATCH] journald: Fix off-by-one error in "Missed X kernel messages"
+ warning
+
+On receiving a message, "kernel_seqnum" is set to "serial + 1". So
+subtracting 1 will cause messages like "Missed 0 kernel messages",
+which should be "Missed 1 kernel messages".
+
+(cherry-picked from b9c488f60050248b35640f28e4d00958702ba1c3)
+
+Resolves: #1147524
+---
+ src/journal/journald-kmsg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/journal/journald-kmsg.c b/src/journal/journald-kmsg.c
+index e393cb7..0073a33 100644
+--- a/src/journal/journald-kmsg.c
++++ b/src/journal/journald-kmsg.c
+@@ -152,7 +152,7 @@ static void dev_kmsg_record(Server *s, char *p, size_t l) {
+ /* Did we lose any? */
+ if (serial > *s->kernel_seqnum)
+ server_driver_message(s, SD_MESSAGE_JOURNAL_MISSED, "Missed %"PRIu64" kernel messages",
+- serial - *s->kernel_seqnum - 1);
++ serial - *s->kernel_seqnum);
+
+ /* Make sure we never read this one again. Note that
+ * we always store the next message serial we expect
diff --git a/SOURCES/0358-man-drop-references-to-removed-and-obsolete-systemct.patch b/SOURCES/0358-man-drop-references-to-removed-and-obsolete-systemct.patch
new file mode 100644
index 0000000..66f3547
--- /dev/null
+++ b/SOURCES/0358-man-drop-references-to-removed-and-obsolete-systemct.patch
@@ -0,0 +1,37 @@
+From 38786feb38a6d7b8a3fa3e5d9a184f06d8fd7802 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 15 Aug 2014 02:41:14 +0200
+Subject: [PATCH] man: drop references to removed and obsolete 'systemctl load'
+ command
+
+(cherry-picked from d0a3fb7556d77c44c2bc38a560e99d4ad0abcf33)
+
+Resolves: #1147524
+---
+ man/systemctl.xml | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index f68b606..d2430ee 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -602,8 +602,7 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
+ file.</para>
+
+ <para>This command should not be confused with the
+- <command>daemon-reload</command> or <command>load</command>
+- commands.</para>
++ <command>daemon-reload</command> command.</para>
+ </listitem>
+
+ </varlistentry>
+@@ -1163,8 +1162,7 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
+ tree. While the daemon is being reloaded, all sockets systemd
+ listens on on behalf of user configuration will stay
+ accessible.</para> <para>This command should not be confused
+- with the <command>load</command> or
+- <command>reload</command> commands.</para>
++ with the <command>reload</command> command.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
diff --git a/SOURCES/0359-units-fix-BindsTo-logic-when-applied-relative-to-ser.patch b/SOURCES/0359-units-fix-BindsTo-logic-when-applied-relative-to-ser.patch
new file mode 100644
index 0000000..85804ad
--- /dev/null
+++ b/SOURCES/0359-units-fix-BindsTo-logic-when-applied-relative-to-ser.patch
@@ -0,0 +1,94 @@
+From 469d48cf685bd0157fa44ff7ebd3bd0302746ab0 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 18 Aug 2014 22:21:42 +0200
+Subject: [PATCH] units: fix BindsTo= logic when applied relative to services
+ with Type=oneshot
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Start jobs for Type=oneshot units are successful when the unit state
+transition activating → inactive took place. In such a case all units
+that BindsTo= on it previously would continue to run, even though the unit
+they dependet on was actually already gone.
+
+(cherry-picked from ff50244582bf69e8489bba6ce59a21663d7f8274)
+
+Resolves: #1147524
+---
+ src/core/unit.c | 48 ++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 44 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index b51e351..f221b9a 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -1302,12 +1302,44 @@ static void unit_check_unneeded(Unit *u) {
+ if (unit_active_or_pending(other))
+ return;
+
+- log_info_unit(u->id, "Service %s is not needed anymore. Stopping.", u->id);
++ log_info_unit(u->id, "Unit %s is not needed anymore. Stopping.", u->id);
+
+ /* Ok, nobody needs us anymore. Sniff. Then let's commit suicide */
+ manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, true, NULL, NULL);
+ }
+
++static void unit_check_binds_to(Unit *u) {
++ bool stop = false;
++ Unit *other;
++ Iterator i;
++
++ assert(u);
++
++ if (u->job)
++ return;
++
++ if (unit_active_state(u) != UNIT_ACTIVE)
++ return;
++
++ SET_FOREACH(other, u->dependencies[UNIT_BINDS_TO], i) {
++ if (other->job)
++ continue;
++
++ if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
++ continue;
++
++ stop = true;
++ }
++
++ if (!stop)
++ return;
++
++ log_info_unit(u->id, "Unit %s is bound to inactive service. Stopping, too.", u->id);
++
++ /* A unit we need to run is gone. Sniff. Let's stop this. */
++ manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, true, NULL, NULL);
++}
++
+ static void retroactively_start_dependencies(Unit *u) {
+ Iterator i;
+ Unit *other;
+@@ -1611,11 +1643,19 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
+ manager_recheck_journal(m);
+ unit_trigger_notify(u);
+
+- /* Maybe we finished startup and are now ready for being
+- * stopped because unneeded? */
+- if (u->manager->n_reloading <= 0)
++ if (u->manager->n_reloading <= 0) {
++ /* Maybe we finished startup and are now ready for
++ * being stopped because unneeded? */
+ unit_check_unneeded(u);
+
++ /* Maybe we finished startup, but something we needed
++ * has vanished? Let's die then. (This happens when
++ * something BindsTo= to a Type=oneshot unit, as these
++ * units go directly from starting to inactive,
++ * without ever entering started.) */
++ unit_check_binds_to(u);
++ }
++
+ unit_add_to_dbus_queue(u);
+ unit_add_to_gc_queue(u);
+ }
diff --git a/SOURCES/0360-core-don-t-allow-enabling-if-unit-is-masked.patch b/SOURCES/0360-core-don-t-allow-enabling-if-unit-is-masked.patch
new file mode 100644
index 0000000..37ebbf8
--- /dev/null
+++ b/SOURCES/0360-core-don-t-allow-enabling-if-unit-is-masked.patch
@@ -0,0 +1,36 @@
+From 0fb9d07643a9e9e84c61a6a62f4c2b7d52e4d96f Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Tue, 7 Oct 2014 13:27:38 +0200
+Subject: [PATCH] core: don't allow enabling if unit is masked
+
+(cherry-picked from f7101b7368dfe41dbc8b7203e06133cccb589c01)
+
+Resolves: #1149299
+---
+ src/shared/install.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 1662c5f..7a29798 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1520,6 +1520,19 @@ int unit_file_enable(
+ return r;
+
+ STRV_FOREACH(i, files) {
++ UnitFileState state;
++
++ state = unit_file_get_state(scope, root_dir, *i);
++ if (state < 0) {
++ log_error("Failed to get unit file state for %s: %s", *i, strerror(-state));
++ return state;
++ }
++
++ if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) {
++ log_error("Failed to enable unit: Unit %s is masked", *i);
++ return -ENOTSUP;
++ }
++
+ r = install_info_add_auto(&c, *i);
+ if (r < 0)
+ return r;
diff --git a/SOURCES/0361-man-systemctl-document-enable-on-masked-units.patch b/SOURCES/0361-man-systemctl-document-enable-on-masked-units.patch
new file mode 100644
index 0000000..adeb1d9
--- /dev/null
+++ b/SOURCES/0361-man-systemctl-document-enable-on-masked-units.patch
@@ -0,0 +1,35 @@
+From 091b32bd93acd3e7be844684771ab2248b97637b Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Wed, 8 Oct 2014 13:43:02 +0200
+Subject: [PATCH] man/systemctl: document enable on masked units
+
+Related: #1149299
+---
+ man/systemctl.xml | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index d2430ee..b894511 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -862,6 +862,9 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
+ the system, or for all future logins of all users, or only this
+ boot. Note that in the last case, no systemd daemon
+ configuration is reloaded.</para>
++
++ <para>Using <command>enable</command> on masked units
++ results in an error.</para>
+ </listitem>
+ </varlistentry>
+
+@@ -999,8 +1002,8 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
+ <filename>/dev/null</filename>, making it impossible to
+ start them. This is a stronger version of
+ <command>disable</command>, since it prohibits all kinds of
+- activation of the unit, including manual activation. Use
+- this option with care. This honors the
++ activation of the unit, including enablement and manual
++ activation. Use this option with care. This honors the
+ <option>--runtime</option> option, to only mask temporarily
+ until the next reoobt of the system.</para>
+ </listitem>
diff --git a/SOURCES/0362-core-do-not-segfault-if-proc-swaps-cannot-be-opened.patch b/SOURCES/0362-core-do-not-segfault-if-proc-swaps-cannot-be-opened.patch
new file mode 100644
index 0000000..20d9792
--- /dev/null
+++ b/SOURCES/0362-core-do-not-segfault-if-proc-swaps-cannot-be-opened.patch
@@ -0,0 +1,54 @@
+From 4537b962be32aa0a2f49741454f168801ed7c683 Mon Sep 17 00:00:00 2001
+From: Matt Mullins <mokomull@gmail.com>
+Date: Mon, 24 Feb 2014 15:03:52 -0800
+Subject: [PATCH] core: do not segfault if /proc/swaps cannot be opened
+
+The refactoring in f84b1b1ff9b1261 ('core: do not segfault if swap
+activity happens when /proc/swaps is not open') caused
+swap_dispatch_reload and swap_enumerate to continue even if fopen()
+failed with ENOENT.
+
+This should instead be modified to return from swap_dispatch_reload and
+swap_enumerate, rather than continuing to load the list of swaps when
+m->proc_swaps is NULL.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1069393
+
+RHEL (and fedora) only
+
+Resolves: #1151239
+---
+ src/core/swap.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/swap.c b/src/core/swap.c
+index b72034f..36ef88b 100644
+--- a/src/core/swap.c
++++ b/src/core/swap.c
+@@ -1075,7 +1075,7 @@ static int open_proc_swaps(Manager *m) {
+
+ m->proc_swaps = fopen("/proc/swaps", "re");
+ if (!m->proc_swaps)
+- return (errno == ENOENT) ? 0 : -errno;
++ return -errno;
+
+ m->swap_watch.type = WATCH_SWAP;
+ m->swap_watch.fd = fileno(m->proc_swaps);
+@@ -1098,7 +1098,7 @@ int swap_dispatch_reload(Manager *m) {
+
+ r = open_proc_swaps(m);
+ if (r < 0)
+- return r;
++ return (r == -ENOENT) ? 0 : r;
+
+ return swap_fd_event(m, EPOLLPRI);
+ }
+@@ -1251,7 +1251,7 @@ static int swap_enumerate(Manager *m) {
+
+ r = open_proc_swaps(m);
+ if (r < 0)
+- return r;
++ return (r == -ENOENT) ? 0 : r;
+
+ r = swap_load_proc_swaps(m, false);
+ if (r < 0)
diff --git a/SOURCES/0363-man-we-don-t-have-Wanted-dependency.patch b/SOURCES/0363-man-we-don-t-have-Wanted-dependency.patch
new file mode 100644
index 0000000..ca23995
--- /dev/null
+++ b/SOURCES/0363-man-we-don-t-have-Wanted-dependency.patch
@@ -0,0 +1,29 @@
+From 49beb7d21d269f0feeea6a80145e1cde0d499548 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Wed, 15 Oct 2014 09:28:31 +0200
+Subject: [PATCH] man: we don't have 'Wanted' dependency
+
+(Cherry-picked from 3e883473a0f36c220fc45ecf61d6878c9ac308b4)
+
+Resolves: #1152487
+---
+ man/systemd.unit.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
+index c500953..62db219 100644
+--- a/man/systemd.unit.xml
++++ b/man/systemd.unit.xml
+@@ -175,10 +175,10 @@
+ <filename>foo.service.wants/</filename> may exist. All
+ unit files symlinked from such a directory are
+ implicitly added as dependencies of type
+- <varname>Wanted=</varname> to the unit. This is useful
++ <varname>Wants=</varname> to the unit. This is useful
+ to hook units into the start-up of other units,
+ without having to modify their unit files. For details
+- about the semantics of <varname>Wanted=</varname>, see
++ about the semantics of <varname>Wants=</varname>, see
+ below. The preferred way to create symlinks in the
+ <filename>.wants/</filename> directory of a unit file
+ is with the <command>enable</command> command of the
diff --git a/SOURCES/0364-environment-append-unit_id-to-error-messages-regardi.patch b/SOURCES/0364-environment-append-unit_id-to-error-messages-regardi.patch
new file mode 100644
index 0000000..c06f01d
--- /dev/null
+++ b/SOURCES/0364-environment-append-unit_id-to-error-messages-regardi.patch
@@ -0,0 +1,132 @@
+From 432496f644241d282d706285181a0b94c7c788f5 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Fri, 17 Oct 2014 11:46:01 +0200
+Subject: [PATCH] environment: append unit_id to error messages regarding
+ EnvironmentFile
+
+(cherry-picked from 7491ccf2cb237a2a88b831b2c7374ba2bb255cba)
+Conflicts:
+ src/core/execute.c
+
