diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 3582694a1811..7d5283489184 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -41,6 +41,7 @@ let
"sigpwr.target"
"timers.target"
"paths.target"
+ "rpcbind.target"
# Rescue mode.
"rescue.target"
@@ -91,10 +92,14 @@ let
"swap.target"
"dev-hugepages.mount"
"dev-mqueue.mount"
+ "proc-sys-fs-binfmt_misc.mount"
"sys-fs-fuse-connections.mount"
"sys-kernel-config.mount"
"sys-kernel-debug.mount"
+ # Maintaining state across reboots.
+ "systemd-random-seed.service"
+
# Hibernate / suspend.
"hibernate.target"
"suspend.target"
@@ -119,12 +124,21 @@ let
"final.target"
"kexec.target"
"systemd-kexec.service"
+ "systemd-update-utmp.service"
# Password entry.
"systemd-ask-password-console.path"
"systemd-ask-password-console.service"
"systemd-ask-password-wall.path"
"systemd-ask-password-wall.service"
+
+ # Slices / containers.
+ "slices.target"
+ "-.slice"
+ "system.slice"
+ "user.slice"
+ "machine.slice"
+ "systemd-machined.service"
]
++ optionals cfg.enableEmergencyMode [
@@ -143,7 +157,6 @@ let
"sockets.target.wants"
"local-fs.target.wants"
"multi-user.target.wants"
- "shutdown.target.wants"
"timers.target.wants"
];
@@ -708,43 +721,5 @@ in
})
(filterAttrs (name: service: service.startAt != "") cfg.services);
- # FIXME: These are borrowed from upstream systemd.
- systemd.services."systemd-update-utmp" =
- { description = "Update UTMP about System Reboot/Shutdown";
- wantedBy = [ "sysinit.target" ];
- after = [ "systemd-remount-fs.service" ];
- before = [ "sysinit.target" "shutdown.target" ];
- conflicts = [ "shutdown.target" ];
- unitConfig = {
- DefaultDependencies = false;
- RequiresMountsFor = "/var/log";
- };
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "${systemd}/lib/systemd/systemd-update-utmp reboot";
- ExecStop = "${systemd}/lib/systemd/systemd-update-utmp shutdown";
- };
- restartIfChanged = false;
- };
-
- systemd.services."systemd-random-seed" =
- { description = "Load/Save Random Seed";
- wantedBy = [ "sysinit.target" "multi-user.target" ];
- after = [ "systemd-remount-fs.service" ];
- before = [ "sysinit.target" "shutdown.target" ];
- conflicts = [ "shutdown.target" ];
- unitConfig = {
- DefaultDependencies = false;
- RequiresMountsFor = "/var/lib";
- };
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "${systemd}/lib/systemd/systemd-random-seed load";
- ExecStop = "${systemd}/lib/systemd/systemd-random-seed save";
- };
- };
-
};
}
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index 11ad2014663a..ff1c9f76cd07 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -67,14 +67,12 @@ let
} merge ]);
- libs = dbus_drv "libs" "dbus" ({
+ libs = dbus_drv "libs" "dbus" {
# Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11
# (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands.
NIX_CFLAGS_COMPILE = "-DDBUS_ENABLE_X11_AUTOLAUNCH=1";
- } // stdenv.lib.optionalAttrs (systemdOrEmpty != []) {
- buildInputs = [ systemd.headers ];
- patches = [ ./systemd.patch ]; # bypass systemd detection
- });
+ buildInputs = [ systemdOrEmpty ];
+ };
attrs = rec {
@@ -83,14 +81,13 @@ let
# This package has been split because most applications only need dbus.lib
# which serves as an interface to a *system-wide* daemon,
# see e.g. http://en.wikipedia.org/wiki/D-Bus#Architecture .
- # Also some circular dependencies get split by this (like with systemd).
inherit libs;
tools = dbus_drv "tools" "tools" {
configureFlags = [ "--with-dbus-daemondir=${daemon}/bin" ];
- buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon dbus_glib ];
- NIX_CFLAGS_LINK =
+ buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon ];
+ NIX_CFLAGS_LINK =
stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed "
+ "-ldbus-1";
@@ -102,16 +99,6 @@ let
buildInputs = systemdOrEmpty;
};
- # Some of the tests don't work yet; in fact, @vcunat tried several packages
- # containing dbus testing, and all of them have some test failure.
