diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index 45695d9cb89f..549e731f3b08 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -35,29 +35,27 @@ in config = { - environment.etc = - [ # Name Service Switch configuration file. Required by the C library. - # !!! Factor out the mdns stuff. The avahi module should define - # an option used by this module. - { source = pkgs.writeText "nsswitch.conf" - '' - passwd: files ldap - group: files ldap - shadow: files ldap - hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname - networks: files dns - ethers: files - services: files - protocols: files - ''; - target = "nsswitch.conf"; - } - ]; + # Name Service Switch configuration file. Required by the C + # library. !!! Factor out the mdns stuff. The avahi module + # should define an option used by this module. + environment.etc."nsswitch.conf".text = + '' + passwd: files ldap + group: files ldap + shadow: files ldap + hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname mymachines + networks: files dns + ethers: files + services: files + protocols: files + ''; - # Use nss-myhostname to ensure that our hostname always resolves to - # a valid IP address. It returns all locally configured IP - # addresses, or ::1 and 127.0.0.2 as fallbacks. - system.nssModules = [ pkgs.systemd ]; + # Systemd provides nss-myhostname to ensure that our hostname + # always resolves to a valid IP address. It returns all locally + # configured IP addresses, or ::1 and 127.0.0.2 as + # fallbacks. Systemd also provides nss-mymachines to return IP + # addresses of local containers. + system.nssModules = [ config.systemd.package ]; }; } diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index 5460e962ea2c..0879d9b85bd8 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -62,7 +62,7 @@ in mkdir -m 0755 -p /var/db/nscd ''; - restartTriggers = [ config.environment.etc.hosts.source ]; + restartTriggers = [ config.environment.etc.hosts.source config.environment.etc."nsswitch.conf".source ]; serviceConfig = { ExecStart = "@${pkgs.glibc}/sbin/nscd nscd -f ${cfgFile}"; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index e353e9246b0e..366faf1b73de 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -81,6 +81,7 @@ let "systemd-journal-flush.service" "systemd-journal-gatewayd.socket" "systemd-journal-gatewayd.service" + "systemd-journald-dev-log.socket" "syslog.socket" # SysV init compatibility. diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 35455f17779f..69b09d7fb314 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -277,9 +277,12 @@ in NotifyAccess = "all"; - # Note that on reboot, systemd-nspawn returns 10, so this + # Note that on reboot, systemd-nspawn returns 133, so this # unit will be restarted. On poweroff, it returns 0, so the # unit won't be restarted. + RestartForceExitStatus = "133"; + SuccessExitStatus = "133"; + Restart = "on-failure"; # Hack: we don't want to kill systemd-nspawn, since we call diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index 6da928a6a23e..7fe16cec56b9 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig, glib, expat, pam, intltool, spidermonkey -, gobjectIntrospection, libxslt, docbook_xsl +, gobjectIntrospection, libxslt, docbook_xsl, docbook_xml_dtd_412 , useSystemd ? stdenv.isLinux, systemd }: let @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig glib expat pam intltool spidermonkey gobjectIntrospection ] - ++ [ libxslt docbook_xsl ] # man pages + ++ [ libxslt docbook_xsl docbook_xml_dtd_412 ] # man pages ++ stdenv.lib.optional useSystemd systemd; # Ugly hack to overwrite hardcoded directories diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 3445c3cd2dd3..87faae0467f1 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,9 +1,8 @@ { stdenv, fetchurl, pkgconfig, intltool, gperf, libcap, dbus, kmod , xz, pam, acl, cryptsetup, libuuid, m4, utillinux -, glib, kbd, libxslt, coreutils, libgcrypt, sysvtools, docbook_xsl +, glib, kbd, libxslt, coreutils, libgcrypt, sysvtools , kexectools, libmicrohttpd, linuxHeaders , pythonPackages ? null, pythonSupport ? false -, autoreconfHook }: assert stdenv.isLinux; @@ -11,25 +10,24 @@ assert stdenv.isLinux; assert pythonSupport -> pythonPackages != null; stdenv.mkDerivation rec { - version = "212"; + version = "216"; name = "systemd-${version}"; src = fetchurl { url = "http://www.freedesktop.org/software/systemd/${name}.tar.xz"; - sha256 = "1hpjcc42svrs06q3isjm3m5aphgkpfdylmvpnif71zh46ys0cab5"; + sha256 = "1wr8jxhp2rmbzabm743rmrhp2c8kir1990x6iblzzmj0v2vkspcl"; }; patches = [ # These are all changes between upstream and - # https://github.com/edolstra/systemd/tree/nixos-v212. + # https://github.com/edolstra/systemd/tree/nixos-v216. ./fixes.patch ]; buildInputs = [ pkgconfig intltool gperf libcap kmod xz pam acl - /* cryptsetup */ libuuid m4 glib libxslt libgcrypt docbook_xsl + /* cryptsetup */ libuuid m4 glib libxslt libgcrypt libmicrohttpd linuxHeaders - autoreconfHook ] ++ stdenv.lib.optionals pythonSupport [pythonPackages.python pythonPackages.lxml]; configureFlags = @@ -45,9 +43,23 @@ stdenv.mkDerivation rec { "--with-dbussessionservicedir=$(out)/share/dbus-1/services" "--with-firmware-path=/root/test-firmware:/run/current-system/firmware" "--with-tty-gid=3" # tty in NixOS has gid 3 - "--disable-networkd" # enable/use eventually "--enable-compat-libs" # get rid of this eventually "--disable-tests" + + "--disable-hostnamed" + "--disable-networkd" # enable/use eventually + "--disable-sysusers" + "--disable-timedated" + "--disable-timesyncd" + "--disable-readahead" + "--disable-firstboot" + "--disable-localed" + "--disable-resolved" + "--disable-split-usr" + + "--with-sysvinit-path=" + "--with-sysvrcnd-path=" + "--with-rc-local-script-path-stop=/etc/halt.local" ]; preConfigure = @@ -88,6 +100,8 @@ stdenv.mkDerivation rec { # currently running systemd (/run/current-system/systemd) so # that we don't use an obsolete/garbage-collected release agent. "-USYSTEMD_CGROUP_AGENT_PATH" "-DSYSTEMD_CGROUP_AGENT_PATH=\"/run/current-system/systemd/lib/systemd/systemd-cgroups-agent\"" + + "-USYSTEMD_BINARY_PATH" "-DSYSTEMD_BINARY_PATH=\"/run/current-system/systemd/lib/systemd/systemd\"" ]; # Use /var/lib/udev rather than /etc/udev for the generated hardware @@ -104,9 +118,14 @@ stdenv.mkDerivation rec { "pamconfdir=$(out)/etc/pam.d" ]; - # Get rid of configuration-specific data. postInstall = '' + # sysinit.target: Don't depend on + # systemd-tmpfiles-setup.service. This interferes with NixOps's + # send-keys feature (since sshd.service depends indirectly on + # sysinit.target). + mv $out/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev.service $out/lib/systemd/system/multi-user.target.wants/ + mkdir -p $out/example/systemd mv $out/lib/{modules-load.d,binfmt.d,sysctl.d,tmpfiles.d} $out/example mv $out/lib/systemd/{system,user} $out/example/systemd diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 72cf0e92bb84..416be6248c7e 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -1,72 +1,5 @@ -diff --git a/Makefile.am b/Makefile.am -index 3d9e5c1..46487f6 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -1095,7 +1095,7 @@ BUILT_SOURCES += \ - - src/shared/errno-list.txt: - $(AM_V_at)$(MKDIR_P) $(dir $@) -- $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+[0-9]/ { print $$2; }' > $@ -+ $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+/ { print $$2; }' > $@ - - src/shared/errno-from-name.gperf: src/shared/errno-list.txt - $(AM_V_at)$(MKDIR_P) $(dir $@) -@@ -1107,7 +1107,7 @@ src/shared/errno-from-name.h: src/shared/errno-from-name.gperf - - src/shared/errno-to-name.h: src/shared/errno-list.txt - $(AM_V_at)$(MKDIR_P) $(dir $@) -- $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@ -+ $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} !/EDEADLOCK/ && !/EWOULDBLOCK/ && !/ENOTSUP/ { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@ - - src/shared/af-list.txt: - $(AM_V_at)$(MKDIR_P) $(dir $@) -@@ -1707,7 +1707,9 @@ dist_tmpfiles_DATA += \ - endif - - SYSINIT_TARGET_WANTS += \ -- systemd-tmpfiles-setup-dev.service \ -+ systemd-tmpfiles-setup-dev.service -+ -+MULTI_USER_TARGET_WANTS += \ - systemd-tmpfiles-setup.service - - dist_zshcompletion_DATA += \ -@@ -1961,6 +1963,7 @@ systemd_cgls_SOURCES = \ - src/cgls/cgls.c - - systemd_cgls_LDADD = \ -+ libsystemd-internal.la \ - libsystemd-shared.la - - # ------------------------------------------------------------------------------ -diff --git a/TODO b/TODO -index e2ca1e6..d7efdd5 100644 ---- a/TODO -+++ b/TODO -@@ -1,4 +1,6 @@ - Bugfixes: -+* Should systemctl status \* work on all unit types, not just .service? -+ - * enabling an instance unit creates a pointless link, and - the unit will be started with getty@getty.service: - $ systemctl enable getty@.service -diff --git a/rules/42-usb-hid-pm.rules b/rules/42-usb-hid-pm.rules -index c675b5b..4c300da 100644 ---- a/rules/42-usb-hid-pm.rules -+++ b/rules/42-usb-hid-pm.rules -@@ -12,10 +12,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!= - ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" - ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" - --# Catch-all for Avocent HID devices. Keyed off interface in order to only --# trigger on HID class devices. --ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto" -- - # Dell DRAC 4 - ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto" - diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in -index db72373..2875958 100644 +index aa435c4..46a2cd4 100644 --- a/rules/99-systemd.rules.in +++ b/rules/99-systemd.rules.in @@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd" @@ -80,583 +13,11 @@ index db72373..2875958 100644 # Ignore raid devices that are not yet assembled and started SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0" SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0" -@@ -43,7 +39,7 @@ SUBSYSTEM=="net", KERNEL!