+Resolves: #1147691
+---
+ src/core/execute.c | 6 +++---
+ src/core/execute.h | 2 +-
+ src/shared/env-util.c | 13 ++++++++++---
+ src/shared/env-util.h | 2 +-
+ src/test/test-fileio.c | 2 +-
+ 5 files changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index 0894156..be99149 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1071,7 +1071,7 @@ int exec_spawn(ExecCommand *command,
+ } else
+ socket_fd = -1;
+
+- r = exec_context_load_environment(context, &files_env);
++ r = exec_context_load_environment(context, unit_id, &files_env);
+ if (r < 0) {
+ log_struct_unit(LOG_ERR,
+ unit_id,
+@@ -1776,7 +1776,7 @@ void exec_command_free_array(ExecCommand **c, unsigned n) {
+ }
+ }
+
+-int exec_context_load_environment(const ExecContext *c, char ***l) {
++int exec_context_load_environment(const ExecContext *c, const char *unit_id, char ***l) {
+ char **i, **r = NULL;
+
+ assert(c);
+@@ -1833,7 +1833,7 @@ int exec_context_load_environment(const ExecContext *c, char ***l) {
+ }
+ /* Log invalid environment variables with filename */
+ if (p)
+- p = strv_env_clean_log(p, pglob.gl_pathv[n]);
++ p = strv_env_clean_log(p, unit_id, pglob.gl_pathv[n]);
+
+ if (r == NULL)
+ r = p;
+diff --git a/src/core/execute.h b/src/core/execute.h
+index 5055890..b66bd5f 100644
+--- a/src/core/execute.h
++++ b/src/core/execute.h
+@@ -200,7 +200,7 @@ void exec_context_tmp_dirs_done(ExecContext *c);
+ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);
+ void exec_context_tty_reset(const ExecContext *context);
+
+-int exec_context_load_environment(const ExecContext *c, char ***l);
++int exec_context_load_environment(const ExecContext *c, const char *unit_id, char ***l);
+
+ bool exec_context_may_touch_console(ExecContext *c);
+ void exec_context_serialize(const ExecContext *c, Unit *u, FILE *f);
+diff --git a/src/shared/env-util.c b/src/shared/env-util.c
+index 7976881..5b5da48 100644
+--- a/src/shared/env-util.c
++++ b/src/shared/env-util.c
+@@ -29,6 +29,13 @@
+ #include "env-util.h"
+ #include "def.h"
+
++#define log_full_unit(level, unit, ...) log_meta_object(level, __FILE__, __LINE__, __func__, getpid() == 1 ? "UNIT=" : "USER_UNIT=", unit, __VA_ARGS__)
++#define log_debug_unit(unit, ...) log_full_unit(LOG_DEBUG, unit, __VA_ARGS__)
++#define log_info_unit(unit, ...) log_full_unit(LOG_INFO, unit, __VA_ARGS__)
++#define log_notice_unit(unit, ...) log_full_unit(LOG_NOTICE, unit, __VA_ARGS__)
++#define log_warning_unit(unit, ...) log_full_unit(LOG_WARNING, unit, __VA_ARGS__)
++#define log_error_unit(unit, ...) log_full_unit(LOG_ERR, unit, __VA_ARGS__)
++
+ #define VALID_CHARS_ENV_NAME \
+ DIGITS LETTERS \
+ "_"
+@@ -375,7 +382,7 @@ char *strv_env_get(char **l, const char *name) {
+ return strv_env_get_n(l, name, strlen(name));
+ }
+
+-char **strv_env_clean_log(char **e, const char *message) {
++char **strv_env_clean_log(char **e, const char *unit_id, const char *message) {
+ char **p, **q;
+ int k = 0;
+
+@@ -385,7 +392,7 @@ char **strv_env_clean_log(char **e, const char *message) {
+
+ if (!env_assignment_is_valid(*p)) {
+ if (message)
+- log_error("Ignoring invalid environment '%s': %s", *p, message);
++ log_error_unit(unit_id, "Ignoring invalid environment '%s': %s", *p, message);
+ free(*p);
+ continue;
+ }
+@@ -412,5 +419,5 @@ char **strv_env_clean_log(char **e, const char *message) {
+ }
+
+ char **strv_env_clean(char **e) {
+- return strv_env_clean_log(e, NULL);
++ return strv_env_clean_log(e, NULL, NULL);
+ }
+diff --git a/src/shared/env-util.h b/src/shared/env-util.h
+index 8d2114b..5ea82ad 100644
+--- a/src/shared/env-util.h
++++ b/src/shared/env-util.h
+@@ -30,7 +30,7 @@ bool env_assignment_is_valid(const char *e);
+
+ bool strv_env_is_valid(char **e);
+ char **strv_env_clean(char **l);
+-char **strv_env_clean_log(char **e, const char *message);
++char **strv_env_clean_log(char **e, const char *unit_id, const char *message);
+
+ bool strv_env_name_or_assignment_is_valid(char **l);
+
+diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c
+index 06f3e28..c92bb6e 100644
+--- a/src/test/test-fileio.c
++++ b/src/test/test-fileio.c
+@@ -88,7 +88,7 @@ static void test_parse_env_file(void) {
+ assert_se(streq(a[9], "ten="));
+ assert_se(a[10] == NULL);
+
+- strv_env_clean_log(a, "test");
++ strv_env_clean_log(a, NULL, "test");
+
+ k = 0;
+ STRV_FOREACH(i, b) {
diff --git a/SOURCES/0365-udevd-add-event-timeout-commandline-option.patch b/SOURCES/0365-udevd-add-event-timeout-commandline-option.patch
new file mode 100644
index 0000000..67e1048
--- /dev/null
+++ b/SOURCES/0365-udevd-add-event-timeout-commandline-option.patch
@@ -0,0 +1,125 @@
+From 3f13db324c715ab9dd0a514490160448ed3ae7ee Mon Sep 17 00:00:00 2001
+From: Hannes Reinecke <hare@suse.de>
+Date: Tue, 29 Jul 2014 09:06:14 +0200
+Subject: [PATCH] udevd: add --event-timeout commandline option
+
+Some events take longer than the default 30 seconds. Killing those
+events will leave the machine halfway configured.
+
+Add a commandline option '--event-timeout' to handle these cases.
+
+(cherry-picked from 9719859c07aa13539ed2cd4b31972cd30f678543)
+
+Conflicts:
+ src/udev/udevd.c
+
+Resolves: #1154778
+---
+ man/systemd-udevd.service.xml | 19 +++++++++++++++++++
+ src/udev/udevd.c | 14 ++++++++++++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+
+diff --git a/man/systemd-udevd.service.xml b/man/systemd-udevd.service.xml
+index 7fce300..c3a2cb9 100644
+--- a/man/systemd-udevd.service.xml
++++ b/man/systemd-udevd.service.xml
+@@ -42,6 +42,7 @@
+ <arg><option>--debug</option></arg>
+ <arg><option>--children-max=</option></arg>
+ <arg><option>--exec-delay=</option></arg>
++ <arg><option>--event-timeout=</option></arg>
+ <arg><option>--resolve-names=early|late|never</option></arg>
+ <arg><option>--version</option></arg>
+ <arg><option>--help</option></arg>
+@@ -90,6 +91,15 @@
+ </listitem>
+ </varlistentry>
+ <varlistentry>
++ <term><option>--event-timeout=</option></term>
++ <listitem>
++ <para>Wait for the event to finish up to the given
++ number of seconds. After this time the event will
++ be terminated. Default is 30.</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term><option>--resolve-names=</option></term>
+ <listitem>
+ <para>Specify when systemd-udevd should resolve names of users and groups.
+@@ -155,6 +165,15 @@
+ </listitem>
+ </varlistentry>
+ <varlistentry>
++ <term><varname>udev.event-timeout=</varname></term>
++ <term><varname>rd.udev.event-timeout=</varname></term>
++ <listitem>
++ <para>Wait for events to finish up to the given number
++ of seconds. This option might be useful if events are
++ terminated due to a timeout in large configurations.</para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
+ <term><varname>net.ifnames=</varname></term>
+ <listitem>
+ <para>Network interfaces are renamed to give them predictable names
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index 3d5feb4..6241549 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -72,6 +72,7 @@ static bool reload;
+ static int children;
+ static int children_max;
+ static int exec_delay;
++static int event_timeout = 30;
+ static sigset_t sigmask_orig;
+ static UDEV_LIST(event_list);
+ static UDEV_LIST(worker_list);
+@@ -287,6 +288,9 @@ static void worker_new(struct event *event)
+ if (exec_delay > 0)
+ udev_event->exec_delay = exec_delay;
+
++ if (event_timeout != 30)
++ udev_event->timeout_usec = event_timeout * USEC_PER_SEC;
++
+ /* apply rules, create node, symlinks */
+ udev_event_execute_rules(udev_event, rules, &sigmask_orig);
+
+@@ -884,6 +888,8 @@ static void kernel_cmdline_options(struct udev *udev)
+ children_max = strtoul(opt + 18, NULL, 0);
+ } else if (startswith(opt, "udev.exec-delay=")) {
+ exec_delay = strtoul(opt + 16, NULL, 0);
++ } else if (startswith(opt, "udev.event-timeout=")) {
++ event_timeout = strtoul(opt + 16, NULL, 0);
+ }
+
+ free(s);
+@@ -903,6 +909,7 @@ int main(int argc, char *argv[])
+ { "debug", no_argument, NULL, 'D' },
+ { "children-max", required_argument, NULL, 'c' },
+ { "exec-delay", required_argument, NULL, 'e' },
++ { "event-timeout", required_argument, NULL, 't' },
+ { "resolve-names", required_argument, NULL, 'N' },
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, 'V' },
+@@ -946,6 +953,9 @@ int main(int argc, char *argv[])
+ case 'e':
+ exec_delay = strtoul(optarg, NULL, 0);
+ break;
++ case 't':
++ event_timeout = strtoul(optarg, NULL, 0);
++ break;
+ case 'D':
+ debug = true;
+ log_set_max_level(LOG_DEBUG);
+@@ -1278,8 +1288,8 @@ int main(int argc, char *argv[])
+ if (worker->state != WORKER_RUNNING)
+ continue;
+
+- if ((now(CLOCK_MONOTONIC) - worker->event_start_usec) > 30 * 1000 * 1000) {
+- log_error("worker [%u] %s timeout; kill it\n", worker->pid,
++ if ((now(CLOCK_MONOTONIC) - worker->event_start_usec) > event_timeout * USEC_PER_SEC) {
++ log_error("worker [%u] %s timeout; kill it", worker->pid,
+ worker->event ? worker->event->devpath : "<idle>");
+ kill(worker->pid, SIGKILL);
+ worker->state = WORKER_KILLED;
diff --git a/SOURCES/0366-selinux-fix-potential-double-free-crash-in-child-pro.patch b/SOURCES/0366-selinux-fix-potential-double-free-crash-in-child-pro.patch
new file mode 100644
index 0000000..389e24f
--- /dev/null
+++ b/SOURCES/0366-selinux-fix-potential-double-free-crash-in-child-pro.patch
@@ -0,0 +1,40 @@
+From 161ad7deb00e31cb47fdc29f2e795690ffa66be4 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 13 Oct 2014 13:41:06 +0200
+Subject: [PATCH] selinux: fix potential double free crash in child process
+
+Before returning from function we should reset ret to NULL, thus cleanup
+function is nop.
+
+Also context_str() returns pointer to a string containing context but not a
+copy, hence we must make copy it explicitly.
+
+Related: #1113790
+---
+ src/shared/label.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/shared/label.c b/src/shared/label.c
+index 8f7dfb4..52aea4f 100644
+--- a/src/shared/label.c
++++ b/src/shared/label.c
+@@ -270,7 +270,8 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
+ }
+
+ freecon(mycon);
+- mycon = context_str(bcon);
++ mycon = NULL;
++ mycon = strdup(context_str(bcon));
+ if (!mycon) {
+ r = -errno;
+ goto out;
+@@ -284,8 +285,8 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
+ }
+
+ *label = ret;
++ ret = NULL;
+ r = 0;
+-
+ out:
+ if (r < 0 && security_getenforce() == 1)
+ return r;
diff --git a/SOURCES/0367-selinux-pass-flag-to-correct-exec_spawn.patch b/SOURCES/0367-selinux-pass-flag-to-correct-exec_spawn.patch
new file mode 100644
index 0000000..ccdb2c0
--- /dev/null
+++ b/SOURCES/0367-selinux-pass-flag-to-correct-exec_spawn.patch
@@ -0,0 +1,42 @@
+From c230e5e8efe72cf4137bf29a197059e5a23bb532 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 13 Oct 2014 13:57:08 +0200
+Subject: [PATCH] selinux: pass flag to correct exec_spawn
+
+We want to spawn service with label passed by remote peer and not processes
+spawned by socket unit itself.
+
+RHEL-only patch
+
+Related: #1113790
+---
+ src/core/service.c | 2 +-
+ src/core/socket.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 7ef2b3a..635a953 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -1867,7 +1867,7 @@ static int service_spawn(
+ apply_chroot,
+ apply_tty_stdin,
+ UNIT(s)->manager->confirm_spawn,
+- false,
++ s->socket_fd_selinux_context_net,
+ UNIT(s)->manager->cgroup_supported,
+ path,
+ UNIT(s)->id,
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 958d063..1a91700 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -1234,7 +1234,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
+ true,
+ true,
+ UNIT(s)->manager->confirm_spawn,
+- s->selinux_context_from_net,
++ false,
+ UNIT(s)->manager->cgroup_supported,
+ UNIT(s)->cgroup_path,
+ UNIT(s)->id,
diff --git a/SOURCES/0368-selinux-set-selinux-context-applied-on-exec-before-c.patch b/SOURCES/0368-selinux-set-selinux-context-applied-on-exec-before-c.patch
new file mode 100644
index 0000000..2cffafb
--- /dev/null
+++ b/SOURCES/0368-selinux-set-selinux-context-applied-on-exec-before-c.patch
@@ -0,0 +1,89 @@
+From e7c4dc07d35a10dc90f013572da6d25d17311d0a Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 13 Oct 2014 16:12:30 +0200
+Subject: [PATCH] selinux: set selinux context applied on exec() before closing
+ all fds
+
+We need original socket_fd around otherwise label_get_child_mls_label fails with
+-EINVAL return code.