- tests = dbus_drv "tests" "test" {
- preBuild = makeInternalLib;
- buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs tools daemon dbus_glib python ];
- NIX_CFLAGS_LINK =
- stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed "
- + "-ldbus-1";
- };
-
docs = dbus_drv "docs" "doc" {
postInstall = ''rm -r "$out/lib"'';
};
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 0afaf7b03703..e48c875d6f92 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, intltool, gperf, libcap, dbus, kmod
, xz, pam, acl, cryptsetup, libuuid, m4, utillinux
, glib, kbd, libxslt, coreutils, libgcrypt, sysvtools, docbook_xsl
-, kexectools, libmicrohttpd
+, kexectools, libmicrohttpd, linuxHeaders
, python ? null, pythonSupport ? false
}:
@@ -10,26 +10,24 @@ assert stdenv.isLinux;
assert pythonSupport -> python != null;
stdenv.mkDerivation rec {
- version = "203";
+ version = "212";
name = "systemd-${version}";
src = fetchurl {
url = "http://www.freedesktop.org/software/systemd/${name}.tar.xz";
- sha256 = "07gvn3rpski8sh1nz16npjf2bvj0spsjdwc5px9685g2pi6kxcb1";
+ sha256 = "1hpjcc42svrs06q3isjm3m5aphgkpfdylmvpnif71zh46ys0cab5";
};
patches =
[ # These are all changes between upstream and
- # https://github.com/edolstra/systemd/tree/nixos-v203.
+ # https://github.com/edolstra/systemd/tree/nixos-v212.
./fixes.patch
- ./fix_console_in_containers.patch
- ]
- ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch;
+ ];
buildInputs =
- [ pkgconfig intltool gperf libcap dbus.libs kmod xz pam acl
+ [ pkgconfig intltool gperf libcap kmod xz pam acl
/* cryptsetup */ libuuid m4 glib libxslt libgcrypt docbook_xsl
- libmicrohttpd
+ libmicrohttpd linuxHeaders
] ++ stdenv.lib.optional pythonSupport python;
configureFlags =
@@ -45,15 +43,18 @@ stdenv.mkDerivation rec {
"--with-dbussessionservicedir=$(out)/share/dbus-1/services"
"--with-firmware-path=/root/test-firmware:/run/current-system/firmware"
"--with-tty-gid=3" # tty in NixOS has gid 3
+ "--disable-networkd" # enable/use eventually
+ "--enable-compat-libs" # get rid of this eventually
];
preConfigure =
''
# FIXME: patch this in systemd properly (and send upstream).
# FIXME: use sulogin from util-linux once updated.
- for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c; do
+ for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c; do
test -e $i
substituteInPlace $i \
+ --replace /usr/bin/getent ${stdenv.glibc}/bin/getent \
--replace /bin/mount ${utillinux}/bin/mount \
--replace /bin/umount ${utillinux}/bin/umount \
--replace /sbin/swapon ${utillinux}/sbin/swapon \
@@ -69,6 +70,10 @@ stdenv.mkDerivation rec {
--replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/
'';
+ # This is needed because systemd uses the gold linker, which doesn't
+ # yet have the wrapper script to add rpath flags automatically.
+ NIX_LDFLAGS = "-rpath ${pam}/lib -rpath ${libcap}/lib -rpath ${acl}/lib";
+
PYTHON_BINARY = "${coreutils}/bin/env python"; # don't want a build time dependency on Python
NIX_CFLAGS_COMPILE =
@@ -77,10 +82,6 @@ stdenv.mkDerivation rec {
"-UPOLKIT_AGENT_BINARY_PATH" "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\""
"-fno-stack-protector"
- # Work around our kernel headers being too old. FIXME: remove
- # this after the next stdenv update.
- "-DFS_NOCOW_FL=0x00800000"
-
# Set the release_agent on /sys/fs/cgroup/systemd to the
# currently running systemd (/run/current-system/systemd) so
# that we don't use an obsolete/garbage-collected release agent.
@@ -94,7 +95,12 @@ stdenv.mkDerivation rec {
# /var is mounted.
makeFlags = "hwdb_bin=/var/lib/udev/hwdb.bin";
- installFlags = "localstatedir=$(TMPDIR)/var sysconfdir=$(out)/etc sysvinitdir=$(TMPDIR)/etc/init.d";
+ installFlags =
+ [ "localstatedir=$(TMPDIR)/var"
+ "sysconfdir=$(out)/etc"
+ "sysvinitdir=$(TMPDIR)/etc/init.d"
+ "pamconfdir=$(out)/etc/pam.d"
+ ];