="lo", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsys - SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsystem/bluetooth/devices/%k" - - SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_WANTS}+="bluetooth.target" --ENV{ID_SMARTCARD_READER}=="*?", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target" -+ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target" - SUBSYSTEM=="sound", KERNEL=="card*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="sound.target" - - SUBSYSTEM=="printer", TAG+="systemd", ENV{SYSTEMD_WANTS}+="printer.target" -diff --git a/src/cgls/cgls.c b/src/cgls/cgls.c -index b8e275d..1840594 100644 ---- a/src/cgls/cgls.c -+++ b/src/cgls/cgls.c -@@ -35,6 +35,10 @@ - #include "build.h" - #include "output-mode.h" - #include "fileio.h" -+#include "sd-bus.h" -+#include "bus-util.h" -+#include "bus-error.h" -+#include "unit-name.h" - - static bool arg_no_pager = false; - static bool arg_kernel_threads = false; -@@ -127,6 +131,7 @@ int main(int argc, char *argv[]) { - int r = 0, retval = EXIT_FAILURE; - int output_flags; - char _cleanup_free_ *root = NULL; -+ _cleanup_bus_unref_ sd_bus *bus = NULL; - - log_parse_environment(); - log_open(); -@@ -151,6 +156,12 @@ int main(int argc, char *argv[]) { - arg_all * OUTPUT_SHOW_ALL | - (arg_full > 0) * OUTPUT_FULL_WIDTH; - -+ r = bus_open_transport(BUS_TRANSPORT_LOCAL, NULL, false, &bus); -+ if (r < 0) { -+ log_error("Failed to create bus connection: %s", strerror(-r)); -+ goto finish; -+ } -+ - if (optind < argc) { - int i; - -@@ -189,8 +200,52 @@ int main(int argc, char *argv[]) { - } else { - if (arg_machine) { - char *m; -+ const char *cgroup; -+ _cleanup_free_ char *scope = NULL; -+ _cleanup_free_ char *path = NULL; -+ _cleanup_bus_message_unref_ sd_bus_message *reply = NULL; -+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; -+ - m = strappenda("/run/systemd/machines/", arg_machine); -- r = parse_env_file(m, NEWLINE, "CGROUP", &root, NULL); -+ r = parse_env_file(m, NEWLINE, "SCOPE", &scope, NULL); -+ if (r < 0) { -+ log_error("Failed to get machine path: %s", strerror(-r)); -+ goto finish; -+ } -+ -+ path = unit_dbus_path_from_name(scope); -+ if (!path) { -+ r = log_oom(); -+ goto finish; -+ } -+ -+ r = sd_bus_get_property( -+ bus, -+ "org.freedesktop.systemd1", -+ path, -+ "org.freedesktop.systemd1.Scope", -+ "ControlGroup", -+ &error, -+ &reply, -+ "s"); -+ -+ if (r < 0) { -+ log_error("Failed to query ControlGroup: %s", bus_error_message(&error, -r)); -+ goto finish; -+ } -+ -+ r = sd_bus_message_read(reply, "s", &cgroup); -+ if (r < 0) { -+ bus_log_parse_error(r); -+ goto finish; -+ } -+ -+ root = strdup(cgroup); -+ if (!root) { -+ r = log_oom(); -+ goto finish; -+ } -+ - } else - r = cg_get_root_path(&root); - if (r < 0) { -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 3dd4c91..4201e1e 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -871,7 +871,7 @@ int manager_setup_cgroup(Manager *m) { - safe_close(m->pin_cgroupfs_fd); - - m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK); -- if (r < 0) { -+ if (m->pin_cgroupfs_fd < 0) { - log_error("Failed to open pin file: %m"); - return -errno; - } -diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 775825b..5b1c4e3 100644 ---- a/src/core/dbus-cgroup.c -+++ b/src/core/dbus-cgroup.c -@@ -173,6 +173,7 @@ int bus_cgroup_set_property( - - if (mode != UNIT_CHECK) { - c->cpu_accounting = b; -+ u->cgroup_realized_mask &= ~CGROUP_CPUACCT; - unit_write_drop_in_private(u, mode, name, b ? "CPUAccounting=yes" : "CPUAccounting=no"); - } - -@@ -192,6 +193,7 @@ int bus_cgroup_set_property( - - if (mode != UNIT_CHECK) { - c->cpu_shares = ul; -+ u->cgroup_realized_mask &= ~CGROUP_CPU; - unit_write_drop_in_private_format(u, mode, name, "CPUShares=%lu", ul); - } - -@@ -206,6 +208,7 @@ int bus_cgroup_set_property( - - if (mode != UNIT_CHECK) { - c->blockio_accounting = b; -+ u->cgroup_realized_mask &= ~CGROUP_BLKIO; - unit_write_drop_in_private(u, mode, name, b ? "BlockIOAccounting=yes" : "BlockIOAccounting=no"); - } - -@@ -225,6 +228,7 @@ int bus_cgroup_set_property( - - if (mode != UNIT_CHECK) { - c->blockio_weight = ul; -+ u->cgroup_realized_mask &= ~CGROUP_BLKIO; - unit_write_drop_in_private_format(u, mode, name, "BlockIOWeight=%lu", ul); - } - -@@ -294,6 +298,8 @@ int bus_cgroup_set_property( - cgroup_context_free_blockio_device_bandwidth(c, a); - } - -+ u->cgroup_realized_mask &= ~CGROUP_BLKIO; -+ - f = open_memstream(&buf, &size); - if (!f) - return -ENOMEM; -@@ -375,6 +381,8 @@ int bus_cgroup_set_property( - cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights); - } - -+ u->cgroup_realized_mask &= ~CGROUP_BLKIO; -+ - f = open_memstream(&buf, &size); - if (!f) - return -ENOMEM; -@@ -398,6 +406,7 @@ int bus_cgroup_set_property( - - if (mode != UNIT_CHECK) { - c->memory_accounting = b; -+ u->cgroup_realized_mask &= ~CGROUP_MEMORY; - unit_write_drop_in_private(u, mode, name, b ? "MemoryAccounting=yes" : "MemoryAccounting=no"); - } - -@@ -412,6 +421,7 @@ int bus_cgroup_set_property( - - if (mode != UNIT_CHECK) { - c->memory_limit = limit; -+ u->cgroup_realized_mask &= ~CGROUP_MEMORY; - unit_write_drop_in_private_format(u, mode, name, "%s=%" PRIu64, name, limit); - } - -@@ -433,6 +443,7 @@ int bus_cgroup_set_property( - char *buf; - - c->device_policy = p; -+ u->cgroup_realized_mask &= ~CGROUP_DEVICE; - - buf = strappenda("DevicePolicy=", policy); - unit_write_drop_in_private(u, mode, name, buf); -@@ -511,6 +522,8 @@ int bus_cgroup_set_property( - cgroup_context_free_device_allow(c, c->device_allow); - } - -+ u->cgroup_realized_mask &= ~CGROUP_DEVICE; -+ - f = open_memstream(&buf, &size); - if (!f) - return -ENOMEM; -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index 13b3d0d..37d4154 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -842,7 +842,7 @@ int bus_exec_context_set_transient_property( - strv_free(c->environment); - c->environment = e; - -- joined = strv_join(c->environment, " "); -+ joined = strv_join_quoted(c->environment); - if (!joined) - return -ENOMEM; - -diff --git a/src/core/job.c b/src/core/job.c -index 35a9de6..dc4f441 100644 ---- a/src/core/job.c -+++ b/src/core/job.c -@@ -1060,6 +1060,9 @@ int job_coldplug(Job *j) { - if (r < 0) - return r; - -+ if (j->state == JOB_WAITING) -+ job_add_to_run_queue(j); -+ - if (j->begin_usec == 0 || j->unit->job_timeout == 0) - return 0; - -diff --git a/src/core/killall.c b/src/core/killall.c -index 57ed41c..eab48f7 100644 ---- a/src/core/killall.c -+++ b/src/core/killall.c -@@ -168,7 +168,7 @@ static int killall(int sig, Set *pids, bool send_sighup) { - continue; - - if (sig == SIGKILL) { -- _cleanup_free_ char *s; -+ _cleanup_free_ char *s = NULL; - - get_process_comm(pid, &s); - log_notice("Sending SIGKILL to PID "PID_FMT" (%s).", pid, strna(s)); -diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c -index d459afe..2a58e48 100644 ---- a/src/core/machine-id-setup.c -+++ b/src/core/machine-id-setup.c -@@ -93,32 +93,9 @@ static int generate(char id[34], const char *root) { - } - } - -- /* If that didn't work, see if we are running in qemu/kvm and a -- * machine ID was passed in via -uuid on the qemu/kvm command -- * line */ -- -- r = detect_vm(&vm_id); -- if (r > 0 && streq(vm_id, "kvm")) { -- char uuid[37]; -- -- fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); -- if (fd >= 0) { -- k = loop_read(fd, uuid, 36, false); -- safe_close(fd); -- -- if (k >= 36) { -- r = shorten_uuid(id, uuid); -- if (r >= 0) { -- log_info("Initializing machine ID from KVM UUID."); -- return 0; -- } -- } -- } -- } -- -- /* If that didn't work either, see if we are running in a -- * container, and a machine ID was passed in via -- * $container_uuid the way libvirt/LXC does it */ -+ /* If that didn't work, see if we are running in a container, -+ * and a machine ID was passed in via $container_uuid the way -+ * libvirt/LXC does it */ - r = detect_container(NULL); - if (r > 0) { - _cleanup_free_ char *e = NULL; -@@ -133,6 +110,30 @@ static int generate(char id[34], const char *root) { - } - } - } -+ -+ } else { -+ /* If we are not running in a container, see if we are -+ * running in qemu/kvm and a machine ID was passed in -+ * via -uuid on the qemu/kvm command line */ -+ -+ r = detect_vm(&vm_id); -+ if (r > 0 && streq(vm_id, "kvm")) { -+ char uuid[37]; -+ -+ fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); -+ if (fd >= 0) { -+ k = loop_read(fd, uuid, 36, false); -+ safe_close(fd); -+ -+ if (k >= 36) { -+ r = shorten_uuid(id, uuid); -+ if (r >= 0) { -+ log_info("Initializing machine ID from KVM UUID."); -+ return 0; -+ } -+ } -+ } -+ } - } - - /* If that didn't work, generate a random machine id */ -diff --git a/src/core/main.c b/src/core/main.c -index 41605ee..c65701d 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -1840,6 +1840,7 @@ finish: - if (reexecute) { - const char **args; - unsigned i, args_size; -+ sigset_t ss; - - /* Close and disarm the watchdog, so that the new - * instance can reinitialize it, but doesn't get -@@ -1883,7 +1884,7 @@ finish: - char_array_0(sfd); - - i = 0; -- args[i++] = SYSTEMD_BINARY_PATH; -+ args[i++] = "/run/current-system/systemd/lib/systemd/systemd"; - if (switch_root_dir) - args[i++] = "--switched-root"; - args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user"; -@@ -1923,6 +1924,13 @@ finish: - args[i++] = NULL; - assert(i <= args_size); - -+ /* reenable any blocked signals, especially important -+ * if we switch from initial ramdisk to init=... */ -+ reset_all_signal_handlers(); -+ -+ assert_se(sigemptyset(&ss) == 0); -+ assert_se(sigprocmask(SIG_SETMASK, &ss, NULL) == 0); -+ - if (switch_root_init) { - args[0] = switch_root_init; - execv(args[0], (char* const*) args); -diff --git a/src/core/manager.c b/src/core/manager.c -index 224106c..7342095 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -422,7 +422,7 @@ int manager_new(SystemdRunningAs running_as, Manager **_m) { - return -ENOMEM; - - #ifdef ENABLE_EFI -- if (detect_container(NULL) <= 0) -+ if (running_as == SYSTEMD_SYSTEM && detect_container(NULL) <= 0) - boot_timestamps(&m->userspace_timestamp, &m->firmware_timestamp, &m->loader_timestamp); - #endif - -@@ -2129,9 +2129,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) { - if (u->id != t) - continue; - -- if (!unit_can_serialize(u)) -- continue; -- - /* Start marker */ - fputs(u->id, f); - fputc('\n', f); -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 9f15211..e41cf5b 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -42,6 +42,7 @@ - #include "mkdir.h" - #include "dev-setup.h" - #include "def.h" -+#include "label.h" - - typedef enum MountMode { - /* This is ordered by priority! */ -@@ -68,6 +69,7 @@ static int append_mounts(BindMount **p, char **strv, MountMode mode) { - STRV_FOREACH(i, strv) { - - (*p)->ignore = false; -+ (*p)->done = false; - - if ((mode == INACCESSIBLE || mode == READONLY || mode == READWRITE) && (*i)[0] == '-') { - (*p)->ignore = true; -@@ -217,7 +219,10 @@ static int mount_dev(BindMount *m) { - goto fail; - } - -+ label_context_set(d, st.st_mode); - r = mknod(dn, st.st_mode, st.st_rdev); -+ label_context_clear(); -+ - if (r < 0) { - r = -errno; - goto fail; -@@ -350,7 +355,7 @@ int setup_namespace( - private_dev; - - if (n > 0) { -- m = mounts = (BindMount *) alloca(n * sizeof(BindMount)); -+ m = mounts = (BindMount *) alloca0(n * sizeof(BindMount)); - r = append_mounts(&m, read_write_dirs, READWRITE); - if (r < 0) - return r; -diff --git a/src/core/service.c b/src/core/service.c -index ae3695a..6b3aa45 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -1096,11 +1096,6 @@ static int service_verify(Service *s) { - return -EINVAL; - } - -- if (s->type == SERVICE_ONESHOT && s->restart != SERVICE_RESTART_NO) { -- log_error_unit(UNIT(s)->id, "%s has Restart setting other than no, which isn't allowed for Type=oneshot services. Refusing.", UNIT(s)->id); -- return -EINVAL; -- } -- - if (s->type == SERVICE_DBUS && !s->bus_name) { - log_error_unit(UNIT(s)->id, "%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->id); - return -EINVAL; -diff --git a/src/core/socket.c b/src/core/socket.c -index 7c18a2b..1a560a6 100644 ---- a/src/core/socket.c -+++ b/src/core/socket.c -@@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) { - int k; - - k = getpeercred(fd, &ucred); -- if (k < 0) -+ if (k == -ENODATA) { -+ /* This handles the case where somebody is -+ * connecting from another pid/uid namespace -+ * (e.g. from outside of our container). */ -+ if (asprintf(&r, -+ "%u-unknown", -+ nr) < 0) -+ return -ENOMEM; -+ } -+ else if (k < 0) - return k; -- -- if (asprintf(&r, -- "%u-%lu-%lu", -- nr, -- (unsigned long) ucred.pid, -- (unsigned long) ucred.uid) < 0) -- return -ENOMEM; -- -+ else { -+ if (asprintf(&r, -+ "%u-%lu-%lu", -+ nr, -+ (unsigned long) ucred.pid, -+ (unsigned long) ucred.uid) < 0) -+ return -ENOMEM; -+ } - break; - } - -@@ -1242,6 +1251,8 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { - NULL, - s->exec_runtime, - &pid); -+ if (r < 0) -+ goto fail; - - strv_free(argv); - if (r < 0) -@@ -1497,6 +1508,12 @@ static void socket_enter_running(Socket *s, int cfd) { - } - - if (!pending) { -+ if (!UNIT_ISSET(s->service)) { -+ log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id); -+ r = -ENOENT; -+ goto fail; -+ } -+ - r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL); - if (r < 0) - goto fail; -diff --git a/src/core/timer.c b/src/core/timer.c -index 6c85304..720b8af 100644 ---- a/src/core/timer.c -+++ b/src/core/timer.c -@@ -111,6 +111,23 @@ static int timer_add_default_dependencies(Timer *t) { - return unit_add_two_dependencies_by_name(UNIT(t), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true); - } - -+static void update_stampfile(Timer *t, usec_t timestamp) { -+ _cleanup_close_ int fd = -1; -+ -+ mkdir_parents_label(t->stamp_path, 0755); -+ -+ /* Update the file atime + mtime, if we can */ -+ fd = open(t->stamp_path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); -+ if (fd >= 0) { -+ struct timespec ts[2]; -+ -+ timespec_store(&ts[0], timestamp); -+ ts[1] = ts[0]; -+ -+ futimens(fd, ts); -+ } -+} -+ - static int timer_setup_persistent(Timer *t) { - int r; - -@@ -131,7 +148,7 @@ static int timer_setup_persistent(Timer *t) { - - e = getenv("XDG_DATA_HOME"); - if (e) -- t->stamp_path = strjoin(e, "/systemd/timers/", UNIT(t)->id, NULL); -+ t->stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id, NULL); - else { - - _cleanup_free_ char *h = NULL; -@@ -496,22 +513,8 @@ static void timer_enter_running(Timer *t) { - - dual_timestamp_get(&t->last_trigger); - -- if (t->stamp_path) { -- _cleanup_close_ int fd = -1; -- -- mkdir_parents_label(t->stamp_path, 0755); -- -- /* Update the file atime + mtime, if we can */ -- fd = open(t->stamp_path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); -- if (fd >= 0) { -- struct timespec ts[2]; -- -- timespec_store(&ts[0], t->last_trigger.realtime); -- ts[1] = ts[0]; -- -- futimens(fd, ts); -- } -- } -+ if (t->stamp_path) -+ update_stampfile(t, t->last_trigger.realtime); - - timer_set_state(t, TIMER_RUNNING); - return; -@@ -539,6 +542,11 @@ static int timer_start(Unit *u) { - - if (stat(t->stamp_path, &st) >= 0) - t->last_trigger.realtime = timespec_load(&st.st_atim); -+ else if (errno == ENOENT) -+ /* The timer has never run before, -+ * make sure a stamp file exists. -+ */ -+ update_stampfile(t, now(CLOCK_REALTIME)); - } - - t->result = TIMER_SUCCESS; -diff --git a/src/core/transaction.c b/src/core/transaction.c -index d00f427..2befc32 100644 ---- a/src/core/transaction.c -+++ b/src/core/transaction.c -@@ -378,7 +378,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi - "Found dependency on %s/%s", - k->unit->id, job_type_to_string(k->type)); - -- if (!delete && -+ if (!delete && hashmap_get(tr->jobs, k->unit) && - !unit_matters_to_anchor(k->unit, k)) { - /* Ok, we can drop this one, so let's - * do so. */ diff --git a/src/core/umount.c b/src/core/umount.c -index d1258f0..0311812 100644 +index cffa453..4d1a9ff 100644 --- a/src/core/umount.c +++ b/src/core/umount.c -@@ -404,6 +404,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e +@@ -385,6 +385,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e * anyway, since we are running from it. They have * already been remounted ro. */ if (path_equal(m->path, "/") @@ -665,926 +26,25 @@ index d1258f0..0311812 100644 #ifndef HAVE_SPLIT_USR || path_equal(m->path, "/usr") #endif -diff --git a/src/core/unit.c b/src/core/unit.c -index 153b79b..ed52694 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2287,25 +2287,25 @@ bool unit_can_serialize(Unit *u) { - } - - int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) { -- ExecRuntime *rt; - int r; - - assert(u); - assert(f); - assert(fds); - -- if (!unit_can_serialize(u)) -- return 0; -- -- r = UNIT_VTABLE(u)->serialize(u, f, fds); -- if (r < 0) -- return r; -+ if (unit_can_serialize(u)) { -+ ExecRuntime *rt; - -- rt = unit_get_exec_runtime(u); -- if (rt) { -- r = exec_runtime_serialize(rt, u, f, fds); -+ r = UNIT_VTABLE(u)->serialize(u, f, fds); - if (r < 0) - return r; -+ -+ rt = unit_get_exec_runtime(u); -+ if (rt) { -+ r = exec_runtime_serialize(rt, u, f, fds); -+ if (r < 0) -+ return r; -+ } - } - - dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp); -@@ -2367,17 +2367,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) { - } - - int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { -- size_t offset; - ExecRuntime **rt = NULL; -+ size_t offset; - int r; - - assert(u); - assert(f); - assert(fds); - -- if (!unit_can_serialize(u)) -- return 0; -- - offset = UNIT_VTABLE(u)->exec_runtime_offset; - if (offset > 0) - rt = (ExecRuntime**) ((uint8_t*) u + offset); -@@ -2487,24 +2484,34 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { - if (!s) - return -ENOMEM; - -- free(u->cgroup_path); -- u->cgroup_path = s; -+ if (u->cgroup_path) { -+ void *p; - -+ p = hashmap_remove(u->manager->cgroup_unit, u->cgroup_path); -+ log_info("Removing cgroup_path %s from hashmap (%p)", -+ u->cgroup_path, p); -+ free(u->cgroup_path); -+ } -+ -+ u->cgroup_path = s; - assert(hashmap_put(u->manager->cgroup_unit, s, u) == 1); -+ - continue; - } - -- if (rt) { -- r = exec_runtime_deserialize_item(rt, u, l, v, fds); -+ if (unit_can_serialize(u)) { -+ if (rt) { -+ r = exec_runtime_deserialize_item(rt, u, l, v, fds); -+ if (r < 0) -+ return r; -+ if (r > 0) -+ continue; -+ } -+ -+ r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); - if (r < 0) - return r; -- if (r > 0) -- continue; - } -- -- r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); -- if (r < 0) -- return r; - } - } - -diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c -index 75d56dd..be8fb2f 100644 ---- a/src/cryptsetup/cryptsetup-generator.c -+++ b/src/cryptsetup/cryptsetup-generator.c -@@ -29,6 +29,7 @@ - #include "mkdir.h" - #include "strv.h" - #include "fileio.h" -+#include "path-util.h" - - static const char *arg_dest = "/tmp"; - static bool arg_enabled = true; -@@ -144,16 +145,19 @@ static int create_disk( - if (!uu) - return log_oom(); - -- if (is_device_path(uu)) { -- _cleanup_free_ char *dd; -+ if (!path_equal(uu, "/dev/null")) { - -- dd = unit_name_from_path(uu, ".device"); -- if (!dd) -- return log_oom(); -+ if (is_device_path(uu)) { -+ _cleanup_free_ char *dd; - -- fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); -- } else -- fprintf(f, "RequiresMountsFor=%s\n", password); -+ dd = unit_name_from_path(uu, ".device"); -+ if (!dd) -+ return log_oom(); -+ -+ fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); -+ } else -+ fprintf(f, "RequiresMountsFor=%s\n", password); -+ } - } - } - -@@ -287,7 +291,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) { - } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) { - - free(arg_keyfile); -- arg_keyfile = strdup(key); -+ arg_keyfile = strdup(value); - if (!arg_keyfile) - return log_oom(); - -diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c -index 9b9074c..ad6c76c 100644 ---- a/src/cryptsetup/cryptsetup.c -+++ b/src/cryptsetup/cryptsetup.c -@@ -88,6 +88,13 @@ static int parse_one_option(const char *option) { - return 0; - } - -+ if (arg_key_size % 8) { -+ log_error("size= not a multiple of 8, ignoring."); -+ return 0; -+ } -+ -+ arg_key_size /= 8; -+ - } else if (startswith(option, "key-slot=")) { - - arg_type = CRYPT_LUKS1; -@@ -404,7 +411,7 @@ static int attach_luks_or_plain(struct crypt_device *cd, - /* for CRYPT_PLAIN limit reads - * from keyfile to key length, and - * ignore keyfile-size */ -- arg_keyfile_size = arg_key_size / 8; -+ arg_keyfile_size = arg_key_size; - - /* In contrast to what the name - * crypt_setup() might suggest this -@@ -567,7 +574,7 @@ int main(int argc, char *argv[]) { - else - until = 0; - -- arg_key_size = (arg_key_size > 0 ? arg_key_size : 256); -+ arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); - - if (key_file) { - struct stat st; diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c -index 18f2aca..2a2b1ea 100644 +index dfe97bc..71cd8f4 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c -@@ -285,7 +285,7 @@ int main(int argc, char *argv[]) { - - type = udev_device_get_property_value(udev_device, "ID_FS_TYPE"); - if (type) { -- const char *checker = strappenda("/sbin/fsck.", type); -+ const char *checker = strappenda("/run/current-system/sw/sbin/fsck.", type); - r = access(checker, X_OK); - if (r < 0) { - if (errno == ENOENT) { -@@ -302,7 +302,7 @@ int main(int argc, char *argv[]) { +@@ -315,8 +315,7 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } - cmdline[i++] = "/sbin/fsck"; +- cmdline[i++] = arg_repair; + cmdline[i++] = "/run/current-system/sw/sbin/fsck"; - cmdline[i++] = "-a"; cmdline[i++] = "-T"; - cmdline[i++] = "-l"; -diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c -index 6a4aa2c..700e90a 100644 ---- a/src/getty-generator/getty-generator.c -+++ b/src/getty-generator/getty-generator.c -@@ -72,7 +72,7 @@ static int add_serial_getty(const char *tty) { - log_debug("Automatically adding serial getty for /dev/%s.", tty); - -- n = unit_name_replace_instance("serial-getty@.service", tty); -+ n = unit_name_from_path_instance("serial-getty", tty, ".service"); - if (!n) - return log_oom(); - -@@ -86,7 +86,7 @@ static int add_container_getty(const char *tty) { - - log_debug("Automatically adding container getty for /dev/pts/%s.", tty); - -- n = unit_name_replace_instance("container-getty@.service", tty); -+ n = unit_name_from_path_instance("container-getty", tty, ".service"); - if (!n) - return log_oom(); - -diff --git a/src/journal/catalog.c b/src/journal/catalog.c -index 3ed0b7e..02dedc4 100644 ---- a/src/journal/catalog.c -+++ b/src/journal/catalog.c -@@ -103,7 +103,7 @@ static int finish_item( - const char *payload) { - - ssize_t offset; -- CatalogItem *i; -+ _cleanup_free_ CatalogItem *i = NULL; - int r; - - assert(h); -@@ -126,13 +126,14 @@ static int finish_item( - i->offset = htole64((uint64_t) offset); - - r = hashmap_put(h, i, i); -- if (r == EEXIST) { -+ if (r == -EEXIST) { - log_warning("Duplicate entry for " SD_ID128_FORMAT_STR ".