+
+Related: #1113790
+---
+ src/core/execute.c | 56 +++++++++++++++++++++++++++++-------------------------
+ 1 file changed, 30 insertions(+), 26 deletions(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index be99149..06713cc 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1401,6 +1401,36 @@ int exec_spawn(ExecCommand *command,
+ }
+ }
+
++#ifdef HAVE_SELINUX
++ if (apply_permissions) {
++ if (use_selinux()) {
++ if (context->selinux_context) {
++ err = setexeccon(context->selinux_context);
++ if (err < 0 && !context->selinux_context_ignore) {
++ r = EXIT_SELINUX_CONTEXT;
++ goto fail_child;
++ }
++ }
++
++ if (selinux_context_net && socket_fd >= 0) {
++ _cleanup_free_ char *label = NULL;
++
++ err = label_get_child_mls_label(socket_fd, command->path, &label);
++ if (err < 0) {
++ r = EXIT_SELINUX_CONTEXT;
++ goto fail_child;
++ }
++
++ err = setexeccon(label);
++ if (err < 0) {
++ r = EXIT_SELINUX_CONTEXT;
++ goto fail_child;
++ }
++ }
++ }
++ }
++#endif
++
+ /* We repeat the fd closing here, to make sure that
+ * nothing is leaked from the PAM modules */
+ err = close_all_fds(fds, n_fds);
+@@ -1474,33 +1504,7 @@ int exec_spawn(ExecCommand *command,
+ goto fail_child;
+ }
+ }
+-#ifdef HAVE_SELINUX
+- if (use_selinux()) {
+- if (context->selinux_context) {
+- err = setexeccon(context->selinux_context);
+- if (err < 0 && !context->selinux_context_ignore) {
+- r = EXIT_SELINUX_CONTEXT;
+- goto fail_child;
+- }
+- }
+-
+- if (selinux_context_net && socket_fd >= 0) {
+- _cleanup_free_ char *label = NULL;
+
+- err = label_get_child_mls_label(socket_fd, command->path, &label);
+- if (err < 0) {
+- r = EXIT_SELINUX_CONTEXT;
+- goto fail_child;
+- }
+-
+- err = setexeccon(label);
+- if (err < 0) {
+- r = EXIT_SELINUX_CONTEXT;
+- goto fail_child;
+- }
+- }
+- }
+-#endif
+ }
+
+ our_env = new0(char*, 7);
diff --git a/SOURCES/0369-logind-use-correct-who-enum-values-with-KillUnit.patch b/SOURCES/0369-logind-use-correct-who-enum-values-with-KillUnit.patch
new file mode 100644
index 0000000..ca40c6e
--- /dev/null
+++ b/SOURCES/0369-logind-use-correct-who-enum-values-with-KillUnit.patch
@@ -0,0 +1,43 @@
+From 53e9be6b9c38a7a7d943b01da6898355c535991e Mon Sep 17 00:00:00 2001
+From: Marius Vollmer <mvollmer@redhat.com>
+Date: Thu, 31 Oct 2013 15:55:07 +0200
+Subject: [PATCH] logind: use correct "who" enum values with KillUnit.
+
+rhel-only (in upstream fixed during dbus rewrite)
+
+Resolves: #1155502
+---
+ src/login/logind-dbus.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
+index 6cabb7b..4137522 100644
+--- a/src/login/logind-dbus.c
++++ b/src/login/logind-dbus.c
+@@ -116,7 +116,7 @@
+ " <method name=\"KillSession\">\n" \
+ " <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
+ " <arg name=\"who\" type=\"s\" direction=\"in\"/>\n" \
+- " <arg name=\"signal\" type=\"s\" direction=\"in\"/>\n" \
++ " <arg name=\"signal\" type=\"i\" direction=\"in\"/>\n" \
+ " </method>\n" \
+ " <method name=\"KillUser\">\n" \
+ " <arg name=\"uid\" type=\"u\" direction=\"in\"/>\n" \
+@@ -2814,7 +2814,7 @@ int manager_kill_unit(Manager *manager, const char *unit, KillWho who, int signo
+ assert(manager);
+ assert(unit);
+
+- w = who == KILL_LEADER ? "process" : "cgroup";
++ w = who == KILL_LEADER ? "main" : "all";
+ assert_cc(sizeof(signo) == sizeof(int32_t));
+
+ r = bus_method_call_with_reply(
+@@ -2830,7 +2830,7 @@ int manager_kill_unit(Manager *manager, const char *unit, KillWho who, int signo
+ DBUS_TYPE_INT32, &signo,
+ DBUS_TYPE_INVALID);
+ if (r < 0) {
+- log_error("Failed to stop unit %s: %s", unit, bus_error(error, r));
++ log_error("Failed to kill unit %s: %s", unit, bus_error(error, r));
+ return r;
+ }
+
diff --git a/SOURCES/0370-logind-always-kill-session-when-termination-is-reque.patch b/SOURCES/0370-logind-always-kill-session-when-termination-is-reque.patch
new file mode 100644
index 0000000..f4b8ed3
--- /dev/null
+++ b/SOURCES/0370-logind-always-kill-session-when-termination-is-reque.patch
@@ -0,0 +1,291 @@
+From c4e4ad079d6c3c18b6f08722ce30796e8c53346b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 8 Feb 2014 20:29:56 -0500
+Subject: [PATCH] logind: always kill session when termination is requested
+
+KillUserProcesses=yes/no should be ignored when termination is
+explicitly requested.
+
+Conflicts:
+ src/login/logind-dbus.c
+ src/login/logind-seat-dbus.c
+ src/login/logind-session-dbus.c
+ src/login/logind-session.c
+ src/login/logind-user-dbus.c
+ src/login/logind.c
+
+(cherry-picked (or better say rewritten) from 9bb69af4f2823fdd30902f5ffd959e9b041feb53)
+
+Resolves: #1155502
+---
+ src/login/logind-dbus.c | 6 +++---
+ src/login/logind-seat-dbus.c | 2 +-
+ src/login/logind-seat.c | 8 ++++----
+ src/login/logind-seat.h | 4 ++--
+ src/login/logind-session-dbus.c | 2 +-
+ src/login/logind-session.c | 8 ++++----
+ src/login/logind-session.h | 2 +-
+ src/login/logind-user-dbus.c | 2 +-
+ src/login/logind-user.c | 4 ++--
+ src/login/logind-user.h | 2 +-
+ src/login/logind.c | 10 +++++-----
+ 11 files changed, 25 insertions(+), 25 deletions(-)
+
+diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
+index 4137522..8a463f9 100644
+--- a/src/login/logind-dbus.c
++++ b/src/login/logind-dbus.c
+@@ -1927,7 +1927,7 @@ static DBusHandlerResult manager_message_handler(
+ if (!session)
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
+
+- r = session_stop(session);
++ r = session_stop(session, true);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, NULL, r);
+
+@@ -1950,7 +1950,7 @@ static DBusHandlerResult manager_message_handler(
+ if (!user)
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
+
+- r = user_stop(user);
++ r = user_stop(user, true);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, NULL, r);
+
+@@ -1973,7 +1973,7 @@ static DBusHandlerResult manager_message_handler(
+ if (!seat)
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
+
+- r = seat_stop_sessions(seat);
++ r = seat_stop_sessions(seat, true);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, NULL, r);
+
+diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c
+index 230f7f0..c87c1de 100644
+--- a/src/login/logind-seat-dbus.c
++++ b/src/login/logind-seat-dbus.c
+@@ -261,7 +261,7 @@ static DBusHandlerResult seat_message_dispatch(
+
+ if (dbus_message_is_method_call(message, "org.freedesktop.login1.Seat", "Terminate")) {
+
+- r = seat_stop_sessions(s);
++ r = seat_stop_sessions(s, true);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, NULL, r);
+
+diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
+index feebcf4..d3b999d 100644
+--- a/src/login/logind-seat.c
++++ b/src/login/logind-seat.c
+@@ -369,7 +369,7 @@ int seat_start(Seat *s) {
+ return 0;
+ }
+
+-int seat_stop(Seat *s) {
++int seat_stop(Seat *s, bool force) {
+ int r = 0;
+
+ assert(s);
+@@ -381,7 +381,7 @@ int seat_stop(Seat *s) {
+ "MESSAGE=Removed seat %s.", s->id,
+ NULL);
+
+- seat_stop_sessions(s);
++ seat_stop_sessions(s, force);
+
+ unlink(s->state_file);
+ seat_add_to_gc_queue(s);
+@@ -394,14 +394,14 @@ int seat_stop(Seat *s) {
+ return r;
+ }
+
+-int seat_stop_sessions(Seat *s) {
++int seat_stop_sessions(Seat *s, bool force) {
+ Session *session;
+ int r = 0, k;
+
+ assert(s);
+
+ LIST_FOREACH(sessions_by_seat, session, s->sessions) {
+- k = session_stop(session);
++ k = session_stop(session, force);
+ if (k < 0)
+ r = k;
+ }
+diff --git a/src/login/logind-seat.h b/src/login/logind-seat.h
+index be6db6e..bf496b3 100644
+--- a/src/login/logind-seat.h
++++ b/src/login/logind-seat.h
+@@ -72,8 +72,8 @@ bool seat_can_graphical(Seat *s);
+ int seat_get_idle_hint(Seat *s, dual_timestamp *t);
+
+ int seat_start(Seat *s);
+-int seat_stop(Seat *s);
+-int seat_stop_sessions(Seat *s);
++int seat_stop(Seat *s, bool force);
++int seat_stop_sessions(Seat *s, bool force);
+
+ int seat_check_gc(Seat *s, bool drop_not_started);
+ void seat_add_to_gc_queue(Seat *s);
+diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c
+index 86b0746..76e16e7 100644
+--- a/src/login/logind-session-dbus.c
++++ b/src/login/logind-session-dbus.c
+@@ -311,7 +311,7 @@ static DBusHandlerResult session_message_dispatch(
+
+ if (dbus_message_is_method_call(message, "org.freedesktop.login1.Session", "Terminate")) {
+
+- r = session_stop(s);
++ r = session_stop(s, true);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, NULL, r);
+
+diff --git a/src/login/logind-session.c b/src/login/logind-session.c
+index 0fa290b..669a027 100644
+--- a/src/login/logind-session.c
++++ b/src/login/logind-session.c
+@@ -609,7 +609,7 @@ int session_start(Session *s) {
+ return 0;
+ }
+
+-static int session_stop_scope(Session *s) {
++static int session_stop_scope(Session *s, bool force) {
+ DBusError error;
+ char *job;
+ int r;
+@@ -621,7 +621,7 @@ static int session_stop_scope(Session *s) {
+ if (!s->scope)
+ return 0;
+
+- if (manager_shall_kill(s->manager, s->user->name)) {
++ if (force || manager_shall_kill(s->manager, s->user->name)) {
+ r = manager_stop_unit(s->manager, s->scope, &error, &job);
+ if (r < 0) {
+ log_error("Failed to stop session scope: %s", bus_error(&error, r));
+@@ -676,7 +676,7 @@ static void session_close_timer_fd(Session *s) {
+ s->timer_fd = -1;
+ }
+
+-int session_stop(Session *s) {
++int session_stop(Session *s, bool force) {
+ int r;
+
+ assert(s);
+@@ -690,7 +690,7 @@ int session_stop(Session *s) {
+ session_remove_fifo(s);
+
+ /* Kill cgroup */
+- r = session_stop_scope(s);
++ r = session_stop_scope(s, force);
+
+ s->stopping = true;
+
+diff --git a/src/login/logind-session.h b/src/login/logind-session.h
+index 9b76582..3659872 100644
+--- a/src/login/logind-session.h
++++ b/src/login/logind-session.h
+@@ -131,7 +131,7 @@ void session_set_idle_hint(Session *s, bool b);
+ int session_create_fifo(Session *s);
+ void session_remove_fifo(Session *s);
+ int session_start(Session *s);
+-int session_stop(Session *s);
++int session_stop(Session *s, bool force);
+ int session_finalize(Session *s);
+ void session_release(Session *s);
+ int session_save(Session *s);
+diff --git a/src/login/logind-user-dbus.c b/src/login/logind-user-dbus.c
+index fa2ecba..72dd5d0 100644
+--- a/src/login/logind-user-dbus.c
++++ b/src/login/logind-user-dbus.c
+@@ -242,7 +242,7 @@ static DBusHandlerResult user_message_dispatch(
+
+ if (dbus_message_is_method_call(message, "org.freedesktop.login1.User", "Terminate")) {
+
+- r = user_stop(u);
++ r = user_stop(u, true);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, NULL, r);
+
+diff --git a/src/login/logind-user.c b/src/login/logind-user.c
+index 653574e..6ddda54 100644
+--- a/src/login/logind-user.c
++++ b/src/login/logind-user.c
+@@ -466,13 +466,13 @@ static int user_remove_runtime_path(User *u) {
+ return r;
+ }
+
+-int user_stop(User *u) {
++int user_stop(User *u, bool force) {
+ Session *s;
+ int r = 0, k;
+ assert(u);
+
+ LIST_FOREACH(sessions_by_user, s, u->sessions) {
+- k = session_stop(s);
++ k = session_stop(s, force);
+ if (k < 0)
+ r = k;
+ }
+diff --git a/src/login/logind-user.h b/src/login/logind-user.h
+index a12532e..13513fa 100644
+--- a/src/login/logind-user.h
++++ b/src/login/logind-user.h
+@@ -72,7 +72,7 @@ void user_free(User *u);
+ int user_check_gc(User *u, bool drop_not_started);
+ void user_add_to_gc_queue(User *u);
+ int user_start(User *u);
+-int user_stop(User *u);
++int user_stop(User *u, bool force);
+ int user_finalize(User *u);
+ UserState user_get_state(User *u);
+ int user_get_idle_hint(User *u, dual_timestamp *t);
+diff --git a/src/login/logind.c b/src/login/logind.c
+index 5180be7..da3c099 100644
+--- a/src/login/logind.c
++++ b/src/login/logind.c
+@@ -618,14 +618,14 @@ static void manager_dispatch_other(Manager *m, int fd) {
+ if (s) {
+ assert(s->fifo_fd == fd);
+ session_remove_fifo(s);
+- session_stop(s);
++ session_stop(s, false);
+ return;
+ }
+
+ s = hashmap_get(m->timer_fds, INT_TO_PTR(fd + 1));
+ if (s) {
+ assert(s->timer_fd == fd);
+- session_stop(s);
++ session_stop(s, false);
+ return;
+ }
+
+@@ -942,7 +942,7 @@ void manager_gc(Manager *m, bool drop_not_started) {
+ seat->in_gc_queue = false;
+
+ if (seat_check_gc(seat, drop_not_started) == 0) {
+- seat_stop(seat);
++ seat_stop(seat, false);
+ seat_free(seat);
+ }
+ }
+@@ -954,7 +954,7 @@ void manager_gc(Manager *m, bool drop_not_started) {
+ /* First, if we are not closing yet, initiate stopping */
+ if (!session_check_gc(session, drop_not_started) &&
+ session_get_state(session) != SESSION_CLOSING)
+- session_stop(session);
++ session_stop(session, false);
+
+ if (!session_check_gc(session, drop_not_started)) {
+ session_finalize(session);
+@@ -968,7 +968,7 @@ void manager_gc(Manager *m, bool drop_not_started) {
+
+ if (!user_check_gc(user, drop_not_started) &&
+ user_get_state(user) != USER_CLOSING)
+- user_stop(user);
++ user_stop(user, false);
+
+ if (!user_check_gc(user, drop_not_started)) {
+ user_finalize(user);
diff --git a/SOURCES/0371-udev-net_id-correctly-name-netdevs-based-on-dev_port.patch b/SOURCES/0371-udev-net_id-correctly-name-netdevs-based-on-dev_port.patch
new file mode 100644
index 0000000..a094bee
--- /dev/null
+++ b/SOURCES/0371-udev-net_id-correctly-name-netdevs-based-on-dev_port.patch
@@ -0,0 +1,49 @@
+From 74888db37748c20b144a7cb117fb35f5c9804bcb Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Sat, 25 Oct 2014 17:10:11 +0200
+Subject: [PATCH] udev: net_id - correctly name netdevs based on dev_port when
+ set
+
+Upstream, dev_id was replaced by dev_port, and the same happened for some kernel
+drivers. This logic is not in the RHEL7 kernel, except for one new driver which
+uses dev_port, but never used dev_id in the past.