%s, ignoring.", - SD_ID128_FORMAT_VAL(id), language ? language : "C"); -- free(i); - return 0; -- } -+ } else if (r < 0) -+ return r; - -+ i = NULL; - return 0; - } - -@@ -383,8 +384,8 @@ error: - int catalog_update(const char* database, const char* root, const char* const* dirs) { - _cleanup_strv_free_ char **files = NULL; - char **f; -- Hashmap *h; - struct strbuf *sb = NULL; -+ _cleanup_hashmap_free_free_ Hashmap *h = NULL; - _cleanup_free_ CatalogItem *items = NULL; - CatalogItem *i; - Iterator j; -@@ -406,13 +407,17 @@ int catalog_update(const char* database, const char* root, const char* const* di - } - - STRV_FOREACH(f, files) { -- log_debug("reading file '%s'", *f); -- catalog_import_file(h, sb, *f); -+ log_debug("Reading file '%s'", *f); -+ r = catalog_import_file(h, sb, *f); -+ if (r < 0) { -+ log_error("Failed to import file '%s': %s.", -+ *f, strerror(-r)); -+ goto finish; -+ } - } - - if (hashmap_size(h) <= 0) { - log_info("No items in catalog."); -- r = 0; - goto finish; - } else - log_debug("Found %u items in catalog.", hashmap_size(h)); -@@ -443,11 +448,7 @@ int catalog_update(const char* database, const char* root, const char* const* di - log_debug("%s: wrote %u items, with %zu bytes of strings, %ld total size.", - database, n, sb->len, r); - -- r = 0; -- - finish: -- if (h) -- hashmap_free_free(h); - if (sb) - strbuf_cleanup(sb); - -diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c -index f2f1f35..fd9d2a8 100644 ---- a/src/journal/journal-file.c -+++ b/src/journal/journal-file.c -@@ -274,12 +274,6 @@ static int journal_file_verify_header(JournalFile *f) { - !VALID64(le64toh(f->header->entry_array_offset))) - return -ENODATA; - -- if (le64toh(f->header->data_hash_table_offset) < le64toh(f->header->header_size) || -- le64toh(f->header->field_hash_table_offset) < le64toh(f->header->header_size) || -- le64toh(f->header->tail_object_offset) < le64toh(f->header->header_size) || -- le64toh(f->header->entry_array_offset) < le64toh(f->header->header_size)) -- return -ENODATA; -- - if (f->writable) { - uint8_t state; - sd_id128_t machine_id; -diff --git a/src/journal/journal-remote-parse.c b/src/journal/journal-remote-parse.c -index 142de0e..239ff38 100644 ---- a/src/journal/journal-remote-parse.c -+++ b/src/journal/journal-remote-parse.c -@@ -40,7 +40,7 @@ void source_free(RemoteSource *source) { - - static int get_line(RemoteSource *source, char **line, size_t *size) { - ssize_t n, remain; -- char *c; -+ char *c = NULL; - char *newbuf = NULL; - size_t newsize = 0; - -@@ -49,7 +49,9 @@ static int get_line(RemoteSource *source, char **line, size_t *size) { - assert(source->filled <= source->size); - assert(source->buf == NULL || source->size > 0); - -- c = memchr(source->buf, '\n', source->filled); -+ if (source->buf) -+ c = memchr(source->buf, '\n', source->filled); -+ - if (c != NULL) - goto docopy; - -diff --git a/src/journal/journald-kmsg.c b/src/journal/journald-kmsg.c -index 35948ea..48725e4 100644 ---- a/src/journal/journald-kmsg.c -+++ b/src/journal/journald-kmsg.c -@@ -152,7 +152,7 @@ static void dev_kmsg_record(Server *s, char *p, size_t l) { - /* Did we lose any? */ - if (serial > *s->kernel_seqnum) - server_driver_message(s, SD_MESSAGE_JOURNAL_MISSED, "Missed %"PRIu64" kernel messages", -- serial - *s->kernel_seqnum - 1); -+ serial - *s->kernel_seqnum); - - /* Make sure we never read this one again. Note that - * we always store the next message serial we expect -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index 6da81e7..b6f8e7e 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -67,6 +67,7 @@ - #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE) - #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC) - #define DEFAULT_RATE_LIMIT_BURST 1000 -+#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH - - #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC) - -@@ -1473,6 +1474,8 @@ int server_init(Server *s) { - s->forward_to_syslog = true; - s->forward_to_wall = true; - -+ s->max_file_usec = DEFAULT_MAX_FILE_USEC; -+ - s->max_level_store = LOG_DEBUG; - s->max_level_syslog = LOG_DEBUG; - s->max_level_kmsg = LOG_NOTICE; -diff --git a/src/journal/microhttpd-util.c b/src/journal/microhttpd-util.c -index f693e0f..9a8d5c6 100644 ---- a/src/journal/microhttpd-util.c -+++ b/src/journal/microhttpd-util.c -@@ -129,7 +129,7 @@ void log_func_gnutls(int level, const char *message) { - if (0 <= level && level < (int) ELEMENTSOF(log_level_map)) - ourlevel = log_level_map[level]; - else -- level = LOG_DEBUG; -+ ourlevel = LOG_DEBUG; - - log_meta(ourlevel, NULL, 0, NULL, "gnutls: %s", message); - } -diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c -index b087a8b..967ab67 100644 ---- a/src/journal/test-catalog.c -+++ b/src/journal/test-catalog.c -@@ -157,7 +157,8 @@ int main(int argc, char *argv[]) { - - setlocale(LC_ALL, "de_DE.UTF-8"); - -- log_set_max_level(LOG_DEBUG); -+ log_parse_environment(); -+ log_open(); - - test_catalog_file_lang(); - -diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c -index 84a8ffa..e79b318 100644 ---- a/src/libsystemd/sd-rtnl/rtnl-message.c -+++ b/src/libsystemd/sd-rtnl/rtnl-message.c -@@ -335,24 +335,28 @@ int sd_rtnl_message_link_get_flags(sd_rtnl_message *m, unsigned *flags) { - /* If successful the updated message will be correctly aligned, if - unsuccessful the old message is untouched. */ - static int add_rtattr(sd_rtnl_message *m, unsigned short type, const void *data, size_t data_length) { -- uint32_t rta_length, message_length; -+ uint32_t rta_length; -+ size_t message_length, padding_length; - struct nlmsghdr *new_hdr; - struct rtattr *rta; - char *padding; - unsigned i; -+ int offset; - - assert(m); - assert(m->hdr); - assert(!m->sealed); - assert(NLMSG_ALIGN(m->hdr->nlmsg_len) == m->hdr->nlmsg_len); -- assert(!data || data_length > 0); -- assert(data || m->n_containers < RTNL_CONTAINER_DEPTH); -+ assert(!data || data_length); -+ -+ /* get offset of the new attribute */ -+ offset = m->hdr->nlmsg_len; - - /* get the size of the new rta attribute (with padding at the end) */ - rta_length = RTA_LENGTH(data_length); - - /* get the new message size (with padding at the end) */ -- message_length = m->hdr->nlmsg_len + RTA_ALIGN(rta_length); -+ message_length = offset + RTA_ALIGN(rta_length); - - /* realloc to fit the new attribute */ - new_hdr = realloc(m->hdr, message_length); -@@ -361,32 +365,35 @@ static int add_rtattr(sd_rtnl_message *m, unsigned short type, const void *data, - m->hdr = new_hdr; - - /* get pointer to the attribute we are about to add */ -- rta = (struct rtattr *) ((uint8_t *) m->hdr + m->hdr->nlmsg_len); -+ rta = (struct rtattr *) ((uint8_t *) m->hdr + offset); - - /* if we are inside containers, extend them */ - for (i = 0; i < m->n_containers; i++) -- GET_CONTAINER(m, i)->rta_len += message_length - m->hdr->nlmsg_len; -+ GET_CONTAINER(m, i)->rta_len += message_length - offset; - - /* fill in the attribute */ - rta->rta_type = type; - rta->rta_len = rta_length; -- if (!data) { -- /* this is the start of a new container */ -- m->container_offsets[m->n_containers ++] = m->hdr->nlmsg_len; -- } else { -+ if (data) - /* we don't deal with the case where the user lies about the type - * and gives us too little data (so don't do that) -- */ -+ */ - padding = mempcpy(RTA_DATA(rta), data, data_length); -- /* make sure also the padding at the end of the message is initialized */ -- memzero(padding, -- (uint8_t *) m->hdr + message_length - (uint8_t *) padding); -+ else { -+ /* if no data was passed, make sure we still initialize the padding -+ note that we can have data_length > 0 (used by some containers) */ -+ padding = RTA_DATA(rta); -+ data_length = 0; - } - -+ /* make sure also the padding at the end of the message is initialized */ -+ padding_length = (uint8_t*)m->hdr + message_length - (uint8_t*)padding; -+ memzero(padding, padding_length); -+ - /* update message size */ - m->hdr->nlmsg_len = message_length; - -- return 0; -+ return offset; - } - - int sd_rtnl_message_append_string(sd_rtnl_message *m, unsigned short type, const char *data) { -@@ -761,22 +768,29 @@ int sd_rtnl_message_open_container(sd_rtnl_message *m, unsigned short type) { - - assert_return(m, -EINVAL); - assert_return(!m->sealed, -EPERM); -+ assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -ERANGE); - - sd_rtnl_message_get_type(m, &rtm_type); - -+ int r = -ENOTSUP; -+ - if (rtnl_message_type_is_link(rtm_type)) { - - if ((type == IFLA_LINKINFO && m->n_containers == 0) || - (type == IFLA_INFO_DATA && m->n_containers == 1 && - GET_CONTAINER(m, 0)->rta_type == IFLA_LINKINFO)) -- return add_rtattr(m, type, NULL, 0); -+ r = add_rtattr(m, type, NULL, 0); - else if (type == VETH_INFO_PEER && m->n_containers == 2 && - GET_CONTAINER(m, 1)->rta_type == IFLA_INFO_DATA && - GET_CONTAINER(m, 0)->rta_type == IFLA_LINKINFO) -- return add_rtattr(m, type, NULL, sizeof(struct ifinfomsg)); -+ r= add_rtattr(m, type, NULL, sizeof(struct ifinfomsg)); - } - -- return -ENOTSUP; -+ if (r < 0) return r; -+ -+ m->container_offsets[m->n_containers ++] = r; -+ -+ return 0; - } - - int sd_rtnl_message_close_container(sd_rtnl_message *m) { -diff --git a/src/libudev/libudev-monitor.c b/src/libudev/libudev-monitor.c -index ba1b04d..85b1e40 100644 ---- a/src/libudev/libudev-monitor.c -+++ b/src/libudev/libudev-monitor.c -@@ -108,15 +108,13 @@ static struct udev_monitor *udev_monitor_new(struct udev *udev) - - /* we consider udev running when /dev is on devtmpfs */ - static bool udev_has_devtmpfs(struct udev *udev) { -- struct file_handle *h; -+ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ, }; - int mount_id; - _cleanup_fclose_ FILE *f = NULL; - char line[LINE_MAX], *e; - int r; - -- h = alloca(MAX_HANDLE_SZ); -- h->handle_bytes = MAX_HANDLE_SZ; -- r = name_to_handle_at(AT_FDCWD, "/dev", h, &mount_id, 0); -+ r = name_to_handle_at(AT_FDCWD, "/dev", &h.handle, &mount_id, 0); - if (r < 0) - return false; - -diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules -index e1cf897..57f619d 100644 ---- a/src/login/70-uaccess.rules -+++ b/src/login/70-uaccess.rules -@@ -12,7 +12,7 @@ ENV{MAJOR}=="", GOTO="uaccess_end" - SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="uaccess" - - # Digicams with proprietary protocol --ENV{ID_GPHOTO2}=="*?", TAG+="uaccess" -+ENV{ID_GPHOTO2}=="?*", TAG+="uaccess" - - # SCSI and USB scanners - ENV{libsane_matched}=="yes", TAG+="uaccess" -@@ -49,13 +49,13 @@ SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess" - SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess" - - # smart-card readers --ENV{ID_SMARTCARD_READER}=="*?", TAG+="uaccess" -+ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess" - - # (USB) authentication devices --ENV{ID_SECURITY_TOKEN}=="*?", TAG+="uaccess" -+ENV{ID_SECURITY_TOKEN}=="?*", TAG+="uaccess" - - # PDA devices --ENV{ID_PDA}=="*?", TAG+="uaccess" -+ENV{ID_PDA}=="?*", TAG+="uaccess" - - # Programmable remote control - ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess" -@@ -64,10 +64,10 @@ ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess" - SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="uaccess" - - # color measurement devices --ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="uaccess" -+ENV{COLOR_MEASUREMENT_DEVICE}=="?*", TAG+="uaccess" - - # DDC/CI device, usually high-end monitors such as the DreamColor --ENV{DDC_DEVICE}=="*?", TAG+="uaccess" -+ENV{DDC_DEVICE}=="?*", TAG+="uaccess" - - # media player raw devices (for user-mode drivers, Android SDK, etc.) - SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" -diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c -index dc86f0f..4bbeb64 100644 ---- a/src/login/logind-acl.c -+++ b/src/login/logind-acl.c -@@ -279,7 +279,9 @@ int devnode_acl_all(struct udev *udev, - - log_debug("Fixing up ACLs at %s for seat %s", n, seat); - k = devnode_acl(n, flush, del, old_uid, add, new_uid); -- if (k < 0) -+ if (k == -ENOENT) -+ log_debug("Device %s disappeared while setting ACLs", n); -+ else if (k < 0) - r = k; - } - -diff --git a/src/login/logind-action.c b/src/login/logind-action.c -index 1928f43..d69c7ad 100644 ---- a/src/login/logind-action.c -+++ b/src/login/logind-action.c -@@ -79,14 +79,12 @@ int manager_handle_action( - return 0; - } - -- /* If we have more than one or no displays connected, -- * don't react to lid closing. The no display case we -- * treat like this under the assumption that there is -- * no modern drm driver available. */ -+ /* If we have more than one display connected, -+ * don't react to lid closing. */ - n = manager_count_displays(m); - if (n < 0) - log_warning("Display counting failed: %s", strerror(-n)); -- else if (n != 1) { -+ else if (n > 1) { - log_debug("Ignoring lid switch request, %i displays connected.", n); - return 0; - } -diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c -index 3f5efdc..1ee6ced 100644 ---- a/src/login/logind-seat.c -+++ b/src/login/logind-seat.c -@@ -275,8 +275,13 @@ int seat_switch_to(Seat *s, unsigned int num) { - if (!num) - return -EINVAL; - -- if (num >= s->position_count || !s->positions[num]) -+ if (num >= s->position_count || !s->positions[num]) { -+ /* allow switching to unused VTs to trigger auto-activate */ -+ if (seat_has_vts(s) && num < 64) -+ return chvt(num); -+ - return -EINVAL; -+ } - - return session_activate(s->positions[num]); - } -diff --git a/src/login/logind-session.c b/src/login/logind-session.c -index 4ca6b5d..02a780d 100644 ---- a/src/login/logind-session.c -+++ b/src/login/logind-session.c -@@ -213,7 +213,6 @@ int session_save(Session *s) { - - if (s->scope) - fprintf(f, "SCOPE=%s\n", s->scope); -- - if (s->scope_job) - fprintf(f, "SCOPE_JOB=%s\n", s->scope_job); - -@@ -229,17 +228,54 @@ int session_save(Session *s) { - if (s->display) - fprintf(f, "DISPLAY=%s\n", s->display); - -- if (s->remote_host) -- fprintf(f, "REMOTE_HOST=%s\n", s->remote_host); -+ if (s->remote_host) { -+ _cleanup_free_ char *escaped; -+ -+ escaped = cescape(s->remote_host); -+ if (!escaped) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ -+ fprintf(f, "REMOTE_HOST=%s\n", escaped); -+ } -+ -+ if (s->remote_user) { -+ _cleanup_free_ char *escaped; -+ -+ escaped = cescape(s->remote_user); -+ if (!escaped) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ -+ fprintf(f, "REMOTE_USER=%s\n", escaped); -+ } -+ -+ if (s->service) { -+ _cleanup_free_ char *escaped; - -- if (s->remote_user) -- fprintf(f, "REMOTE_USER=%s\n", s->remote_user); -+ escaped = cescape(s->service); -+ if (!escaped) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ -+ fprintf(f, "SERVICE=%s\n", escaped); -+ } - -- if (s->service) -- fprintf(f, "SERVICE=%s\n", s->service); -+ if (s->desktop) { -+ _cleanup_free_ char *escaped; - -- if (s->desktop) -- fprintf(f, "DESKTOP=%s\n", s->desktop); -+ -+ escaped = cescape(s->desktop); -+ if (!escaped) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ -+ fprintf(f, "DESKTOP=%s\n", escaped); -+ } - - if (s->seat && seat_has_vts(s->seat)) - fprintf(f, "VTNR=%u\n", s->vtnr); -@@ -972,6 +1008,10 @@ void session_mute_vt(Session *s) { - if (vt < 0) - return; - -+ r = fchown(vt, s->user->uid, -1); -+ if (r < 0) -+ goto error; -+ - r = ioctl(vt, KDSKBMODE, K_OFF); - if (r < 0) - goto error; -@@ -1026,6 +1066,8 @@ void session_restore_vt(Session *s) { - mode.mode = VT_AUTO; - ioctl(vt, VT_SETMODE, &mode); - -+ fchown(vt, 0, -1); -+ - s->vtfd = safe_close(s->vtfd); - } - -diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in -index b96d32d..b8e90f1 100644 ---- a/src/login/org.freedesktop.login1.policy.in -+++ b/src/login/org.freedesktop.login1.policy.in -@@ -254,7 +254,7 @@ - - auth_admin_keep - auth_admin_keep -- auth_admin_keep -+ yes - - org.freedesktop.login1.hibernate - -diff --git a/src/login/pam-module.c b/src/login/pam-module.c -index 9873dd5..1259457 100644 ---- a/src/login/pam-module.c -+++ b/src/login/pam-module.c -@@ -475,7 +475,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( - } - - if (session_fd >= 0) { -- session_fd = dup(session_fd); -+ session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3); - if (session_fd < 0) { - pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m"); - return PAM_SESSION_ERR; -diff --git a/src/machine/machine.c b/src/machine/machine.c -index 9a5cc9a..de701ad 100644 ---- a/src/machine/machine.c -+++ b/src/machine/machine.c -@@ -123,17 +123,42 @@ int machine_save(Machine *m) { - "NAME=%s\n", - m->name); - -- if (m->unit) -- fprintf(f, "SCOPE=%s\n", m->unit); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */ -+ if (m->unit) { -+ _cleanup_free_ char *escaped; -+ -+ escaped = cescape(m->unit); -+ if (!escaped) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ -+ fprintf(f, "SCOPE=%s\n", escaped); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */ -+ } - - if (m->scope_job) - fprintf(f, "SCOPE_JOB=%s\n", m->scope_job); - -- if (m->service) -- fprintf(f, "SERVICE=%s\n", m->service); -+ if (m->service) { -+ _cleanup_free_ char *escaped; - -- if (m->root_directory) -- fprintf(f, "ROOT=%s\n", m->root_directory); -+ escaped = cescape(m->service); -+ if (!escaped) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ fprintf(f, "SERVICE=%s\n", escaped); -+ } -+ -+ if (m->root_directory) { -+ _cleanup_free_ char *escaped; -+ -+ escaped = cescape(m->root_directory); -+ if (!escaped) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ fprintf(f, "ROOT=%s\n", escaped); -+ } - - if (!sd_id128_equal(m->id, SD_ID128_NULL)) - fprintf(f, "ID=" SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->id)); -@@ -330,16 +355,18 @@ static int machine_stop_scope(Machine *m) { - if (!m->unit) - return 0; - -- r = manager_stop_unit(m->manager, m->unit, &error, &job); -- if (r < 0) { -- log_error("Failed to stop machine scope: %s", bus_error_message(&error, r)); -- return r; -+ if (!m->registered) { -+ r = manager_stop_unit(m->manager, m->unit, &error, &job); -+ if (r < 0) { -+ log_error("Failed to stop machine scope: %s", bus_error_message(&error, r)); -+ return r; -+ } - } - - free(m->scope_job); - m->scope_job = job; - -- return r; -+ return 0; - } - - int machine_stop(Machine *m) { -@@ -415,6 +442,8 @@ int machine_kill(Machine *m, KillWho who, int signo) { - - if (kill(m->leader, signo) < 0) - return -errno; -+ -+ return 0; - } - - /* Otherwise make PID 1 do it for us, for the entire cgroup */ -diff --git a/src/machine/machine.h b/src/machine/machine.h -index f4aefc5..de3536d 100644 ---- a/src/machine/machine.h -+++ b/src/machine/machine.h -@@ -72,6 +72,7 @@ struct Machine { - - bool in_gc_queue:1; - bool started:1; -+ bool registered:1; - - sd_bus_message *create_message; - -diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c -index 9473105..154a335 100644 ---- a/src/machine/machined-dbus.c -+++ b/src/machine/machined-dbus.c -@@ -241,6 +241,7 @@ static int method_create_or_register_machine(Manager *manager, sd_bus_message *m - m->leader = leader; - m->class = c; - m->id = id; -+ m->registered = true; - - if (!isempty(service)) { - m->service = strdup(service); + /* diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 9a9ed9d..c3e6d23 100644 +index d01da45..4976f9a 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -769,6 +769,15 @@ static int setup_resolv_conf(const char *dest) { - return 0; - } - -+static char* id128_format_as_uuid(sd_id128_t id, char s[37]) { -+ -+ snprintf(s, 37, -+ "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", -+ SD_ID128_FORMAT_VAL(id)); -+ -+ return s; -+} -+ - static int setup_boot_id(const char *dest) { - _cleanup_free_ char *from = NULL, *to = NULL; - sd_id128_t rnd = {}; -@@ -794,10 +803,7 @@ static int setup_boot_id(const char *dest) { - return r; - } - -- snprintf(as_uuid, sizeof(as_uuid), -- "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", -- SD_ID128_FORMAT_VAL(rnd)); -- char_array_0(as_uuid); -+ id128_format_as_uuid(rnd, as_uuid); - - r = write_string_file(from, as_uuid); - if (r < 0) { -@@ -2378,7 +2384,7 @@ static int change_uid_gid(char **_home) { - _cleanup_fclose_ FILE *f = NULL; - _cleanup_close_ int fd = -1; - unsigned n_uids = 0; -- size_t sz, l; -+ size_t sz = 0, l; - uid_t uid; - gid_t gid; - pid_t pid; -@@ -2667,6 +2673,7 @@ int main(int argc, char *argv[]) { +@@ -2985,6 +2985,7 @@ int main(int argc, char *argv[]) { goto finish; } } else { @@ -1592,7 +52,7 @@ index 9a9ed9d..c3e6d23 100644 const char *p; p = strappenda(arg_directory, -@@ -2676,6 +2683,7 @@ int main(int argc, char *argv[]) { +@@ -2994,6 +2995,7 @@ int main(int argc, char *argv[]) { goto finish; } @@ -1600,510 +60,11 @@ index 9a9ed9d..c3e6d23 100644 } } else { char template[] = "/tmp/nspawn-root-XXXXXX"; -@@ -2748,8 +2756,6 @@ int main(int argc, char *argv[]) { - goto finish; - } - -- sd_notify(0, "READY=1"); -- - assert_se(sigemptyset(&mask) == 0); - sigset_add_many(&mask, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1); - assert_se(sigprocmask(SIG_BLOCK, &mask, NULL) == 0); -@@ -2966,7 +2972,9 @@ int main(int argc, char *argv[]) { - } - - if (!sd_id128_equal(arg_uuid, SD_ID128_NULL)) { -- if (asprintf((char**)(envp + n_env++), "container_uuid=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(arg_uuid)) < 0) { -+ char as_uuid[37]; -+ -+ if (asprintf((char**)(envp + n_env++), "container_uuid=%s", id128_format_as_uuid(arg_uuid, as_uuid)) < 0) { - log_oom(); - goto child_fail; - } -@@ -3086,6 +3094,8 @@ int main(int argc, char *argv[]) { - if (r < 0) - goto finish; - -+ sd_notify(0, "READY=1"); -+ - /* Notify the child that the parent is ready with all - * its setup, and thtat the child can now hand over - * control to the code to run inside the container. */ -@@ -3136,6 +3146,10 @@ int main(int argc, char *argv[]) { - - if (!arg_quiet) - log_info("Container %s is being rebooted.", arg_machine); -+ if (getenv("EXIT_ON_REBOOT") != 0) { -+ r = 10; -+ break; -+ } - continue; - } else if (status.si_code == CLD_KILLED || - status.si_code == CLD_DUMPED) { -diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c -index d61ecdf..228a3a4 100644 ---- a/src/nss-myhostname/netlink.c -+++ b/src/nss-myhostname/netlink.c -@@ -112,6 +112,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) { - ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE) - continue; - -+ if (ifaddrmsg->ifa_family == AF_INET6 && -+ ifaddrmsg->ifa_scope == RT_SCOPE_LINK) -+ continue; -+ - if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED) - continue; - -diff --git a/src/python-systemd/_reader.c b/src/python-systemd/_reader.c -index 059b904..9a19a10 100644 ---- a/src/python-systemd/_reader.c -+++ b/src/python-systemd/_reader.c -@@ -902,7 +902,6 @@ static PyObject* get_catalog(PyObject *self, PyObject *args) { - sd_id128_t id; - _cleanup_free_ char *msg = NULL; - -- assert(!self); - assert(args); - - if (!PyArg_ParseTuple(args, "z:get_catalog", &id_)) -diff --git a/src/python-systemd/journal.py b/src/python-systemd/journal.py -index 9c7e004..dd1f229 100644 ---- a/src/python-systemd/journal.py -+++ b/src/python-systemd/journal.py -@@ -293,7 +293,7 @@ class Reader(_Reader): - monotonic = monotonic.totalseconds() - monotonic = int(monotonic * 1000000) - if isinstance(bootid, _uuid.UUID): -- bootid = bootid.get_hex() -+ bootid = bootid.hex - return super(Reader, self).seek_monotonic(monotonic, bootid) - - def log_level(self, level): -@@ -314,7 +314,7 @@ class Reader(_Reader): - Equivalent to add_match(MESSAGE_ID=`messageid`). - """ - if isinstance(messageid, _uuid.UUID): -- messageid = messageid.get_hex() -+ messageid = messageid.hex - self.add_match(MESSAGE_ID=messageid) - - def this_boot(self, bootid=None): -@@ -346,7 +346,7 @@ class Reader(_Reader): - - def get_catalog(mid): - if isinstance(mid, _uuid.UUID): -- mid = mid.get_hex() -+ mid = mid.hex - return _get_catalog(mid) - - def _make_line(field, value): -diff --git a/src/readahead/readahead-common.c b/src/readahead/readahead-common.c -index 5ffa88b..49679fc 100644 ---- a/src/readahead/readahead-common.c -+++ b/src/readahead/readahead-common.c -@@ -75,7 +75,7 @@ int fs_on_ssd(const char *p) { - if (major(st.st_dev) == 0) { - _cleanup_fclose_ FILE *f = NULL; - int mount_id; -- struct file_handle *h; -+ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ, }; - - /* Might be btrfs, which exposes "ssd" as mount flag if it is on ssd. - * -@@ -83,9 +83,7 @@ int fs_on_ssd(const char *p) { - * and then lookup the mount ID in mountinfo to find - * the mount options. */ - -- h = alloca(MAX_HANDLE_SZ); -- h->handle_bytes = MAX_HANDLE_SZ; -- r = name_to_handle_at(AT_FDCWD, p, h, &mount_id, AT_SYMLINK_FOLLOW); -+ r = name_to_handle_at(AT_FDCWD, p, &h.handle, &mount_id, AT_SYMLINK_FOLLOW); - if (r < 0) - return false; - -diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c -index d27b1b7..905a2e1 100644 ---- a/src/shared/conf-parser.c -+++ b/src/shared/conf-parser.c -@@ -336,8 +336,8 @@ int config_parse(const char *unit, - if (!f) { - f = ours = fopen(filename, "re"); - if (!f) { -- log_error("Failed to open configuration file '%s': %m", filename); -- return -errno; -+ log_full(errno == ENOENT ? LOG_DEBUG : LOG_ERR, "Failed to open configuration file '%s': %m", filename); -+ return errno == ENOENT ? 