+
+To give proper names to these devices, fall back to using dev_port when dev_id
+is not set. This does not affect any existing drivers.
+
+(rhel only)
+
+Resolves: #1155996
+---
+ src/udev/udev-builtin-net_id.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
+index b3cb04b..b5b5909 100644
+--- a/src/udev/udev-builtin-net_id.c
++++ b/src/udev/udev-builtin-net_id.c
+@@ -36,7 +36,7 @@
+ * o<index> -- on-board device index number
+ * s<slot>[f<function>][d<dev_id>] -- hotplug slot index number
+ * x<MAC> -- MAC address
+- * [P<domain>]p<bus>s<slot>[f<function>][d<dev_id>]
++ * [P<domain>]p<bus>s<slot>[f<function>][d<dev_id>/<dev_port>]
+ * -- PCI geographical location
+ * [P<domain>]p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>]
+ * -- USB port number chain
+@@ -185,8 +185,14 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
+
+ /* kernel provided multi-device index */
+ attr = udev_device_get_sysattr_value(dev, "dev_id");
+- if (attr)
++ if (attr) {
+ dev_id = strtol(attr, NULL, 16);
++ if (dev_id == 0) {
++ attr = udev_device_get_sysattr_value(dev, "dev_port");
++ if (attr)
++ dev_id = strtol(attr, NULL, 16);
++ }
++ }
+
+ /* compose a name based on the raw kernel's PCI bus, slot numbers */
+ s = names->pci_path;
diff --git a/SOURCES/0372-udev-net_id-dev_port-is-base-10.patch b/SOURCES/0372-udev-net_id-dev_port-is-base-10.patch
new file mode 100644
index 0000000..d3dce5e
--- /dev/null
+++ b/SOURCES/0372-udev-net_id-dev_port-is-base-10.patch
@@ -0,0 +1,23 @@
+From 6aba16d2932457f516a3153d85b147f3d962f4a2 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Tue, 4 Nov 2014 17:59:28 +0100
+Subject: [PATCH] udev: net_id dev_port is base 10
+
+Related: #1155996
+---
+ src/udev/udev-builtin-net_id.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
+index b5b5909..4e6ca96 100644
+--- a/src/udev/udev-builtin-net_id.c
++++ b/src/udev/udev-builtin-net_id.c
+@@ -190,7 +190,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
+ if (dev_id == 0) {
+ attr = udev_device_get_sysattr_value(dev, "dev_port");
+ if (attr)
+- dev_id = strtol(attr, NULL, 16);
++ dev_id = strtol(attr, NULL, 10);
+ }
+ }
+
diff --git a/SOURCES/0373-udev-Fix-parsing-of-udev.event-timeout-kernel-parame.patch b/SOURCES/0373-udev-Fix-parsing-of-udev.event-timeout-kernel-parame.patch
new file mode 100644
index 0000000..2a30e1a
--- /dev/null
+++ b/SOURCES/0373-udev-Fix-parsing-of-udev.event-timeout-kernel-parame.patch
@@ -0,0 +1,25 @@
+From 1949cb6f5ff8cccecfab4eca5a4e697d5c55dbdf Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 5 Nov 2014 10:50:01 +0100
+Subject: [PATCH] udev: Fix parsing of udev.event-timeout kernel parameter
+
+(rhel-only, will be fixed in upstream differently)
+
+Related: #1154778
+---
+ src/udev/udevd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index 6241549..8d3f64f 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -889,7 +889,7 @@ static void kernel_cmdline_options(struct udev *udev)
+ } else if (startswith(opt, "udev.exec-delay=")) {
+ exec_delay = strtoul(opt + 16, NULL, 0);
+ } else if (startswith(opt, "udev.event-timeout=")) {
+- event_timeout = strtoul(opt + 16, NULL, 0);
++ event_timeout = strtoul(opt + 19, NULL, 0);
+ }
+
+ free(s);
diff --git a/SOURCES/0374-login-rerun-vconsole-setup-when-switching-from-vgaco.patch b/SOURCES/0374-login-rerun-vconsole-setup-when-switching-from-vgaco.patch
new file mode 100644
index 0000000..b97447c
--- /dev/null
+++ b/SOURCES/0374-login-rerun-vconsole-setup-when-switching-from-vgaco.patch
@@ -0,0 +1,61 @@
+From 8659757c045dcdb6fcf628fa76025f1a2f533e8a Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Wed, 5 Nov 2014 08:30:52 -0500
+Subject: [PATCH] login: rerun vconsole-setup when switching from vgacon to
+ fbcon
+
+The initialization performed by systemd-vconsole-setup is reset
+when changing console drivers (say from vgacon to fbcon), so we
+need to run it in that case.
+
+See
+http://lists.freedesktop.org/archives/systemd-devel/2014-October/023919.html
+http://lists.freedesktop.org/archives/systemd-devel/2014-October/024423.html
+http://lists.freedesktop.org/archives/systemd-devel/2014-November/024881.html
+
+This commit adds a udev rule to make systemd-vconsole-setup get run when
+the fbcon device becomes available.
+
+(david: moved into new file 90-vconsole.rules instead of 71-seats.rules;
+ build-failures are on me, not on Ray)
+
+(cherry-picked from f6ba8671d83f9fce9a00045d8fa399a1c07ba7fc)
+
+Related: #1002450
+---
+ Makefile.am | 3 +++
+ src/vconsole/90-vconsole.rules | 11 +++++++++++
+ 2 files changed, 14 insertions(+)
+ create mode 100644 src/vconsole/90-vconsole.rules
+
+diff --git a/Makefile.am b/Makefile.am
+index dab55ba..faf2a32 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -3258,6 +3258,9 @@ rootlibexec_PROGRAMS += \
+ nodist_systemunit_DATA += \
+ units/systemd-vconsole-setup.service
+
++dist_udevrules_DATA += \
++ src/vconsole/90-vconsole.rules
++
+ SYSINIT_TARGET_WANTS += \
+ systemd-vconsole-setup.service
+ endif
+diff --git a/src/vconsole/90-vconsole.rules b/src/vconsole/90-vconsole.rules
+new file mode 100644
+index 0000000..bf6a9ef
+--- /dev/null
++++ b/src/vconsole/90-vconsole.rules
+@@ -0,0 +1,11 @@
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++
++# Kernel resets vconsole state when changing console drivers so run
++# systemd-vconsole-setup when fbcon loads
++
++ACTION=="add", SUBSYSTEM=="graphics", KERNEL=="fbcon", RUN+="/usr/lib/systemd/systemd-vconsole-setup"
diff --git a/SOURCES/0375-cgroups-agent-really-down-grade-log-level.patch b/SOURCES/0375-cgroups-agent-really-down-grade-log-level.patch
new file mode 100644
index 0000000..f3e9852
--- /dev/null
+++ b/SOURCES/0375-cgroups-agent-really-down-grade-log-level.patch
@@ -0,0 +1,29 @@
+From 6b8650a2e10a00088b977467bf0c79dd7044fcd9 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Mon, 10 Nov 2014 17:00:20 +0100
+Subject: [PATCH] cgroups-agent: really down-grade log level
+
+(rhel-only, fix for broken backport b0010d76a8c56900d15fab8ac1ed94d364d1e566)
+
+Related: #1044386
+---
+ src/cgroups-agent/cgroups-agent.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c
+index 43b9b3a..57db147 100644
+--- a/src/cgroups-agent/cgroups-agent.c
++++ b/src/cgroups-agent/cgroups-agent.c
+@@ -50,11 +50,10 @@ int main(int argc, char *argv[]) {
+
+ bus = dbus_connection_open_private("unix:path=/run/systemd/private", &error);
+ if (!bus) {
+- log_warning("Failed to get D-Bus connection: %s", strerror(-r));
+ /* If we couldn't connect we assume this was triggered
+ * while systemd got restarted/transitioned from
+ * initrd to the system, so let's ignore this */
+- log_debug("Failed to get D-Bus connection: %s", strerror(-r));
++ log_debug("Failed to get D-Bus connection: %s", bus_error_message(&error));
+ goto finish;
+ }
+
diff --git a/SOURCES/0376-core-introduce-new-Delegate-yes-no-property-controll.patch b/SOURCES/0376-core-introduce-new-Delegate-yes-no-property-controll.patch
new file mode 100644
index 0000000..ab61ded
--- /dev/null
+++ b/SOURCES/0376-core-introduce-new-Delegate-yes-no-property-controll.patch
@@ -0,0 +1,385 @@
+From 310c5654023cd224f4c016872e39335b1b3ac603 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 13 Nov 2014 14:34:42 +0100
+Subject: [PATCH] core: introduce new Delegate=yes/no property controlling
+ creation of cgroup subhierarchies
+
+For priviliged units this resource control property ensures that the
+processes have all controllers systemd manages enabled.
+
+For unpriviliged services (those with User= set) this ensures that
+access rights to the service cgroup is granted to the user in question,
+to create further subgroups. Note that this only applies to the
+name=systemd hierarchy though, as access to other controllers is not
+safe for unpriviliged processes.
+
+Delegate=yes should be set for container scopes where a systemd instance
+inside the container shall manage the hierarchies below its own cgroup
+and have access to all controllers.
+
+Delegate=yes should also be set for user@.service, so that systemd
+--user can run, controlling its own cgroup tree.
+
+This commit changes machined, systemd-nspawn@.service and user@.service
+to set this boolean, in order to ensure that container management will
+just work, and the user systemd instance can run fine.
+
+(cherry picked from a931ad47a8623163a29d898224d8a8c1177ffdaf)
+
+Resolves: #1139223
+---
+ man/systemd.resource-control.xml | 14 ++++++++++++
+ src/core/cgroup.c | 19 +++++++++++++++--
+ src/core/cgroup.h | 2 ++
+ src/core/dbus-cgroup.c | 40 +++++++++++++++++++++++++++++++++++
+ src/core/execute.c | 23 +++++++++++++++++---
+ src/core/execute.h | 2 ++
+ src/core/load-fragment-gperf.gperf.m4 | 3 ++-
+ src/core/mount.c | 1 +
+ src/core/service.c | 1 +
+ src/core/socket.c | 1 +
+ src/core/swap.c | 1 +
+ src/machine/machined-dbus.c | 10 +++++++++
+ src/shared/cgroup-util.h | 3 ++-
+ units/systemd-nspawn@.service.in | 1 +
+ 14 files changed, 114 insertions(+), 7 deletions(-)
+
+diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
+index 8688905..3748c0c 100644
+--- a/man/systemd.resource-control.xml
++++ b/man/systemd.resource-control.xml
+@@ -327,6 +327,20 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ </listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term><varname>Delegate=</varname></term>
++
++ <listitem>
++ <para>Turns on delegation of further resource control
++ partitioning to processes of the unit. For unpriviliged
++ services (i.e. those using the <varname>User=</varname>
++ setting) this allows processes to create a subhierarchy
++ beneath its control group path. For priviliged services and
++ scopes this ensures the processes will have all control
++ group controllers enabled.</para>
++ </listitem>
++ </varlistentry>
++
+ </variablelist>
+ </refsect1>
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index c215a86..443937b 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -94,14 +94,16 @@ void cgroup_context_dump(CGroupContext *c, FILE* f, const char *prefix) {
+ "%sCPUShares=%lu\n"
+ "%sBlockIOWeight=%lu\n"
+ "%sMemoryLimit=%" PRIu64 "\n"
+- "%sDevicePolicy=%s\n",
++ "%sDevicePolicy=%s\n"
++ "%sDelegate=%s\n",
+ prefix, yes_no(c->cpu_accounting),
+ prefix, yes_no(c->blockio_accounting),
+ prefix, yes_no(c->memory_accounting),
+ prefix, c->cpu_shares,
+ prefix, c->blockio_weight,
+ prefix, c->memory_limit,
+- prefix, cgroup_device_policy_to_string(c->device_policy));
++ prefix, cgroup_device_policy_to_string(c->device_policy),
++ prefix, yes_no(c->delegate));
+
+ LIST_FOREACH(device_allow, a, c->device_allow)
+ fprintf(f,
+@@ -342,6 +344,19 @@ static CGroupControllerMask unit_get_cgroup_mask(Unit *u) {
+ if (!c)
+ return 0;
+
++ /* If delegation is turned on, then turn on all cgroups,
++ * unless the process we fork into it is known to drop
++ * privileges anyway, and shouldn't get access to the
++ * controllers anyway. */
++
++ if (c->delegate) {
++ ExecContext *e;
++
++ e = unit_get_exec_context(u);
++ if (!e || exec_context_maintains_privileges(e))
++ return _CGROUP_CONTROLLER_MASK_ALL;
++ }
++
+ return cgroup_context_get_mask(c);
+ }
+
+diff --git a/src/core/cgroup.h b/src/core/cgroup.h
+index 0a079e9..d00bcac 100644
+--- a/src/core/cgroup.h
++++ b/src/core/cgroup.h
+@@ -80,6 +80,8 @@ struct CGroupContext {
+
+ CGroupDevicePolicy device_policy;
+ LIST_HEAD(CGroupDeviceAllow, device_allow);
++
++ bool delegate;
+ };
+
+ #include "unit.h"
+diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
+index 9ebcad9..a13c869 100644
+--- a/src/core/dbus-cgroup.c
++++ b/src/core/dbus-cgroup.c
+@@ -124,6 +124,7 @@ static int bus_cgroup_append_device_allow(DBusMessageIter *i, const char *proper
+ }
+
+ const BusProperty bus_cgroup_context_properties[] = {
++ { "Delegate", bus_property_append_bool, "b", offsetof(CGroupContext, delegate) },
+ { "CPUAccounting", bus_property_append_bool, "b", offsetof(CGroupContext, cpu_accounting) },
+ { "CPUShares", bus_property_append_ul, "t", offsetof(CGroupContext, cpu_shares) },
+ { "BlockIOAccounting", bus_property_append_bool, "b", offsetof(CGroupContext, blockio_accounting) },
+@@ -138,6 +139,38 @@ const BusProperty bus_cgroup_context_properties[] = {
+ {}
+ };
+
++static int bus_cgroup_set_transient_property(
++ Unit *u,
++ CGroupContext *c,
++ const char *name,
++ DBusMessageIter *i,
++ UnitSetPropertiesMode mode,
++ DBusError *error) {
++
++ assert(u);
++ assert(c);
++ assert(name);
++ assert(i);
++
++ if (streq(name, "Delegate")) {
++
++ if (dbus_message_iter_get_arg_type(i) != DBUS_TYPE_BOOLEAN)
++ return -EINVAL;
++
++ if (mode != UNIT_CHECK) {
++ dbus_bool_t b;
++
++ dbus_message_iter_get_basic(i, &b);
++ c->delegate = b;
++ unit_write_drop_in_private(u, mode, name, b ? "Delegate=yes" : "Delegate=no");
++ }
++
++ return 1;
++ }
++
++ return 0;
++}
++
+ int bus_cgroup_set_property(
+ Unit *u,
+ CGroupContext *c,
+@@ -550,5 +583,12 @@ int bus_cgroup_set_property(
+ return 1;
+ }
+
++ if (u->transient && u->load_state == UNIT_STUB) {
++ int r;
++ r = bus_cgroup_set_transient_property(u, c, name, i, mode, error);
++ if (r != 0)
++ return r;
++ }
++
+ return 0;
+ }
+diff --git a/src/core/execute.c b/src/core/execute.c
+index 06713cc..d814c39 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1042,6 +1042,7 @@ int exec_spawn(ExecCommand *command,
+ bool selinux_context_net,
+ CGroupControllerMask cgroup_supported,
+ const char *cgroup_path,
++ bool cgroup_delegate,
+ const char *unit_id,
+ int idle_pipe[4],
+ pid_t *ret) {
+@@ -1306,8 +1307,10 @@ int exec_spawn(ExecCommand *command,
+ }
+ }
+
+-#ifdef HAVE_PAM
+- if (cgroup_path && context->user && context->pam_name) {
++ /* If delegation is enabled we'll pass ownership of the cgroup
++ * (but only in systemd's own controller hierarchy!) to the
++ * user of the new process. */
++ if (cgroup_path && context->user && cgroup_delegate) {
+ err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
+ if (err < 0) {
+ r = EXIT_CGROUP;
+@@ -1321,7 +1324,6 @@ int exec_spawn(ExecCommand *command,
+ goto fail_child;
+ }
+ }
+-#endif
+
+ if (apply_permissions) {
+ err = enforce_groups(context, username, gid);
+@@ -2116,6 +2118,21 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
+
+ }
+
++bool exec_context_maintains_privileges(ExecContext *c) {
++ assert(c);
++
++ /* Returns true if the process forked off would run under
++ * an unchanged UID or as root. */
++
++ if (!c->user)
++ return true;
++
++ if (streq(c->user, "root") || streq(c->user, "0"))
++ return true;
++
++ return false;
++}
++
+ void exec_status_start(ExecStatus *s, pid_t pid) {
+ assert(s);
+
+diff --git a/src/core/execute.h b/src/core/execute.h
+index b66bd5f..03afdf3 100644
+--- a/src/core/execute.h
++++ b/src/core/execute.h
+@@ -177,6 +177,7 @@ int exec_spawn(ExecCommand *command,
+ bool selinux_context_net,
+ CGroupControllerMask cgroup_mask,
+ const char *cgroup_path,
++ bool cgroup_delegate,
+ const char *unit_id,
+ int pipe_fd[2],
+ pid_t *ret);
+@@ -203,6 +204,7 @@ void exec_context_tty_reset(const ExecContext *context);
+ int exec_context_load_environment(const ExecContext *c, const char *unit_id, char ***l);
+
+ bool exec_context_may_touch_console(ExecContext *c);
++bool exec_context_maintains_privileges(ExecContext *c);
+ void exec_context_serialize(const ExecContext *c, Unit *u, FILE *f);
+
+ void exec_status_start(ExecStatus *s, pid_t pid);
+diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
+index ee7cd5d..c6eb757 100644
+--- a/src/core/load-fragment-gperf.gperf.m4
++++ b/src/core/load-fragment-gperf.gperf.m4
+@@ -96,7 +96,8 @@ $1.BlockIOAccounting, config_parse_bool, 0,
+ $1.BlockIOWeight, config_parse_blockio_weight, 0, offsetof($1, cgroup_context)
+ $1.BlockIODeviceWeight, config_parse_blockio_device_weight, 0, offsetof($1, cgroup_context)
+ $1.BlockIOReadBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context)
+-$1.BlockIOWriteBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context)'
++$1.BlockIOWriteBandwidth, config_parse_blockio_bandwidth, 0, offsetof($1, cgroup_context)
++$1.Delegate, config_parse_bool, 0, offsetof($1, cgroup_context.delegate)'
+ )m4_dnl
+ Unit.Description, config_parse_unit_string_printf, 0, offsetof(Unit, description)
+ Unit.Documentation, config_parse_documentation, 0, offsetof(Unit, documentation)
+diff --git a/src/core/mount.c b/src/core/mount.c
+index bbceb92..a9cd28b 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -794,6 +794,7 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
+ false,
+ UNIT(m)->manager->cgroup_supported,
+ UNIT(m)->cgroup_path,
++ m->cgroup_context.delegate,
+ UNIT(m)->id,
+ NULL,
+ &pid);
+diff --git a/src/core/service.c b/src/core/service.c
+index 635a953..5fd69cf 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -1870,6 +1870,7 @@ static int service_spawn(
+ s->socket_fd_selinux_context_net,
+ UNIT(s)->manager->cgroup_supported,
+ path,
++ s->cgroup_context.delegate,
+ UNIT(s)->id,
+ s->type == SERVICE_IDLE ? UNIT(s)->manager->idle_pipe : NULL,
+ &pid);
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 1a91700..f7fffbe 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -1237,6 +1237,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
+ false,
+ UNIT(s)->manager->cgroup_supported,
+ UNIT(s)->cgroup_path,
++ s->cgroup_context.delegate,
+ UNIT(s)->id,
+ NULL,
+ &pid);
+diff --git a/src/core/swap.c b/src/core/swap.c
+index 36ef88b..152a080 100644
+--- a/src/core/swap.c
++++ b/src/core/swap.c
+@@ -592,6 +592,7 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) {
+ false,
+ UNIT(s)->manager->cgroup_supported,
+ UNIT(s)->cgroup_path,
++ s->cgroup_context.delegate,
+ UNIT(s)->id,
+ NULL,
+ &pid);
+diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
+index 22caadf..0cebdc5 100644
+--- a/src/machine/machined-dbus.c
++++ b/src/machine/machined-dbus.c
+@@ -739,9 +739,11 @@ int manager_start_scope(
+ DBusMessageIter iter, sub, sub2, sub3, sub4;
+ const char *timeout_stop_property = "TimeoutStopUSec";
+ const char *pids_property = "PIDs";
++ const char *delegate_property = "Delegate";
+ uint64_t timeout = 500 * USEC_PER_MSEC;
+ const char *fail = "fail";
+ uint32_t u;
++ dbus_bool_t b = 1;
+ int r;
+
+ assert(manager);
+@@ -814,6 +816,14 @@ int manager_start_scope(
+ !dbus_message_iter_close_container(&sub, &sub2))
+ return log_oom();
+
++ if (!dbus_message_iter_open_container(&sub, DBUS_TYPE_STRUCT, NULL, &sub2) ||
++ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &delegate_property) ||
++ !dbus_message_iter_open_container(&sub2, DBUS_TYPE_VARIANT, "b", &sub3) ||
++ !dbus_message_iter_append_basic(&sub3, DBUS_TYPE_BOOLEAN, &b) ||
++ !dbus_message_iter_close_container(&sub2, &sub3) ||
++ !dbus_message_iter_close_container(&sub, &sub2))
++ return log_oom();
++
+ if (more_properties) {
+ r = copy_many_fields(&sub, more_properties);
+ if (r < 0)
+diff --git a/src/shared/cgroup-util.h b/src/shared/cgroup-util.h
+index 0963450..0608b9a 100644
+--- a/src/shared/cgroup-util.h
++++ b/src/shared/cgroup-util.h
+@@ -34,7 +34,8 @@ typedef enum CGroupControllerMask {
+ CGROUP_CPUACCT = 2,
+ CGROUP_BLKIO = 4,
+ CGROUP_MEMORY = 8,
+- CGROUP_DEVICE = 16
++ CGROUP_DEVICE = 16,
++ _CGROUP_CONTROLLER_MASK_ALL = 31
+ } CGroupControllerMask;
+
+ /*
+diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
+index 8e00736..bdfa89f 100644
+--- a/units/systemd-nspawn@.service.in
++++ b/units/systemd-nspawn@.service.in
+@@ -12,6 +12,7 @@ Documentation=man:systemd-nspawn(1)
+ [Service]
+ ExecStart=@bindir@/systemd-nspawn -bjD /var/lib/container/%i
+ Type=notify
++Delegate=yes
+
+ [Install]
+ WantedBy=multi-user.target
diff --git a/SOURCES/0377-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch b/SOURCES/0377-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch
new file mode 100644
index 0000000..c2bbe4b
--- /dev/null
+++ b/SOURCES/0377-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch
@@ -0,0 +1,50 @@
+From 4d554c7c1b5373f854cdfd3b8c7d6804225c752e Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 10 Dec 2014 20:38:24 +0100
+Subject: [PATCH] core: don't migrate PIDs for units that may contain
+ subcgroups, do this only for leaf units
+
+Otherwise a slice or delegation unit might move PIDs around ignoring the
+fact that it is attached to a subcgroup.
+
+(cherry picked from commit 0cd385d31814c8c1bc0c81d11ef321036b8b0921)
+
+Resolves: #1139223
+---
+ src/core/cgroup.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index 443937b..5163ee4 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -392,11 +392,16 @@ static CGroupControllerMask unit_get_siblings_mask(Unit *u) {
+
+ static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
+ _cleanup_free_ char *path;
++ CGroupContext *c;
+ int r;
+ bool was_in_hash = false;
+
+ assert(u);
+
++ c = unit_get_cgroup_context(u);
++ if (!c)
++ return 0;
++
+ path = unit_default_cgroup_path(u);
+ if (!path)
+ return log_oom();
+@@ -416,8 +421,10 @@ static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
+ if (r < 0)
+ log_error("Failed to create cgroup %s: %s", path, strerror(-r));
+
+- /* Then, possibly move things over */
+- if (u->cgroup_path) {
++ /* Then, possibly move things over, but not if
++ * subgroups may contain processes, which is the case
++ * for slice and delegation units. */
++ if (u->cgroup_path && u->type != UNIT_SLICE && !c->delegate) {
+ r = cg_migrate_everywhere(u->manager->cgroup_supported, u->cgroup_path, path);
+ if (r < 0)
+ log_error("Failed to migrate cgroup from %s to %s: %s",
diff --git a/SOURCES/0378-mount-use-libmount-to-enumerate-proc-self-mountinfo.patch b/SOURCES/0378-mount-use-libmount-to-enumerate-proc-self-mountinfo.patch
new file mode 100644
index 0000000..9c76eac
--- /dev/null
+++ b/SOURCES/0378-mount-use-libmount-to-enumerate-proc-self-mountinfo.patch
@@ -0,0 +1,204 @@
+From 53b2695b96c6e8717a375cc2a17fcc4384d04790 Mon Sep 17 00:00:00 2001
+From: Chris Leech <cleech@redhat.com>
+Date: Sun, 23 Nov 2014 20:33:37 -0800
+Subject: [PATCH] mount: use libmount to enumerate /proc/self/mountinfo
+
+This lets libmount add in user options from /run/mount/utab, like
+_netdev which is needed to get proper ordering against remote-fs.target
+
+Conflicts:
+ Makefile.am
+ README
+ configure.ac
+ src/core/mount.c
+
+(cherry-picked from 8d3ae2bd4c9bf9fc2e57f7b3776325a1c750ca30)
+
+Related: #1161417
+---
+ .travis.yml | 2 +-
+ Makefile.am | 4 +++-
+ README | 1 +
+ configure.ac | 10 +++++++++
+ src/core/mount.c | 65 ++++++++++++++++++++++++++------------------------------
+ 5 files changed, 45 insertions(+), 37 deletions(-)
+
+diff --git a/.travis.yml b/.travis.yml
+index 7e5251c..4ea2bc2 100644
+--- a/.travis.yml
++++ b/.travis.yml
+@@ -3,7 +3,7 @@ compiler:
+ - gcc
+ before_install:
+ - sudo apt-get update -qq
+- - sudo apt-get install autotools-dev automake autoconf libtool libdbus-1-dev libcap-dev libblkid-dev libpam-dev libcryptsetup-dev libaudit-dev libacl1-dev libattr1-dev libselinux-dev liblzma-dev libgcrypt-dev libqrencode-dev libmicrohttpd-dev gtk-doc-tools gperf python2.7-dev
++ - sudo apt-get install autotools-dev automake autoconf libtool libdbus-1-dev libcap-dev libblkid-dev libmount-dev libpam-dev libcryptsetup-dev libaudit-dev libacl1-dev libattr1-dev libselinux-dev liblzma-dev libgcrypt-dev libqrencode-dev libmicrohttpd-dev gtk-doc-tools gperf python2.7-dev
+ script: ./autogen.sh && ./configure --enable-gtk-doc --enable-gtk-doc-pdf && make V=1 && sudo ./systemd-machine-id-setup && make check && make distcheck