0 : -errno; - } - } - -diff --git a/src/shared/generator.c b/src/shared/generator.c -index 6110303..e679cb1 100644 ---- a/src/shared/generator.c -+++ b/src/shared/generator.c -@@ -48,7 +48,7 @@ int generator_write_fsck_deps( - const char *checker; - int r; - -- checker = strappenda("/sbin/fsck.", fstype); -+ checker = strappenda("/run/current-system/sw/sbin/fsck.", fstype); - r = access(checker, X_OK); - if (r < 0) { - log_warning("Checking was requested for %s, but %s cannot be used: %m", what, checker); -diff --git a/src/shared/install.c b/src/shared/install.c -index 7409046..4517c9c 100644 ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -560,7 +560,7 @@ int unit_file_mask( - unsigned *n_changes) { - - char **i; -- _cleanup_free_ char *prefix; -+ _cleanup_free_ char *prefix = NULL; - int r; - - assert(scope >= 0); -diff --git a/src/shared/log.c b/src/shared/log.c -index a4b3b68..890a9fa 100644 ---- a/src/shared/log.c -+++ b/src/shared/log.c -@@ -878,6 +878,9 @@ void log_parse_environment(void) { - if (l == 5 && startswith(w, "debug")) { - log_set_max_level(LOG_DEBUG); - break; -+ } else if (l == 5 && startswith(w, "quiet")) { -+ log_set_max_level(LOG_WARNING); -+ break; - } - } - } -diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c -index 9d14933..b0b66f6 100644 ---- a/src/shared/logs-show.c -+++ b/src/shared/logs-show.c -@@ -547,7 +547,9 @@ static int output_export( - startswith(data, "_BOOT_ID=")) - continue; - -- if (!utf8_is_printable(data, length)) { -+ if (utf8_is_printable_newline(data, length, false)) -+ fwrite(data, length, 1, f); -+ else { - const char *c; - uint64_t le64; - -@@ -562,8 +564,7 @@ static int output_export( - le64 = htole64(length - (c - (const char*) data) - 1); - fwrite(&le64, sizeof(le64), 1, f); - fwrite(c + 1, length - (c - (const char*) data) - 1, 1, f); -- } else -- fwrite(data, length, 1, f); -+ } - - fputc('\n', f); - } -diff --git a/src/shared/unit-name.c b/src/shared/unit-name.c -index 6c167b4..d0e71f2 100644 ---- a/src/shared/unit-name.c -+++ b/src/shared/unit-name.c -@@ -332,7 +332,7 @@ char *unit_name_path_unescape(const char *f) { - } - - bool unit_name_is_template(const char *n) { -- const char *p; -+ const char *p, *e; - - assert(n); - -@@ -340,11 +340,15 @@ bool unit_name_is_template(const char *n) { - if (!p) - return false; - -- return p[1] == '.'; -+ e = strrchr(p+1, '.'); -+ if (!e) -+ return false; -+ -+ return e == p + 1; - } - - bool unit_name_is_instance(const char *n) { -- const char *p; -+ const char *p, *e; - - assert(n); - -@@ -352,7 +356,11 @@ bool unit_name_is_instance(const char *n) { - if (!p) - return false; - -- return p[1] != '.'; -+ e = strrchr(p+1, '.'); -+ if (!e) -+ return false; -+ -+ return e > p + 1; - } - - char *unit_name_replace_instance(const char *f, const char *i) { -diff --git a/src/shared/utf8.c b/src/shared/utf8.c -index 0b524d8..c559c13 100644 ---- a/src/shared/utf8.c -+++ b/src/shared/utf8.c -@@ -136,7 +136,7 @@ int utf8_encoded_to_unichar(const char *str) { - return unichar; - } - --bool utf8_is_printable(const char* str, size_t length) { -+bool utf8_is_printable_newline(const char* str, size_t length, bool newline) { - const uint8_t *p; - - assert(str); -@@ -145,7 +145,8 @@ bool utf8_is_printable(const char* str, size_t length) { - int encoded_len = utf8_encoded_valid_unichar((const char *)p); - int val = utf8_encoded_to_unichar((const char*)p); - -- if (encoded_len < 0 || val < 0 || is_unicode_control(val)) -+ if (encoded_len < 0 || val < 0 || is_unicode_control(val) || -+ (!newline && val == '\n')) - return false; - - length -= encoded_len; -diff --git a/src/shared/utf8.h b/src/shared/utf8.h -index c0eb73a..c087995 100644 ---- a/src/shared/utf8.h -+++ b/src/shared/utf8.h -@@ -31,7 +31,10 @@ const char *utf8_is_valid(const char *s) _pure_; - char *ascii_is_valid(const char *s) _pure_; - char *utf8_escape_invalid(const char *s); - --bool utf8_is_printable(const char* str, size_t length) _pure_; -+bool utf8_is_printable_newline(const char* str, size_t length, bool newline) _pure_; -+_pure_ static inline bool utf8_is_printable(const char* str, size_t length) { -+ return utf8_is_printable_newline(str, length, true); -+} - - char *utf16_to_utf8(const void *s, size_t length); - -diff --git a/src/shared/util.c b/src/shared/util.c -index ffe6624..2a2b2b2 100644 ---- a/src/shared/util.c -+++ b/src/shared/util.c -@@ -166,19 +166,19 @@ int close_nointr(int fd) { - - assert(fd >= 0); - r = close(fd); -- -- /* Just ignore EINTR; a retry loop is the wrong -- * thing to do on Linux. -- * -- * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html -- * https://bugzilla.gnome.org/show_bug.cgi?id=682819 -- * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR -- * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain -- */ -- if (_unlikely_(r < 0 && errno == EINTR)) -- return 0; -- else if (r >= 0) -+ if (r >= 0) - return r; -+ else if (errno == EINTR) -+ /* -+ * Just ignore EINTR; a retry loop is the wrong -+ * thing to do on Linux. -+ * -+ * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html -+ * https://bugzilla.gnome.org/show_bug.cgi?id=682819 -+ * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR -+ * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain -+ */ -+ return 0; - else - return -errno; - } -@@ -195,7 +195,13 @@ int safe_close(int fd) { - - if (fd >= 0) { - PROTECT_ERRNO; -- assert_se(close_nointr(fd) == 0); -+ -+ /* The kernel might return pretty much any error code -+ * via close(), but the fd will be closed anyway. The -+ * only condition we want to check for here is whether -+ * the fd was invalid at all... */ -+ -+ assert_se(close_nointr(fd) != -EBADF); - } - - return -1; -@@ -1365,7 +1371,7 @@ bool ignore_file(const char *filename) { - assert(filename); - - if (endswith(filename, "~")) -- return false; -+ return true; - - return ignore_file_allow_backup(filename); - } -@@ -1495,6 +1501,7 @@ bool fstype_is_network(const char *fstype) { - static const char table[] = - "cifs\0" - "smbfs\0" -+ "sshfs\0" - "ncpfs\0" - "ncp\0" - "nfs\0" -@@ -1581,8 +1588,9 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) { - if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) - return -ETIMEDOUT; - -+ errno = 0; - if (!fgets(line, sizeof(line), f)) -- return -EIO; -+ return errno ? -errno : -EIO; - - truncate_nl(line); - -@@ -5327,6 +5335,9 @@ bool string_is_safe(const char *p) { - if (*t > 0 && *t < ' ') - return false; - -+ if (*t == 127) -+ return false; -+ - if (strchr("\\\"\'", *t)) - return false; - } -@@ -5343,10 +5354,14 @@ bool string_has_cc(const char *p) { - - assert(p); - -- for (t = p; *t; t++) -+ for (t = p; *t; t++) { - if (*t > 0 && *t < ' ' && *t != '\t') - return true; - -+ if (*t == 127) -+ return true; -+ } -+ - return false; - } - -@@ -6391,3 +6406,19 @@ void hexdump(FILE *f, const void *p, size_t s) { - s -= 16; - } - } -+ -+int update_reboot_param_file(const char *param) -+{ -+ int r = 0; -+ -+ if (param) { -+ -+ r = write_string_file(REBOOT_PARAM_FILE, param); -+ if (r < 0) -+ log_error("Failed to write reboot param to " -+ REBOOT_PARAM_FILE": %s", strerror(-r)); -+ } else -+ unlink(REBOOT_PARAM_FILE); -+ -+ return r; -+} -diff --git a/src/shared/util.h b/src/shared/util.h -index 90464c9..122ac91 100644 ---- a/src/shared/util.h -+++ b/src/shared/util.h -@@ -22,6 +22,7 @@ - ***/ - - #include -+#include - #include - #include - #include -@@ -922,3 +923,10 @@ uint64_t physical_memory(void); - char* mount_test_option(const char *haystack, const char *needle); - - void hexdump(FILE *f, const void *p, size_t s); -+ -+union file_handle_union { -+ struct file_handle handle; -+ char padding[sizeof(struct file_handle) + MAX_HANDLE_SZ]; -+}; -+ -+int update_reboot_param_file(const char *param); -diff --git a/src/shared/virt.c b/src/shared/virt.c -index ec2ddcf..f03e790 100644 ---- a/src/shared/virt.c -+++ b/src/shared/virt.c -@@ -149,7 +149,7 @@ static int detect_vm_dmi(const char **_id) { - - /* Returns a short identifier for the various VM implementations */ - int detect_vm(const char **id) { -- _cleanup_free_ char *hvtype = NULL, *cpuinfo_contents = NULL; -+ _cleanup_free_ char *domcap = NULL, *cpuinfo_contents = NULL; - static thread_local int cached_found = -1; - static thread_local const char *cached_id = NULL; - const char *_id = NULL; -@@ -163,17 +163,37 @@ int detect_vm(const char **id) { - return cached_found; - } - -- /* Try high-level hypervisor sysfs file first: -+ /* Try xen capabilities file first, if not found try high-level hypervisor sysfs file: - * -- * https://bugs.freedesktop.org/show_bug.cgi?id=61491 */ -- r = read_one_line_file("/sys/hypervisor/type", &hvtype); -+ * https://bugs.freedesktop.org/show_bug.cgi?id=77271 */ -+ r = read_one_line_file("/proc/xen/capabilities", &domcap); - if (r >= 0) { -- if (streq(hvtype, "xen")) { -+ char *cap, *i = domcap; -+ -+ while ((cap = strsep(&i, ","))) -+ if (streq(cap, "control_d")) -+ break; -+ -+ if (!i) { - _id = "xen"; - r = 1; -- goto finish; - } -- } else if (r != -ENOENT) -+ -+ goto finish; -+ -+ } else if (r == -ENOENT) { -+ _cleanup_free_ char *hvtype = NULL; -+ -+ r = read_one_line_file("/sys/hypervisor/type", &hvtype); -+ if (r >= 0) { -+ if (streq(hvtype, "xen")) { -+ _id = "xen"; -+ r = 1; -+ goto finish; -+ } -+ } else if (r != -ENOENT) -+ return r; -+ } else - return r; - - /* this will set _id to "other" and return 0 for unknown hypervisors */ diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 0887bc3..d02ee2b 100644 +index 36db652..b1ba6e9 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c -@@ -461,7 +461,7 @@ static int output_units_list(const UnitInfo *unit_infos, unsigned c) { - } - - if (circle_len > 0) -- printf("%s%s%s", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle); -+ printf("%s%s%s ", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle); - - printf("%s%-*s%s %s%-*s%s %s%-*s %-*s%s %-*s", - on_active, id_len, id, off_active, -@@ -2561,7 +2561,7 @@ static int start_unit_one( +@@ -2607,7 +2607,7 @@ static int start_unit_one( log_debug("Adding %s to the set", p); r = set_consume(s, p); @@ -2112,523 +73,6 @@ index 0887bc3..d02ee2b 100644 return log_oom(); } -@@ -4240,7 +4240,7 @@ static int show_all( - _cleanup_free_ UnitInfo *unit_infos = NULL; - const UnitInfo *u; - unsigned c; -- int r; -+ int r, ret = 0; - - r = get_unit_list(bus, NULL, NULL, &unit_infos, 0, &reply); - if (r < 0) -@@ -4262,9 +4262,11 @@ static int show_all( - r = show_one(verb, bus, p, show_properties, new_line, ellipsized); - if (r < 0) - return r; -+ else if (r > 0 && ret == 0) -+ ret = r; - } - -- return 0; -+ return ret; - } - - static int show_system_status(sd_bus *bus) { -@@ -4386,7 +4388,12 @@ static int show(sd_bus *bus, char **args) { - } - } - -- show_one(args[0], bus, unit, show_properties, &new_line, &ellipsized); -+ r = show_one(args[0], bus, unit, show_properties, -+ &new_line, &ellipsized); -+ if (r < 0) -+ return r; -+ else if (r > 0 && ret == 0) -+ ret = r; - } - - if (!strv_isempty(patterns)) { -@@ -4403,7 +4410,12 @@ static int show(sd_bus *bus, char **args) { - if (!unit) - return log_oom(); - -- show_one(args[0], bus, unit, show_properties, &new_line, &ellipsized); -+ r = show_one(args[0], bus, unit, show_properties, -+ &new_line, &ellipsized); -+ if (r < 0) -+ return r; -+ else if (r > 0 && ret == 0) -+ ret = r; - } - } - } -@@ -5403,15 +5415,15 @@ static int systemctl_help(void) { - " otherwise restart if active\n" - " isolate NAME Start one unit and stop all others\n" - " kill NAME... Send signal to processes of a unit\n" -- " is-active NAME... Check whether units are active\n" -- " is-failed NAME... Check whether units are failed\n" -- " status [NAME...