+ after_failure: cat test-suite.log
+ notifications:
+diff --git a/Makefile.am b/Makefile.am
+index faf2a32..0891bca 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -997,6 +997,7 @@ libsystemd_core_la_CFLAGS = \
+ $(PAM_CFLAGS) \
+ $(AUDIT_CFLAGS) \
+ $(KMOD_CFLAGS) \
++ $(MOUNT_CFLAGS) \
+ -pthread
+
+ libsystemd_core_la_LIBADD = \
+@@ -1013,7 +1014,8 @@ libsystemd_core_la_LIBADD = \
+ $(PAM_LIBS) \
+ $(AUDIT_LIBS) \
+ $(CAP_LIBS) \
+- $(KMOD_LIBS)
++ $(KMOD_LIBS) \
++ $(MOUNT_LIBS)
+
+ src/core/load-fragment-gperf-nulstr.c: src/core/load-fragment-gperf.gperf
+ $(AM_V_at)$(MKDIR_P) $(dir $@)
+diff --git a/README b/README
+index b39cd37..42487dd 100644
+--- a/README
++++ b/README
+@@ -94,6 +94,7 @@ REQUIREMENTS:
+
+ dbus >= 1.4.0
+ libcap
++ libmount >= 2.20 (from util-linux)
+ libblkid >= 2.20 (from util-linux) (optional)
+ libkmod >= 14 (optional)
+ PAM >= 1.1.2 (optional)
+diff --git a/configure.ac b/configure.ac
+index 4f26092..b7dfc5f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -292,6 +292,15 @@ fi
+ AM_CONDITIONAL(HAVE_BLKID, [test "$have_blkid" = "yes"])
+
+ # ------------------------------------------------------------------------------
++have_libmount=no
++PKG_CHECK_MODULES(MOUNT, [ mount >= 2.20 ],
++ [AC_DEFINE(HAVE_LIBMOUNT, 1, [Define if libmount is available]) have_libmount=yes], have_libmount=no)
++if test "x$have_libmount" = xno; then
++ AC_MSG_ERROR([*** libmount support required but libraries not found])
++fi
++AM_CONDITIONAL(HAVE_LIBMOUNT, [test "$have_libmount" = "yes"])
++
++# ------------------------------------------------------------------------------
+ have_ima=yes
+ AC_ARG_ENABLE([ima], AS_HELP_STRING([--disable-ima],[Disable optional IMA support]),
+ [case "${enableval}" in
+@@ -1046,6 +1055,7 @@ AC_MSG_RESULT([
+ efi: ${have_efi}
+ kmod: ${have_kmod}
+ blkid: ${have_blkid}
++ libmount: ${have_libmount}
+ nss-myhostname: ${have_myhostname}
+ gudev: ${enable_gudev}
+ gintrospection: ${enable_introspection}
+diff --git a/src/core/mount.c b/src/core/mount.c
+index bbceb92..d78269c 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -24,6 +24,7 @@
+ #include <mntent.h>
+ #include <sys/epoll.h>
+ #include <signal.h>
++#include <libmount.h>
+
+ #include "manager.h"
+ #include "unit.h"
+@@ -1563,55 +1564,47 @@ fail:
+ return r;
+ }
+
++static inline void mnt_free_table_p(struct libmnt_table **tb) {
++ mnt_free_table(*tb);
++}
++
++static inline void mnt_free_iter_p(struct libmnt_iter **itr) {
++ mnt_free_iter(*itr);
++}
++
+ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
++ _cleanup_(mnt_free_table_p) struct libmnt_table *tb = NULL;
++ _cleanup_(mnt_free_iter_p) struct libmnt_iter *itr = NULL;
++ struct libmnt_fs *fs;
+ int r = 0;
+- unsigned i;
+
+ assert(m);
+
+- rewind(m->proc_self_mountinfo);
++ tb = mnt_new_table();
++ itr = mnt_new_iter(MNT_ITER_FORWARD);
++ if (!tb || !itr)
++ return log_oom();
+
+- for (i = 1;; i++) {
+- _cleanup_free_ char *device = NULL, *path = NULL, *options = NULL, *options2 = NULL, *fstype = NULL, *d = NULL, *p = NULL, *o = NULL;
+- int k;
++ mnt_table_parse_mtab(tb, NULL);
++ if (r)
++ return r;
+
+- k = fscanf(m->proc_self_mountinfo,
+- "%*s " /* (1) mount id */
+- "%*s " /* (2) parent id */
+- "%*s " /* (3) major:minor */
+- "%*s " /* (4) root */
+- "%ms " /* (5) mount point */
+- "%ms" /* (6) mount options */
+- "%*[^-]" /* (7) optional fields */
+- "- " /* (8) separator */
+- "%ms " /* (9) file system type */
+- "%ms" /* (10) mount source */
+- "%ms" /* (11) mount options 2 */
+- "%*[^\n]", /* some rubbish at the end */
+- &path,
+- &options,
+- &fstype,
+- &device,
+- &options2);
+-
+- if (k == EOF)
+- break;
+-
+- if (k != 5) {
+- log_warning("Failed to parse /proc/self/mountinfo:%u.", i);
+- continue;
+- }
++ while (mnt_table_next_fs(tb, itr, &fs) == 0) {
++ const char *device, *path, *options, *fstype;
++ _cleanup_free_ const char *d = NULL, *p = NULL;
++ int k;
+
+- o = strjoin(options, ",", options2, NULL);
+- if (!o)
+- return log_oom();
++ device = mnt_fs_get_source(fs);
++ path = mnt_fs_get_target(fs);
++ options = mnt_fs_get_options(fs);
++ fstype = mnt_fs_get_fstype(fs);
+
+ d = cunescape(device);
+ p = cunescape(path);
+ if (!d || !p)
+ return log_oom();
+
+- k = mount_add_one(m, d, p, o, fstype, 0, set_flags);
++ k = mount_add_one(m, d, p, options, fstype, 0, set_flags);
+ if (k < 0)
+ r = k;
+ }
+@@ -1632,6 +1625,8 @@ static int mount_enumerate(Manager *m) {
+ int r;
+ assert(m);
+
++ mnt_init_debug(0);
++
+ if (!m->proc_self_mountinfo) {
+ struct epoll_event ev = {
+ .events = EPOLLPRI,
diff --git a/SOURCES/0379-mount-monitor-for-utab-changes-with-inotify.patch b/SOURCES/0379-mount-monitor-for-utab-changes-with-inotify.patch
new file mode 100644
index 0000000..54f4c80
--- /dev/null
+++ b/SOURCES/0379-mount-monitor-for-utab-changes-with-inotify.patch
@@ -0,0 +1,209 @@
+From 3c567125dd6e3f0f3a460d79701554ea4198c07b Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Thu, 18 Dec 2014 14:13:26 +0100
+Subject: [PATCH] mount: monitor for utab changes with inotify
+
+Parsing the mount table with libmount races against the mount command,
+which will handle the actual mounting before updating utab. This means
+the poll event on /proc/self/mountinfo can kick of a reparse in systemd
+before the utab information is available.
+
+This change adds in an additional event source using inotify to watch
+for changes to utab. It only watches for IN_MOVED_TO events, matching
+libmount behavior of always overwriting this file using rename(2).
+
+This does add a second pass through the mount table parsing when utab is
+updated.
+
+(based-on befb6d54948480f836d53d633bef27e3505818c1)
+
+Related: #1161417
+---
+ src/core/manager.c | 3 ++-
+ src/core/manager.h | 2 ++
+ src/core/mount.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++---
+ src/core/mount.h | 2 +-
+ src/shared/util.h | 7 +++++
+ 5 files changed, 88 insertions(+), 5 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index e48ea36..b0772ba 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1732,8 +1732,9 @@ static int process_event(Manager *m, struct epoll_event *ev) {
+ }
+
+ case WATCH_MOUNT:
++ case WATCH_MOUNT_UTAB:
+ /* Some mount table change, intended for the mount subsystem */
+- mount_fd_event(m, ev->events);
++ mount_fd_event(m, w, ev->events);
+ break;
+
+ case WATCH_SWAP:
+diff --git a/src/core/manager.h b/src/core/manager.h
+index 0133ea5..af66598 100644
+--- a/src/core/manager.h
++++ b/src/core/manager.h
+@@ -58,6 +58,7 @@ enum WatchType {
+ WATCH_UNIT_TIMER,
+ WATCH_JOB_TIMER,
+ WATCH_MOUNT,
++ WATCH_MOUNT_UTAB,
+ WATCH_SWAP,
+ WATCH_UDEV,
+ WATCH_DBUS_WATCH,
+@@ -178,6 +179,7 @@ struct Manager {
+ /* Data specific to the mount subsystem */
+ FILE *proc_self_mountinfo;
+ Watch mount_watch;
++ Watch mount_watch_utab;
+
+ /* Data specific to the swap filesystem */
+ FILE *proc_swaps;
+diff --git a/src/core/mount.c b/src/core/mount.c
+index d78269c..efa46da 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -25,6 +25,7 @@
+ #include <sys/epoll.h>
+ #include <signal.h>
+ #include <libmount.h>
++#include <sys/inotify.h>
+
+ #include "manager.h"
+ #include "unit.h"
+@@ -1619,6 +1620,11 @@ static void mount_shutdown(Manager *m) {
+ fclose(m->proc_self_mountinfo);
+ m->proc_self_mountinfo = NULL;
+ }
++
++ if (m->mount_watch_utab.fd) {
++ close_nointr(m->mount_watch_utab.fd);
++ m->mount_watch_utab.fd=0;
++ }
+ }
+
+ static int mount_enumerate(Manager *m) {
+@@ -1644,6 +1650,35 @@ static int mount_enumerate(Manager *m) {
+ return -errno;
+ }
+
++ if (!m->mount_watch_utab.fd) {
++
++ struct epoll_event ev = {
++ .events = EPOLLIN,
++ .data.ptr = &m->mount_watch_utab,
++ };
++
++ m->mount_watch_utab.fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
++ if (m->mount_watch_utab.fd < 0) {
++ r = -errno;
++ goto fail;
++ }
++
++ (void) mkdir_p_label("/run/mount", 0755);
++
++ r = inotify_add_watch(m->mount_watch_utab.fd, "/run/mount", IN_MOVED_TO);
++ if (r < 0) {
++ r = -errno;
++ goto fail;
++ }
++
++ m->mount_watch_utab.type = WATCH_MOUNT_UTAB;
++
++ if (epoll_ctl(m->epoll_fd, EPOLL_CTL_ADD, m->mount_watch_utab.fd, &ev) < 0) {
++ r = -errno;
++ goto fail;
++ }
++ }
++
+ r = mount_load_proc_self_mountinfo(m, false);
+ if (r < 0)
+ goto fail;
+@@ -1655,16 +1690,54 @@ fail:
+ return r;
+ }
+
+-void mount_fd_event(Manager *m, int events) {
++void mount_fd_event(Manager *m, Watch *w, int events) {
+ Unit *u;
+ int r;
+
+ assert(m);
+- assert(events & EPOLLPRI);
++ assert(w);
++ assert(events & (EPOLLPRI|EPOLLIN));
+
+ /* The manager calls this for every fd event happening on the
+ * /proc/self/mountinfo file, which informs us about mounting
+- * table changes */
++ * table changes
++ * This may also be called for /run/mount events */
++
++ if (w->type == WATCH_MOUNT_UTAB) {
++ bool rescan = false;
++
++ /* FIXME: We *really* need to replace this with
++ * libmount's own API for this, we should not hardcode
++ * internal behaviour of libmount here. */
++
++ for (;;) {
++ uint8_t buffer[INOTIFY_EVENT_MAX] _alignas_(struct inotify_event);
++ struct inotify_event *e;
++ ssize_t l;
++
++ l = read(w->fd, buffer, sizeof(buffer));
++ if (l < 0) {
++ if (errno == EAGAIN || errno == EINTR)
++ break;
++
++ log_error("Failed to read utab inotify: %s", strerror(errno));
++ break;
++ }
++
++ FOREACH_INOTIFY_EVENT(e, buffer, l) {
++ /* Only care about changes to utab,
++ * but we have to monitor the
++ * directory to reliably get
++ * notifications about when utab is
++ * replaced using rename(2) */
++ if ((e->mask & IN_Q_OVERFLOW) || streq(e->name, "utab"))
++ rescan = true;
++ }
++ }
++
++ if (!rescan)
++ return;
++ }
+
+ r = mount_load_proc_self_mountinfo(m, true);
+ if (r < 0) {
+diff --git a/src/core/mount.h b/src/core/mount.h
+index 7cd4320..df0e541 100644
+--- a/src/core/mount.h
++++ b/src/core/mount.h
+@@ -113,7 +113,7 @@ struct Mount {
+
+ extern const UnitVTable mount_vtable;
+
+-void mount_fd_event(Manager *m, int events);
++void mount_fd_event(Manager *m, Watch *w, int events);
+
+ const char* mount_state_to_string(MountState i) _const_;
+ MountState mount_state_from_string(const char *s) _pure_;
+diff --git a/src/shared/util.h b/src/shared/util.h
+index d68f385..c5ef8b6 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -791,3 +791,10 @@ static inline void qsort_safe(void *base, size_t nmemb, size_t size,
+ qsort(base, nmemb, size, compar);
+ }
+ }
++
++#define INOTIFY_EVENT_MAX (sizeof(struct inotify_event) + NAME_MAX + 1)
++
++#define FOREACH_INOTIFY_EVENT(e, buffer, sz) \
++ for ((e) = (struct inotify_event*) (buffer); \
++ (uint8_t*) (e) < (uint8_t*) (buffer) + (sz); \
++ (e) = (struct inotify_event*) ((uint8_t*) (e) + sizeof(struct inotify_event) + (e)->len))
diff --git a/SOURCES/0380-mount-add-remote-fs-dependencies-if-needed-after-cha.patch b/SOURCES/0380-mount-add-remote-fs-dependencies-if-needed-after-cha.patch
new file mode 100644
index 0000000..227a08d
--- /dev/null
+++ b/SOURCES/0380-mount-add-remote-fs-dependencies-if-needed-after-cha.patch
@@ -0,0 +1,44 @@
+From ebbcce68c7383217ad93537ef023e85b913d0478 Mon Sep 17 00:00:00 2001
+From: Chris Leech <cleech@redhat.com>
+Date: Sun, 23 Nov 2014 20:33:40 -0800
+Subject: [PATCH] mount: add remote-fs dependencies if needed after change
+
+This is an attempt to add it the remote-fs dependencies to a mount unit
+if the options change, like when the utab options are picked up after
+mountinfo has already been processed. It just adds the remote-fs
+dependencies, leaving the local-fs ones in place.
+
+With this change I always get mount units with proper remote-fs
+dependencies when mounted with the _netdev option.
+
+(cherry-picked from a6d305f91d722e136c29222070efed5c5d8b120b)
+
+Resolves: #1161417
+---
+ src/core/mount.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index efa46da..a7987bf 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1499,6 +1499,19 @@ static int mount_add_one(
+ }
+ }
+
++ if (m->running_as == SYSTEMD_SYSTEM) {
++ const char* target;
++
++ target = mount_needs_network(options, fstype) ? SPECIAL_REMOTE_FS_TARGET : NULL;
++ /* _netdev option may have shown up late, or on a
++ * remount. Add remote-fs dependencies, even though
++ * local-fs ones may already be there */
++ if (target) {
++ unit_add_dependency_by_name(u, UNIT_BEFORE, target, NULL, true);
++ load_extras = true;
++ }
++ }
++
+ if (u->load_state == UNIT_NOT_FOUND) {
+ u->load_state = UNIT_LOADED;
+ u->load_error = 0;
diff --git a/SOURCES/0381-mount-check-options-as-well-as-fstype-for-network-mo.patch b/SOURCES/0381-mount-check-options-as-well-as-fstype-for-network-mo.patch
new file mode 100644
index 0000000..bba353f
--- /dev/null
+++ b/SOURCES/0381-mount-check-options-as-well-as-fstype-for-network-mo.patch
@@ -0,0 +1,87 @@
+From 4971e2c8438da1a95cdc306e01e9a3c2349342ad Mon Sep 17 00:00:00 2001
+From: Chris Leech <cleech@redhat.com>
+Date: Sun, 23 Nov 2014 20:33:38 -0800
+Subject: [PATCH] mount: check options as well as fstype for network mounts
+
+When creating a new mount unit after an event on /proc/self/mountinfo,
+check the mount options as well as the fstype to determine if this is a
+remote mount that requires network access.
+
+Conflicts:
+ src/core/mount.c
+
+(cherry-picked from affc3d834347076e8616948978e70ed1fca84db4)
+
+Resolves: #1161417
+---
+ src/core/mount.c | 33 ++++++++++++++++++++-------------
+ 1 file changed, 20 insertions(+), 13 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index a7987bf..6c3c7be 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -75,18 +75,22 @@ static char* mount_test_option(const char *haystack, const char *needle) {
+ return hasmntopt(&me, needle);
+ }
+
+-static bool mount_is_network(MountParameters *p) {
+- assert(p);
+-
+- if (mount_test_option(p->options, "_netdev"))
++static bool mount_needs_network(const char *options, const char *fstype) {
++ if (mount_test_option(options, "_netdev"))
+ return true;
+
+- if (p->fstype && fstype_is_network(p->fstype))
++ if (fstype && fstype_is_network(fstype))
+ return true;
+
+ return false;
+ }
+
++static bool mount_is_network(MountParameters *p) {
++ assert(p);
++
++ return mount_needs_network(p->options, p->fstype);
++}
++
+ static bool mount_is_bind(MountParameters *p) {
+ assert(p);
+
+@@ -1446,9 +1450,6 @@ static int mount_add_one(
+
+ u = manager_get_unit(m, e);
+ if (!u) {
+- const char* const target =
+- fstype_is_network(fstype) ? SPECIAL_REMOTE_FS_TARGET : SPECIAL_LOCAL_FS_TARGET;
+-
+ delete = true;
+
+ u = unit_new(m, sizeof(Mount));
+@@ -1475,14 +1476,20 @@ static int mount_add_one(
+ goto fail;
+ }
+
+- r = unit_add_dependency_by_name(u, UNIT_BEFORE, target, NULL, true);
+- if (r < 0)
+- goto fail;
+
+- if (should_umount(MOUNT(u))) {
+- r = unit_add_dependency_by_name(u, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
++ if (m->running_as == SYSTEMD_SYSTEM) {
++ const char* target;
++
++ target = mount_needs_network(options, fstype) ? SPECIAL_REMOTE_FS_TARGET : SPECIAL_LOCAL_FS_TARGET;
++ r = unit_add_dependency_by_name(u, UNIT_BEFORE, target, NULL, true);
+ if (r < 0)
+ goto fail;
++
++ if (should_umount(MOUNT(u))) {
++ r = unit_add_dependency_by_name(u, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
++ if (r < 0)
++ goto fail;
++ }
+ }
+
+ unit_add_to_load_queue(u);
diff --git a/SOURCES/0382-rules-don-t-enable-usb-pm-for-Avocent-devices.patch b/SOURCES/0382-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
new file mode 100644
index 0000000..b2c5291
--- /dev/null
+++ b/SOURCES/0382-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
@@ -0,0 +1,30 @@
+From 35b8533914a82d2ee8a667ec2afac0499dcbfb28 Mon Sep 17 00:00:00 2001
+From: Tom Hirst <tom.hirst@ipe-systems.co.uk>
+Date: Wed, 25 Jun 2014 11:57:11 +0000
+Subject: [PATCH] rules: don't enable usb pm for Avocent devices
+
+The Avocent KVM over IP devices doesn't work correctly with USB power
+management enabled.
+
+(cherry-picked from 52fb538361053f8c4abce0e40cd0bae3d28ceb16)
+
+Resolves: #1155370
+---
+ rules/42-usb-hid-pm.rules | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/rules/42-usb-hid-pm.rules b/rules/42-usb-hid-pm.rules
+index 3fd6e8a..483a781 100644
+--- a/rules/42-usb-hid-pm.rules
++++ b/rules/42-usb-hid-pm.rules
+@@ -11,10 +11,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}==
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
+
+-# Catch-all for Avocent HID devices. Keyed off interface in order to only
+-# trigger on HID class devices.
+-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto"
+-
+ # Dell DRAC 4
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto"
+
diff --git a/SOURCES/rc.local b/SOURCES/rc.local
index 8e633ff..a7e0ad2 100644
--- a/SOURCES/rc.local
+++ b/SOURCES/rc.local
@@ -4,9 +4,9 @@
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
-# In constrast to previous versions due to parallel execution during boot
+# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
-#
+#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index b896a0c..3df7d93 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -11,7 +11,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 208
-Release: 11%{?dist}.6
+Release: 20%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: A System and Service Manager
@@ -265,12 +265,154 @@ Patch0231: 0231-unit-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
Patch0232: 0232-logind-session-save-stopping-flag.patch
Patch0233: 0233-units-serial-getty-.service-add-Install-section.patch
Patch0234: 0234-units-order-network-online.target-after-network.targ.patch
-Patch0235: 0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
-Patch0236: 0236-util-reset-signals-when-we-fork-off-agents.patch
-Patch0237: 0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch
-Patch0238: 0238-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
-Patch0239: 0239-core-introduce-new-Delegate-yes-no-property-controll.patch
-Patch0240: 0240-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch
+Patch0235: 0235-util-consider-both-fuse.glusterfs-and-glusterfs-netw.patch
+Patch0236: 0236-core-make-StopWhenUnneeded-work-in-conjunction-with-.patch
+Patch0237: 0237-cgroups-agent-down-grade-log-level.patch
+Patch0238: 0238-random-seed-raise-POOL_SIZE_MIN-constant-to-1024.patch
+Patch0239: 0239-delta-do-not-use-unicode-chars-in-C-locale.patch
+Patch0240: 0240-core-print-debug-instead-of-error-message.patch
+Patch0241: 0241-journald-always-add-syslog-facility-for-messages-com.patch
+Patch0242: 0242-Introduce-_cleanup_endmntent_.patch
+Patch0243: 0243-Introduce-_cleanup_fdset_free_.patch
+Patch0244: 0244-Introduce-udev-object-cleanup-functions.patch
+Patch0245: 0245-fsck-modernization.patch
+Patch0246: 0246-fsck-fstab-generator-be-lenient-about-missing-fsck.-.patch
+Patch0247: 0247-rules-60-persistent-storage-add-nvme-pcie-ssd-scsi_i.patch
+Patch0248: 0248-cgls-fix-running-with-M-option.patch
+Patch0249: 0249-units-when-spawning-a-getty-configure-TERM-explicitl.patch
+Patch0250: 0250-getty-Start-getty-on-3270-terminals-available-on-Lin.patch
+Patch0251: 0251-core-Added-support-for-ERRNO-NOTIFY_SOCKET-message-p.patch
+Patch0252: 0252-service-don-t-accept-negative-ERRNO-notification-mes.patch
+Patch0253: 0253-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch
+Patch0254: 0254-selinux-Check-access-vector-for-enable-and-disable-p.patch
+Patch0255: 0255-systemctl-show-StatusErrno-value-in-systemctl-status.patch
+Patch0256: 0256-service-flush-status-text-and-errno-values-each-time.patch
+Patch0257: 0257-service-don-t-free-status_text-twice.patch
+Patch0258: 0258-util-add-files_same-helper-function.patch
+Patch0259: 0259-systemctl-for-switch-root-check-if-we-switch-to-a-sy.patch
+Patch0260: 0260-shared-include-root-when-canonicalizing-conf-paths.patch
+Patch0261: 0261-shared-add-root-argument-to-search_and_fopen.patch
+Patch0262: 0262-machine-id-add-root-option-to-operate-on-an-alternat.patch
+Patch0263: 0263-conf-files-fix-when-for-root-logic.patch
+Patch0264: 0264-Make-systemctl-root-look-for-files-in-the-proper-pla.patch
+Patch0265: 0265-tmpfiles-fix-memory-leak-of-exclude_prefixes.patch
+Patch0266: 0266-tmpfiles-add-root-option-to-operate-on-an-alternate-.patch
+Patch0267: 0267-conf-files-include-root-in-returned-file-paths.patch
+Patch0268: 0268-install-make-sure-that-root-mode-doesn-t-make-us-con.patch
+Patch0269: 0269-shared-install-do-not-prefix-created-symlink-with-ro.patch
+Patch0270: 0270-systemctl-fail-in-the-case-that-no-unit-files-were-f.patch
+Patch0271: 0271-units-make-ExecStopPost-action-part-of-ExecStart.patch
+Patch0272: 0272-systemctl-fix-broken-list-unit-files-with-root.patch
+Patch0273: 0273-machine-id-only-look-into-KVM-uuid-when-we-are-not-r.patch
+Patch0274: 0274-util-reset-signals-when-we-fork-off-agents.patch
+Patch0275: 0275-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
+Patch0276: 0276-udev-do-not-skip-the-execution-of-RUN-when-renaming-.patch
+Patch0277: 0277-man-mention-System-Administrator-s-Guide-in-systemct.patch
+Patch0278: 0278-vconsole-also-copy-character-maps-not-just-fonts-fro.patch
+Patch0279: 0279-vconsole-setup-run-setfont-before-loadkeys.patch
+Patch0280: 0280-vconsole-setup-fix-inverted-error-messages.patch
+Patch0281: 0281-localed-consider-an-unset-model-as-a-wildcard.patch
+Patch0282: 0282-systemd-detect-virt-detect-s390-virtualization.patch
+Patch0283: 0283-systemctl-unbreak-switchroot.patch
+Patch0284: 0284-systemd-detect-virt-fix-detect-s390-virtualization.patch
+Patch0285: 0285-exec-Add-SELinuxContext-configuration-item.patch
+Patch0286: 0286-exec-Ignore-the-setting-SELinuxContext-if-selinux-is.patch
+Patch0287: 0287-exec-Add-support-for-ignoring-errors-on-SELinuxConte.patch
+Patch0288: 0288-core-store-and-expose-SELinuxContext-field-normalize.patch
+Patch0289: 0289-socket-introduce-SELinuxContextFromNet-option.patch
+Patch0290: 0290-sysctl-make-prefix-allow-all-kinds-of-sysctl-paths.patch
+Patch0291: 0291-core-make-sure-to-serialize-jobs-for-all-units.patch
+Patch0292: 0292-man-mention-localectl-in-locale.conf.patch
+Patch0293: 0293-rules-automatically-online-hot-added-CPUs.patch
+Patch0294: 0294-rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch
+Patch0295: 0295-bash-completion-add-verb-set-property.patch
+Patch0296: 0296-man-update-journald-rate-limit-defaults.patch
+Patch0297: 0297-core-don-t-try-to-connect-to-d-bus-after-switchroot.patch
+Patch0298: 0298-localed-log-locale-keymap-changes-in-detail.patch
+Patch0299: 0299-localed-introduce-helper-function-to-simplify-matchi.patch
+Patch0300: 0300-localed-check-for-partially-matching-converted-keyma.patch
+Patch0301: 0301-fileio-make-parse_env_file-return-number-of-parsed-i.patch
+Patch0302: 0302-localectl-print-warning-when-there-are-options-given.patch
+Patch0303: 0303-dbus-fix-crash-when-appending-selinux-context.patch
+Patch0304: 0304-tmpfiles-minor-modernizations.patch
+Patch0305: 0305-install-when-looking-for-a-unit-file-for-enabling-se.patch
+Patch0306: 0306-install-remove-unused-variable.patch
+Patch0307: 0307-bootctl-typo-fix-in-help-message.patch
+Patch0308: 0308-logind-ignore-failing-close-on-session-devices.patch
+Patch0309: 0309-sysfs-show.c-return-negative-error.patch
+Patch0310: 0310-core-only-send-SIGHUP-when-doing-first-kill-not-when.patch
+Patch0311: 0311-cgroup-make-sure-to-properly-send-SIGCONT-to-all-pro.patch
+Patch0312: 0312-core-don-t-send-duplicate-SIGCONT-when-killing-units.patch
+Patch0313: 0313-efi-fix-Undefined-reference-efi_loader_get_boot_usec.patch
+Patch0314: 0314-macro-better-make-IN_SET-macro-use-const-arrays.patch
+Patch0315: 0315-macro-make-sure-we-can-use-IN_SET-also-with-complex-.patch
+Patch0316: 0316-core-fix-property-changes-in-transient-units.patch
+Patch0317: 0317-load-modules-properly-return-a-failing-error-code-if.patch
+Patch0318: 0318-core-unit-fix-unit_add_target_dependencies-for-units.patch
+Patch0319: 0319-man-there-is-no-ExecStopPre-for-service-units.patch
+Patch0320: 0320-man-document-that-per-interface-sysctl-variables-are.patch
+Patch0321: 0321-journal-downgrade-vaccuum-message-to-debug-level.patch
+Patch0322: 0322-logs-show-fix-corrupt-output-with-empty-messages.patch
+Patch0323: 0323-journalctl-refuse-extra-arguments-with-verify-and-si.patch
+Patch0324: 0324-journal-assume-that-next-entry-is-after-previous-ent.patch
+Patch0325: 0325-journal-forget-file-after-encountering-an-error.patch
+Patch0326: 0326-man-update-link-to-LSB.patch
+Patch0327: 0327-man-systemd-bootchart-fix-spacing-in-command.patch
+Patch0328: 0328-man-add-missing-comma.patch
+Patch0329: 0329-units-Do-not-unescape-instance-name-in-systemd-backl.patch
+Patch0330: 0330-manager-flush-memory-stream-before-using-the-buffer.patch
+Patch0331: 0331-man-multiple-sleep-modes-are-to-be-separated-by-whit.patch
+Patch0332: 0332-man-fix-description-of-systemctl-after-before.patch
+Patch0333: 0333-udev-properly-detect-reference-to-unexisting-part-of.patch
+Patch0334: 0334-gpt-auto-generator-don-t-return-OOM-on-parentless-de.patch