|PID...] Show runtime status of one or more units\n" -- " show [NAME...|JOB...] Show properties of one or more\n" -+ " is-active PATTERN... Check whether units are active\n" -+ " is-failed PATTERN... Check whether units are failed\n" -+ " status [PATTERN...|PID...] Show runtime status of one or more units\n" -+ " show [PATTERN...|JOB...] Show properties of one or more\n" - " units/jobs or the manager\n" -- " cat NAME... Show files and drop-ins of one or more units\n" -+ " cat PATTERN... Show files and drop-ins of one or more units\n" - " set-property NAME ASSIGNMENT... Sets one or more properties of a unit\n" -- " help NAME...|PID... Show manual for one or more units\n" -- " reset-failed [NAME...] Reset failed state for all, one, or more\n" -+ " help PATTERN...|PID... Show manual for one or more units\n" -+ " reset-failed [PATTERN...] Reset failed state for all, one, or more\n" - " units\n" - " list-dependencies [NAME] Recursively show units which are required\n" - " or wanted by this unit or by which this\n" -@@ -5973,13 +5985,10 @@ static int halt_parse_argv(int argc, char *argv[]) { - } - } - -- if (arg_action == ACTION_REBOOT && argc == optind + 1) { -- r = write_string_file(REBOOT_PARAM_FILE, argv[optind]); -- if (r < 0) { -- log_error("Failed to write reboot param to " -- REBOOT_PARAM_FILE": %s", strerror(-r)); -+ if (arg_action == ACTION_REBOOT && (argc == optind || argc == optind + 1)) { -+ r = update_reboot_param_file(argc == optind + 1 ? argv[optind] : NULL); -+ if (r < 0) - return r; -- } - } else if (optind < argc) { - log_error("Too many arguments."); - return -EINVAL; -diff --git a/src/test/test-udev.c b/src/test/test-udev.c -index b064744..b057cc8 100644 ---- a/src/test/test-udev.c -+++ b/src/test/test-udev.c -@@ -155,9 +155,8 @@ int main(int argc, char *argv[]) { - } - } - -- err = udev_event_execute_rules(event, rules, &sigmask_orig); -- if (err == 0) -- udev_event_execute_run(event, NULL); -+ udev_event_execute_rules(event, rules, &sigmask_orig); -+ udev_event_execute_run(event, NULL); - out: - if (event != NULL && event->fd_signal >= 0) - close(event->fd_signal); -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 33e7cbc..04b472d 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -217,19 +217,16 @@ static bool unix_socket_alive(const char *fn) { - } - - static int dir_is_mount_point(DIR *d, const char *subdir) { -- struct file_handle *h; -+ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ }; - int mount_id_parent, mount_id; - int r_p, r; - -- h = alloca(MAX_HANDLE_SZ); -- -- h->handle_bytes = MAX_HANDLE_SZ; -- r_p = name_to_handle_at(dirfd(d), ".", h, &mount_id_parent, 0); -+ r_p = name_to_handle_at(dirfd(d), ".", &h.handle, &mount_id_parent, 0); - if (r_p < 0) - r_p = -errno; - -- h->handle_bytes = MAX_HANDLE_SZ; -- r = name_to_handle_at(dirfd(d), subdir, h, &mount_id, 0); -+ h.handle.handle_bytes = MAX_HANDLE_SZ; -+ r = name_to_handle_at(dirfd(d), subdir, &h.handle, &mount_id, 0); - if (r < 0) - r = -errno; - -diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c -index 1d067af..3203474 100644 ---- a/src/tty-ask-password-agent/tty-ask-password-agent.c -+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c -@@ -432,7 +432,7 @@ static int wall_tty_block(void) { - - r = get_ctty_devnr(0, &devnr); - if (r < 0) -- return -r; -+ return r; - - if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0) - return -ENOMEM; -diff --git a/src/udev/accelerometer/accelerometer.c b/src/udev/accelerometer/accelerometer.c -index 925d38d..32adf27 100644 ---- a/src/udev/accelerometer/accelerometer.c -+++ b/src/udev/accelerometer/accelerometer.c -@@ -180,7 +180,7 @@ get_prev_orientation(struct udev_device *dev) - return string_to_orientation(value); - } - --#define SET_AXIS(axis, code_) if (ev[i].code == code_) { if (got_##axis == 0) { axis = ev[i].value; got_##axis = true; } } -+#define READ_AXIS(axis, var) { memzero(&abs_info, sizeof(abs_info)); r = ioctl(fd, EVIOCGABS(axis), &abs_info); if (r < 0) return; var = abs_info.value; } - - /* accelerometers */ - static void test_orientation(struct udev *udev, -@@ -189,10 +189,9 @@ static void test_orientation(struct udev *udev, - { - OrientationUp old, new; - _cleanup_close_ int fd = -1; -- struct input_event ev[64]; -- bool got_syn = false; -- bool got_x = false, got_y = false, got_z = false; -+ struct input_absinfo abs_info; - int x = 0, y = 0, z = 0; -+ int r; - char text[64]; - - old = get_prev_orientation(dev); -@@ -201,30 +200,10 @@ static void test_orientation(struct udev *udev, - if (fd < 0) - return; - -- while (1) { -- int i, r; -- -- r = read(fd, ev, sizeof(struct input_event) * 64); -- -- if (r < (int) sizeof(struct input_event)) -- return; -- -- for (i = 0; i < r / (int) sizeof(struct input_event); i++) { -- if (got_syn) { -- if (ev[i].type == EV_ABS) { -- SET_AXIS(x, ABS_X); -- SET_AXIS(y, ABS_Y); -- SET_AXIS(z, ABS_Z); -- } -- } -- if (ev[i].type == EV_SYN && ev[i].code == SYN_REPORT) -- got_syn = true; -- if (got_x && got_y && got_z) -- goto read_dev; -- } -- } -+ READ_AXIS(ABS_X, x); -+ READ_AXIS(ABS_Y, y); -+ READ_AXIS(ABS_Z, z); - --read_dev: - new = orientation_calc(old, x, y, z); - snprintf(text, sizeof(text), - "ID_INPUT_ACCELEROMETER_ORIENTATION=%s", orientation_to_string(new)); -diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c -index 5bb6b02..b31ad80 100644 ---- a/src/udev/net/link-config.c -+++ b/src/udev/net/link-config.c -@@ -184,7 +184,7 @@ failure: - } - - static bool enable_name_policy(void) { -- _cleanup_free_ char *line; -+ _cleanup_free_ char *line = NULL; - char *w, *state; - int r; - size_t l; -@@ -391,7 +391,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, struct udev_dev - case MACPOLICY_PERSISTENT: - if (!mac_is_permanent(device)) { - r = get_mac(device, false, &generated_mac); -- if (r < 0) -+ if (r == -ENOENT) -+ break; -+ else if (r < 0) - return r; - mac = &generated_mac; - } -@@ -399,7 +401,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, struct udev_dev - case MACPOLICY_RANDOM: - if (!mac_is_random(device)) { - r = get_mac(device, true, &generated_mac); -- if (r < 0) -+ if (r == -ENOENT) -+ break; -+ else if (r < 0) - return r; - mac = &generated_mac; - } -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index 5998be2..5213a4a 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -771,18 +771,17 @@ static int rename_netif(struct udev_event *event) - log_error("error changing net interface name %s to %s: %s", - oldname, name, strerror(-r)); - else -- print_kmsg("renamed network interface %s to %s", oldname, name); -+ print_kmsg("renamed network interface %s to %s\n", oldname, name); - - return r; - } - --int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask) -+void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask) - { - struct udev_device *dev = event->dev; -- int err = 0; - - if (udev_device_get_subsystem(dev) == NULL) -- return -1; -+ return; - - if (streq(udev_device_get_action(dev), "remove")) { - udev_device_read_db(dev, NULL); -@@ -816,9 +815,10 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, - event->name != NULL && !streq(event->name, udev_device_get_sysname(dev))) { - char syspath[UTIL_PATH_SIZE]; - char *pos; -+ int r; - -- err = rename_netif(event); -- if (err == 0) { -+ r = rename_netif(event); -+ if (r >= 0) { - log_debug("renamed netif to '%s'", event->name); - - /* remember old name */ -@@ -881,7 +881,6 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, - udev_device_unref(event->dev_db); - event->dev_db = NULL; - } -- return err; - } - - void udev_event_execute_run(struct udev_event *event, const sigset_t *sigmask) -diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c -index 2630264..17f47f2 100644 ---- a/src/udev/udev-rules.c -+++ b/src/udev/udev-rules.c -@@ -2555,10 +2555,15 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules) - struct stat stats; - - /* we assure, that the permissions tokens are sorted before the static token */ -+ - if (mode == 0 && uid == 0 && gid == 0 && tags == NULL) - goto next; - - strscpyl(device_node, sizeof(device_node), "/dev/", rules_str(rules, cur->key.value_off), NULL); -+ if (stat(device_node, &stats) != 0) -+ break; -+ if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode)) -+ break; - - /* export the tags to a directory as symlinks, allowing otherwise dead nodes to be tagged */ - if (tags) { -@@ -2588,11 +2593,6 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules) - if (mode == 0 && uid == 0 && gid == 0) - break; - -- if (stat(device_node, &stats) != 0) -- break; -- if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode)) -- break; -- - if (mode == 0) { - if (gid > 0) - mode = 0660; -diff --git a/src/udev/udev.h b/src/udev/udev.h -index 936adfb..62538bc 100644 ---- a/src/udev/udev.h -+++ b/src/udev/udev.h -@@ -84,7 +84,7 @@ int udev_event_apply_subsys_kernel(struct udev_event *event, const char *string, - int udev_event_spawn(struct udev_event *event, - const char *cmd, char **envp, const sigset_t *sigmask, - char *result, size_t ressize); --int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset); -+void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset); - void udev_event_execute_run(struct udev_event *event, const sigset_t *sigset); - int udev_build_argv(struct udev *udev, char *cmd, int *argc, char *argv[]); - -diff --git a/src/udev/udevadm-test.c b/src/udev/udevadm-test.c -index 6cd311b..6a2f548 100644 ---- a/src/udev/udevadm-test.c -+++ b/src/udev/udevadm-test.c -@@ -43,7 +43,6 @@ static int adm_test(struct udev *udev, int argc, char *argv[]) - _cleanup_udev_device_unref_ struct udev_device *dev = NULL; - _cleanup_udev_event_unref_ struct udev_event *event = NULL; - sigset_t mask, sigmask_orig; -- int err; - int rc = 0, c; - - static const struct option options[] = { -@@ -139,18 +138,16 @@ static int adm_test(struct udev *udev, int argc, char *argv[]) - goto out; - } - -- err = udev_event_execute_rules(event, rules, &sigmask_orig); -+ udev_event_execute_rules(event, rules, &sigmask_orig); - - udev_list_entry_foreach(entry, udev_device_get_properties_list_entry(dev)) - printf("%s=%s\n", udev_list_entry_get_name(entry), udev_list_entry_get_value(entry)); - -- if (err == 0) { -- udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) { -- char program[UTIL_PATH_SIZE]; -+ udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) { -+ char program[UTIL_PATH_SIZE]; - -- udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program)); -- printf("run: '%s'\n", program); -- } -+ udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program)); -+ printf("run: '%s'\n", program); - } - out: - if (event != NULL && event->fd_signal >= 0) -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index f21c227..93afca1 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -288,10 +288,9 @@ static void worker_new(struct event *event) - udev_event->exec_delay = exec_delay; - - /* apply rules, create node, symlinks */ -- err = udev_event_execute_rules(udev_event, rules, &sigmask_orig); -+ udev_event_execute_rules(udev_event, rules, &sigmask_orig); - -- if (err == 0) -- udev_event_execute_run(udev_event, &sigmask_orig); -+ udev_event_execute_run(udev_event, &sigmask_orig); - - /* apply/restore inotify watch */ - if (err == 0 && udev_event->inotify_watch) { -diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c -index 0f2b706..645b1e6 100644 ---- a/src/vconsole/vconsole-setup.c -+++ b/src/vconsole/vconsole-setup.c -@@ -180,6 +180,10 @@ static int font_load(const char *vc, const char *font, const char *map, const ch - */ - static void font_copy_to_all_vcs(int fd) { - struct vt_stat vcs = {}; -+ unsigned char map8[E_TABSZ]; -+ unsigned short map16[E_TABSZ]; -+ struct unimapdesc unimapd; -+ struct unipair unipairs[USHRT_MAX]; - int i, r; - - /* get active, and 16 bit mask of used VT numbers */ -@@ -209,17 +213,35 @@ static void font_copy_to_all_vcs(int fd) { - cfo.op = KD_FONT_OP_COPY; - cfo.height = vcs.v_active-1; /* tty1 == index 0 */ - ioctl(vcfd, KDFONTOP, &cfo); -+ -+ /* copy map of 8bit chars */ -+ if (ioctl(fd, GIO_SCRNMAP, map8) >= 0) -+ ioctl(vcfd, PIO_SCRNMAP, map8); -+ -+ /* copy map of 8bit chars -> 16bit Unicode values */ -+ if (ioctl(fd, GIO_UNISCRNMAP, map16) >= 0) -+ ioctl(vcfd, PIO_UNISCRNMAP, map16); -+ -+ /* copy unicode translation table */ -+ /* unimapd is a ushort count and a pointer to an -+ array of struct unipair { ushort, ushort } */ -+ unimapd.entries = unipairs; -+ unimapd.entry_ct = USHRT_MAX; -+ if (ioctl(fd, GIO_UNIMAP, &unimapd) >= 0) { -+ struct unimapinit adv = { 0, 0, 0 }; -+ -+ ioctl(vcfd, PIO_UNIMAPCLR, &adv); -+ ioctl(vcfd, PIO_UNIMAP, &unimapd); -+ } - } - } - - int main(int argc, char **argv) { - const char *vc; -- char *vc_keymap = NULL; -- char *vc_keymap_toggle = NULL; -- char *vc_font = NULL; -- char *vc_font_map = NULL; -- char *vc_font_unimap = NULL; -- int fd = -1; -+ _cleanup_free_ char -+ *vc_keymap = NULL, *vc_keymap_toggle = NULL, -+ *vc_font = NULL, *vc_font_map = NULL, *vc_font_unimap = NULL; -+ _cleanup_close_ int fd = -1; - bool utf8; - pid_t font_pid = 0, keymap_pid = 0; - bool font_copy = false; -@@ -241,12 +263,12 @@ int main(int argc, char **argv) { - fd = open_terminal(vc, O_RDWR|O_CLOEXEC); - if (fd < 0) { - log_error("Failed to open %s: %m", vc); -- goto finish; -+ return EXIT_FAILURE; - } - - if (!is_vconsole(fd)) { - log_error("Device %s is not a virtual console.", vc); -- goto finish; -+ return EXIT_FAILURE; - } - - utf8 = is_locale_utf8(); -@@ -281,27 +303,27 @@ int main(int argc, char **argv) { - else - disable_utf8(fd); - -- r = EXIT_FAILURE; -- if (keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid) >= 0 && -- font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid) >= 0) -- r = EXIT_SUCCESS; -- --finish: -- if (keymap_pid > 0) -- wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid); -+ r = font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid); -+ if (r < 0) { -+ log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r)); -+ return EXIT_FAILURE; -+ } - -- if (font_pid > 0) { -+ if (font_pid > 0) - wait_for_terminate_and_warn(KBD_SETFONT, font_pid); -- if (font_copy) -- font_copy_to_all_vcs(fd); -+ -+ r = keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid); -+ if (r < 0) { -+ log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r)); -+ return EXIT_FAILURE; - } - -- free(vc_keymap); -- free(vc_font); -- free(vc_font_map); -- free(vc_font_unimap); -+ if (keymap_pid > 0) -+ wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid); - -- safe_close(fd); -+ /* Only copy the font when we started setfont successfully */ -+ if (font_copy && font_pid > 0) -+ font_copy_to_all_vcs(fd); - -- return r; -+ return EXIT_SUCCESS; - } -diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf -index 7c6d6b9..c470045 100644 ---- a/tmpfiles.d/systemd.conf -+++ b/tmpfiles.d/systemd.conf -@@ -23,6 +23,6 @@ d /run/systemd/machines 0755 root root - - d /run/systemd/shutdown 0755 root root - - - m /var/log/journal 2755 root systemd-journal - - --m /var/log/journal/%m 2755 root systemd-journal - - -+Z /var/log/journal/%m 2755 root systemd-journal - - - m /run/log/journal 2755 root systemd-journal - - --m /run/log/journal/%m 2755 root systemd-journal - - -+Z /run/log/journal/%m 2755 root systemd-journal - - diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in index 8ac51a4..cae9fb5 100644 --- a/units/console-getty.service.m4.in @@ -2654,7 +98,7 @@ index 4f7794b..bad2a9a 100644 Restart=always RestartSec=0 diff --git a/units/emergency.service.in b/units/emergency.service.in -index 94c090f..0d20640 100644 +index 91fc1bb..6a37434 100644 --- a/units/emergency.service.in +++ b/units/emergency.service.in @@ -15,7 +15,6 @@ Before=shutdown.target @@ -2663,10 +107,10 @@ index 94c090f..0d20640 100644 WorkingDirectory=/root -ExecStartPre=-/bin/plymouth quit ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.' - ExecStart=-/sbin/sulogin - ExecStopPost=@SYSTEMCTL@ --fail --no-block default + ExecStart=-/bin/sh -c "/sbin/sulogin; @SYSTEMCTL@ --fail --no-block default" + Type=idle diff --git a/units/getty@.service.m4 b/units/getty@.service.m4 -index aa853b8..8bcc647 100644 +index 46164ab..f194a31 100644 --- a/units/getty@.service.m4 +++ b/units/getty@.service.m4 @@ -23,11 +23,12 @@ IgnoreOnIsolate=yes @@ -2685,23 +129,23 @@ index aa853b8..8bcc647 100644 Restart=always RestartSec=0 diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in -index 368f980..d0c1bd2 100644 +index 0934a87..7e30c9e 100644 --- a/units/kmod-static-nodes.service.in +++ b/units/kmod-static-nodes.service.in @@ -10,7 +10,6 @@ Description=Create list of required static device nodes for the current kernel DefaultDependencies=no Before=sysinit.target systemd-tmpfiles-setup-dev.service - ConditionCapability=CAP_MKNOD + ConditionCapability=CAP_SYS_MODULE -ConditionPathExists=/lib/modules/%v/modules.devname [Service] Type=oneshot diff --git a/units/local-fs.target b/units/local-fs.target -index ae3cedc..0e36840 100644 +index d2e5429..d26984b 100644 --- a/units/local-fs.target +++ b/units/local-fs.target -@@ -13,3 +13,5 @@ DefaultDependencies=no - Conflicts=shutdown.target +@@ -13,3 +13,5 @@ Conflicts=shutdown.target + After=local-fs-pre.target OnFailure=emergency.target OnFailureJobMode=replace-irreversibly + @@ -2719,7 +163,7 @@ index 43ffa5c..156a681 100644 [Install] WantedBy=multi-user.target diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in -index 552ef89..af3915f 100644 +index ef54369..0c841b3 100644 --- a/units/rescue.service.m4.in +++ b/units/rescue.service.m4.in @@ -16,7 +16,6 @@ Before=shutdown.target @@ -2728,35 +172,31 @@ index 552ef89..af3915f 100644 WorkingDirectory=/root -ExecStartPre=-/bin/plymouth quit ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.' - ExecStart=-/sbin/sulogin - ExecStopPost=-@SYSTEMCTL@ --fail --no-block default + ExecStart=-/bin/sh -c "/sbin/sulogin; @SYSTEMCTL@ --fail --no-block default" + Type=idle diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4 -index 4ac51e7..96daa5c 100644 +index 4522d0d..96daa5c 100644 --- a/units/serial-getty@.service.m4 +++ b/units/serial-getty@.service.m4 -@@ -22,10 +22,8 @@ Before=getty.target +@@ -22,7 +22,6 @@ Before=getty.target IgnoreOnIsolate=yes [Service] -ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM Type=idle Restart=always --RestartSec=0 UtmpIdentifier=%I - TTYPath=/dev/%I - TTYReset=yes diff --git a/units/sysinit.target b/units/sysinit.target -index 8f4fb8f..e0f0147 100644 +index ec33503..4ac47b9 100644 --- a/units/sysinit.target +++ b/units/sysinit.target -@@ -9,6 +9,5 @@ +@@ -9,5 +9,4 @@ Description=System Initialization Documentation=man:systemd.special(7) Conflicts=emergency.service emergency.target -Wants=local-fs.target swap.target -After=local-fs.target swap.target emergency.service emergency.target +After=emergency.service emergency.target - RefuseManualStart=yes diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in index e945d87..77728f2 100644 --- a/units/systemd-backlight@.service.in @@ -2782,10 +222,10 @@ index 503e8a6..fe23b8b 100644 [Service] ExecStart=@rootbindir@/systemctl kill --kill-who=main --signal=SIGUSR1 systemd-journald.service diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index de93879..c9a49f3 100644 +index 7013979..5241d08 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in -@@ -25,3 +25,8 @@ WatchdogSec=1min +@@ -26,3 +26,8 @@ WatchdogSec=1min # Increase the default a bit in order to allow many simultaneous # services being run since we keep one fd open per service. LimitNOFILE=16384 @@ -2794,18 +234,6 @@ index de93879..c9a49f3 100644 +# journald to stop logging (see +# https://bugs.freedesktop.org/show_bug.cgi?id=56043). +X-RestartIfChanged=no -diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in -index ff36e90..e373628 100644 ---- a/units/systemd-nspawn@.service.in -+++ b/units/systemd-nspawn@.service.in -@@ -11,6 +11,7 @@ Documentation=man:systemd-nspawn(1) - - [Service] - ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i -+KillMode=mixed - Type=notify - - [Install] diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in index 1879b2f..9b895b9 100644 --- a/units/systemd-random-seed.service.in @@ -2825,18 +253,18 @@ index 9d264a2..c505535 100644 ExecStop=@rootlibexecdir@/systemd-rfkill save %I +X-RestartIfChanged=false diff --git a/units/systemd-tmpfiles-setup.service.in b/units/systemd-tmpfiles-setup.service.in -index 01043b7..507f820 100644 +index 72ab083..4f77e8f 100644 --- a/units/systemd-tmpfiles-setup.service.in +++ b/units/systemd-tmpfiles-setup.service.in -@@ -12,7 +12,7 @@ DefaultDependencies=no - Wants=local-fs.target +@@ -11,7 +11,7 @@ Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + DefaultDependencies=no Conflicts=shutdown.target - After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target + After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target systemd-sysusers.service -Before=sysinit.target shutdown.target +Before=shutdown.target - ConditionDirectoryNotEmpty=|/usr/lib/tmpfiles.d - ConditionDirectoryNotEmpty=|/lib/tmpfiles.d - ConditionDirectoryNotEmpty=|/usr/local/lib/tmpfiles.d + RefuseManualStop=yes + + [Service] diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in index da7dda7..e638145 100644 --- a/units/systemd-update-utmp.service.in