+Patch0335: 0335-man-improve-wording-of-systemctl-s-after-before.patch
+Patch0336: 0336-cgroup-it-s-not-OK-to-invoke-alloca-in-loops.patch
+Patch0337: 0337-core-don-t-try-to-relabel-mounts-before-we-loaded-th.patch
+Patch0338: 0338-systemctl-kill-mode-is-long-long-gone-don-t-mention-.patch
+Patch0339: 0339-ask-password-when-the-user-types-a-overly-long-passw.patch
+Patch0340: 0340-logind-don-t-print-error-if-devices-vanish-during-AC.patch
+Patch0341: 0341-tty-ask-password-agent-return-negative-errno.patch
+Patch0342: 0342-journal-cleanup-up-error-handling-in-update_catalog.patch
+Patch0343: 0343-bash-completion-fix-__get_startable_units.patch
+Patch0344: 0344-core-check-the-right-variable-for-failed-open.patch
+Patch0345: 0345-util-allow-trailing-semicolons-on-define_trivial_cle.patch
+Patch0346: 0346-man-sd_journal_send-does-nothing-when-journald-is-no.patch
+Patch0347: 0347-man-clarify-that-the-ExecReload-command-should-be-sy.patch
+Patch0348: 0348-conf-parser-never-consider-it-an-error-if-we-cannot-.patch
+Patch0349: 0349-socket-properly-handle-if-our-service-vanished-durin.patch
+Patch0350: 0350-Do-not-unescape-unit-names-in-Install-section.patch
+Patch0351: 0351-util-ignore_file-should-not-allow-files-ending-with.patch
+Patch0352: 0352-core-fix-invalid-free-in-killall.patch
+Patch0353: 0353-install-fix-invalid-free-in-unit_file_mask.patch
+Patch0354: 0354-unit-name-fix-detection-of-unit-templates-instances.patch
+Patch0355: 0355-journald-make-MaxFileSec-really-default-to-1month.patch
+Patch0356: 0356-bootchart-it-s-not-OK-to-return-1-from-a-main-progra.patch
+Patch0357: 0357-journald-Fix-off-by-one-error-in-Missed-X-kernel-mes.patch
+Patch0358: 0358-man-drop-references-to-removed-and-obsolete-systemct.patch
+Patch0359: 0359-units-fix-BindsTo-logic-when-applied-relative-to-ser.patch
+Patch0360: 0360-core-don-t-allow-enabling-if-unit-is-masked.patch
+Patch0361: 0361-man-systemctl-document-enable-on-masked-units.patch
+Patch0362: 0362-core-do-not-segfault-if-proc-swaps-cannot-be-opened.patch
+Patch0363: 0363-man-we-don-t-have-Wanted-dependency.patch
+Patch0364: 0364-environment-append-unit_id-to-error-messages-regardi.patch
+Patch0365: 0365-udevd-add-event-timeout-commandline-option.patch
+Patch0366: 0366-selinux-fix-potential-double-free-crash-in-child-pro.patch
+Patch0367: 0367-selinux-pass-flag-to-correct-exec_spawn.patch
+Patch0368: 0368-selinux-set-selinux-context-applied-on-exec-before-c.patch
+Patch0369: 0369-logind-use-correct-who-enum-values-with-KillUnit.patch
+Patch0370: 0370-logind-always-kill-session-when-termination-is-reque.patch
+Patch0371: 0371-udev-net_id-correctly-name-netdevs-based-on-dev_port.patch
+Patch0372: 0372-udev-net_id-dev_port-is-base-10.patch
+Patch0373: 0373-udev-Fix-parsing-of-udev.event-timeout-kernel-parame.patch
+Patch0374: 0374-login-rerun-vconsole-setup-when-switching-from-vgaco.patch
+Patch0375: 0375-cgroups-agent-really-down-grade-log-level.patch
+Patch0376: 0376-core-introduce-new-Delegate-yes-no-property-controll.patch
+Patch0377: 0377-core-don-t-migrate-PIDs-for-units-that-may-contain-s.patch
+Patch0378: 0378-mount-use-libmount-to-enumerate-proc-self-mountinfo.patch
+Patch0379: 0379-mount-monitor-for-utab-changes-with-inotify.patch
+Patch0380: 0380-mount-add-remote-fs-dependencies-if-needed-after-cha.patch
+Patch0381: 0381-mount-check-options-as-well-as-fstype-for-network-mo.patch
+Patch0382: 0382-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
@@ -302,6 +444,7 @@ BuildRequires: automake
BuildRequires: autoconf
BuildRequires: libtool
BuildRequires: git
+BuildRequires: libmount-devel
Requires(post): coreutils
Requires(post): gawk
@@ -466,6 +609,7 @@ git am \
--exclude test/.gitignore \
--exclude units/.gitignore \
--exclude units/user/.gitignore \
+ --exclude .travis.yml \
%{patches}
@@ -1069,23 +1213,131 @@ getent passwd systemd-journal-gateway >/dev/null 2>&1 || useradd -r -l -u 191 -g
%{_datadir}/systemd/gatewayd
%changelog
-* Wed Jan 07 2015 Lukas Nykryn <lnykryn@redhat.com> - 208-11.6
-- rules: don't enable usb pm for Avocent devices (#1176736)
-- core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies (#1179715)
-- core: don't migrate PIDs for units that may contain subcgroups, do this only for leaf units (#1179715)
-
-* Fri Dec 05 2014 Michal Sekletar <msekleta@redhat.com> - 208-11.5
-- socket: add SocketUser= and SocketGroup= for chown()ing (#1171054)
-
-* Mon Oct 06 2014 Lukáš Nykrýn <lnykryn@redhat.com> - 208-11.4
-- util: reset signals when we fork off agents
-- util: fix minimal race where we might miss SIGTERMs when forking off an agent
-
-* Mon Jul 21 2014 Lukáš Nykrýn <lnykryn@redhat.com> - 208-11.2
-- units: order network-online.target after network.target
-
-* Fri Jul 11 2014 Lukáš Nykrýn <lnykryn@redhat.com> - 208-11.1
-- units/serial-getty@.service: add [Install] section
+* Mon Dec 22 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-20
+- core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies (#1139223)
+- core: don't migrate PIDs for units that may contain subcgroups, do this only for leaf units (#1139223)
+- mount: use libmount to enumerate /proc/self/mountinfo (#1161417)
+- mount: monitor for utab changes with inotify (#1161417)
+- mount: add remote-fs dependencies if needed after change (#1161417)
+- mount: check options as well as fstype for network mounts (#1161417)
+- rules: don't enable usb pm for Avocent devices (#1155370)
+
+* Mon Nov 10 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-19
+- cgroups-agent: really down-grade log level (#1044386)
+
+* Mon Nov 10 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-18
+- login: rerun vconsole-setup when switching from vgacon to fbcon (#1002450)
+
+* Fri Nov 07 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-17
+- udev: net_id dev_port is base 10 (#1155996)
+- udev: Fix parsing of udev.event-timeout kernel parameter (#1154778)
+
+* Thu Oct 30 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-16
+- logind: use correct "who" enum values with KillUnit. (#1155502)
+- logind: always kill session when termination is requested (#1155502)
+- udev: net_id - correctly name netdevs based on dev_port when set (#1155996)
+
+* Tue Oct 21 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-15
+- core: do not segfault if /proc/swaps cannot be opened (#1151239)
+- man: we don't have 'Wanted' dependency (#1152487)
+- environment: append unit_id to error messages regarding EnvironmentFile (#1147691)
+- udevd: add --event-timeout commandline option (#1154778)
+
+* Wed Oct 08 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-14
+- core: don't allow enabling if unit is masked (#1149299)
+
+* Tue Oct 07 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-13
+- tmpfiles: minor modernizations (#1147524)
+- install: when looking for a unit file for enabling, search for templates only after traversing all search directories (#1147524)
+- install: remove unused variable (#1147524)
+- bootctl: typo fix in help message (#1147524)
+- logind: ignore failing close() on session-devices (#1147524)
+- sysfs-show.c: return negative error (#1147524)
+- core: only send SIGHUP when doing first kill, not when doing final sigkill (#1147524)
+- cgroup: make sure to properly send SIGCONT to all processes of a cgroup if that's requested (#1147524)
+- core: don't send duplicate SIGCONT when killing units (#1147524)
+- efi: fix Undefined reference efi_loader_get_boot_usec when EFI support is disabled (#1147524)
+- macro: better make IN_SET() macro use const arrays (#1147524)
+- macro: make sure we can use IN_SET() also with complex function calls as first argument (#1147524)
+- core: fix property changes in transient units (#1147524)
+- load-modules: properly return a failing error code if some module fails to load (#1147524)
+- core/unit: fix unit_add_target_dependencies() for units with no dependencies (#1147524)
+- man: there is no ExecStopPre= for service units (#1147524)
+- man: document that per-interface sysctl variables are applied as network interfaces show up (#1147524)
+- journal: downgrade vaccuum message to debug level (#1147524)
+- logs-show: fix corrupt output with empty messages (#1147524)
+- journalctl: refuse extra arguments with --verify and similar (#1147524)
+- journal: assume that next entry is after previous entry (#1147524)
+- journal: forget file after encountering an error (#1147524)
+- man: update link to LSB (#1147524)
+- man: systemd-bootchart - fix spacing in command (#1147524)
+- man: add missing comma (#1147524)
+- units: Do not unescape instance name in systemd-backlight@.service (#1147524)
+- manager: flush memory stream before using the buffer (#1147524)
+- man: multiple sleep modes are to be separated by whitespace, not commas (#1147524)
+- man: fix description of systemctl --after/--before (#1147524)
+- udev: properly detect reference to unexisting part of PROGRAM's result (#1147524)
+- gpt-auto-generator: don't return OOM on parentless devices (#1147524)
+- man: improve wording of systemctl's --after/--before (#1147524)
+- cgroup: it's not OK to invoke alloca() in loops (#1147524)
+- core: don't try to relabel mounts before we loaded the policy (#1147524)
+- systemctl: --kill-mode is long long gone, don't mention it in the man page (#1147524)
+- ask-password: when the user types a overly long password, beep and refuse (#1147524)
+- logind: don't print error if devices vanish during ACL-init (#1147524)
+- tty-ask-password-agent: return negative errno (#1147524)
+- journal: cleanup up error handling in update_catalog() (#1147524)
+- bash completion: fix __get_startable_units (#1147524)
+- core: check the right variable for failed open() (#1147524)
+- man: sd_journal_send does nothing when journald is not available (#1147524)
+- man: clarify that the ExecReload= command should be synchronous (#1147524)
+- conf-parser: never consider it an error if we cannot load a drop-in file because it is missing (#1147524)
+- socket: properly handle if our service vanished during runtime (#1147524)
+- Do not unescape unit names in [Install] section (#1147524)
+- util: ignore_file should not allow files ending with '~' (#1147524)
+- core: fix invalid free() in killall() (#1147524)
+- install: fix invalid free() in unit_file_mask() (#1147524)
+- unit-name: fix detection of unit templates/instances (#1147524)
+- journald: make MaxFileSec really default to 1month (#1147524)
+- bootchart: it's not OK to return -1 from a main program (#1147524)
+- journald: Fix off-by-one error in "Missed X kernel messages" warning (#1147524)
+- man: drop references to removed and obsolete 'systemctl load' command (#1147524)
+- units: fix BindsTo= logic when applied relative to services with Type=oneshot (#1147524)
+
+* Mon Sep 29 2014 Lukas Nykryn <lnykryn@redhat.com> - 208-12
+- units/serial-getty@.service: add [Install] section (#1083936)
+- units: order network-online.target after network.target (#1072431)
+- util: consider both fuse.glusterfs and glusterfs network file systems (#1080229)
+- core: make StopWhenUnneeded work in conjunction with units that fail during their start job (#986949)
+- cgroups-agent: down-grade log level (#1044386)
+- random-seed: raise POOL_SIZE_MIN constant to 1024 (#1066517)
+- delta: do not use unicode chars in C locale (#1088419)
+- core: print debug instead of error message (#1105608)
+- journald: always add syslog facility for messages coming from kmsg (#1113215)
+- fsck,fstab-generator: be lenient about missing fsck.<type> (#1098310)
+- rules/60-persistent-storage: add nvme pcie ssd scsi_id ENV (#1042990)
+- cgls: fix running with -M option (#1085455)
+- getty: Start getty on 3270 terminals available on Linux on System z (#1075729)
+- core: Added support for ERRNO NOTIFY_SOCKET message parsing (#1106457)
+- socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system (#1111761)
+- tmpfiles: add --root option to operate on an alternate fs tree (#1111199)
+- units: make ExecStopPost action part of ExecStart (#1036276)
+- machine-id: only look into KVM uuid when we are not running in a container (#1123452)
+- util: reset signals when we fork off agents (#1134818)
+- udev: do not skip the execution of RUN when renaming a network device fails (#1102135)
+- man: mention System Administrator's Guide in systemctl manpage (#978948)
+- vconsole: also copy character maps (not just fonts) from vt1 to vt2, vt3, ... (#1002450)
+- localed: consider an unset model as a wildcard (#903776)
+- systemd-detect-virt: detect s390 virtualization (#1139149)
+- socket: introduce SELinuxContextFromNet option (#1113790)
+- sysctl: make --prefix allow all kinds of sysctl paths (#1138591)
+- man: mention localectl in locale.conf (#1049286)
+- rules: automatically online hot-added CPUs (#968811)
+- rules: add rule for naming Dell iDRAC USB Virtual NIC as 'idrac' (#1054477)
+- bash-completion: add verb set-property (#1064487)
+- man: update journald rate limit defaults (#1145352)
+- core: don't try to connect to d-bus after switchroot (#1083300)
+- localed: check for partially matching converted keymaps (#1109145)
+- fileio: make parse_env_file() return number of parsed items (#1069420)
* Wed Apr 02 2014 Lukáš Nykrýn <lnykryn@redhat.com> - 208-11
- logind-session: save stopping flag (#1082692)