# Get rid of configuration-specific data.
postInstall =
@@ -103,6 +109,8 @@ stdenv.mkDerivation rec {
mv $out/lib/{modules-load.d,binfmt.d,sysctl.d,tmpfiles.d} $out/example
mv $out/lib/systemd/{system,user} $out/example/systemd
+ rm -rf $out/etc/systemd/system
+
# Install SysV compatibility commands.
mkdir -p $out/sbin
ln -s $out/lib/systemd/systemd $out/sbin/telinit
@@ -128,19 +136,6 @@ stdenv.mkDerivation rec {
# runtime; otherwise we can't and we need to reboot.
passthru.interfaceVersion = 2;
- passthru.headers = stdenv.mkDerivation {
- name = "systemd-headers-${version}";
- inherit src;
-
- phases = [ "unpackPhase" "installPhase" ];
-
- # some are needed by dbus.libs, which is needed for systemd :-)
- installPhase = ''
- mkdir -p "$out/include/systemd"
- mv src/systemd/*.h "$out/include/systemd"
- '';
- };
-
meta = {
homepage = "http://www.freedesktop.org/wiki/Software/systemd";
description = "A system and service manager for Linux";
diff --git a/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch b/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch
deleted file mode 100644
index 005c00282020..000000000000
--- a/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -ruN systemd-203/units/getty@.service.m4 systemd-203-patched/units/getty@.service.m4
---- systemd-203/units/getty@.service.m4 2013-01-07 22:50:49.083315575 +0100
-+++ systemd-203-patched/units/getty@.service.m4 2014-03-18 09:54:40.002476232 +0100
-@@ -23,7 +23,9 @@
- # On systems without virtual consoles, don't start any getty. (Note
- # that serial gettys are covered by serial-getty@.service, not this
- # unit
--ConditionPathExists=/dev/tty0
-+ConditionPathExists=|/dev/tty0
-+ConditionVirtualization=|lxc
-+ConditionVirtualization=|lxc-libvirt
-
- [Service]
- # the VT is cleared by TTYVTDisallocate
diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch
index 0ad420cd35cc..5ef248dc75d9 100644
--- a/pkgs/os-specific/linux/systemd/fixes.patch
+++ b/pkgs/os-specific/linux/systemd/fixes.patch
@@ -1,144 +1,23 @@
-diff --git a/man/systemd.special.xml b/man/systemd.special.xml
-index 7164b1e..29401eb 100644
---- a/man/systemd.special.xml
-+++ b/man/systemd.special.xml
-@@ -381,7 +381,7 @@
- this unit during
- installation. This is best
- configured via
-- WantedBy=multi-uer.target
-+ WantedBy=multi-user.target
- in the unit's
- [Install]
- section.
-diff --git a/rules/80-net-name-slot.rules b/rules/80-net-name-slot.rules
-index 15b5bc4..c5f1b38 100644
---- a/rules/80-net-name-slot.rules
-+++ b/rules/80-net-name-slot.rules
-@@ -1,6 +1,6 @@
- # do not edit this file, it will be overwritten on update
-
--ACTION=="remove", GOTO="net_name_slot_end"
-+ACTION!="add", GOTO="net_name_slot_end"
- SUBSYSTEM!="net", GOTO="net_name_slot_end"
- NAME!="", GOTO="net_name_slot_end"
-
diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
-index d17bdd9..040b10e 100644
+index db72373..2fc12ca 100644
--- a/rules/99-systemd.rules.in
+++ b/rules/99-systemd.rules.in
@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
- SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd"
- SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
+ SUBSYSTEM=="block", KERNEL!="ram*", TAG+="systemd"
+ SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
-# Ignore encrypted devices with no identified superblock on it, since
-# we are probably still calling mke2fs or mkswap on it.
--SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
+-SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-
# Ignore raid devices that are not yet assembled and started
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
-diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
-index 82b02bb..7df9d01 100644
---- a/src/core/cgroup-semantics.c
-+++ b/src/core/cgroup-semantics.c
-@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
- }
-
- static const CGroupSemantics semantics[] = {
-- { "cpu", "cpu.shares", "CPUShare", false, parse_cpu_shares, NULL, NULL },
-+ { "cpu", "cpu.shares", "CPUShares", false, parse_cpu_shares, NULL, NULL },
- { "memory", "memory.soft_limit_in_bytes", "MemorySoftLimit", false, parse_memory_limit, NULL, NULL },
- { "memory", "memory.limit_in_bytes", "MemoryLimit", false, parse_memory_limit, NULL, NULL },
- { "devices", "devices.allow", "DeviceAllow", true, parse_device, map_device, NULL },
-diff --git a/src/core/dbus-execute.h b/src/core/dbus-execute.h
-index 91d70e5..698102f 100644
---- a/src/core/dbus-execute.h
-+++ b/src/core/dbus-execute.h
-@@ -63,7 +63,7 @@
- " \n" \
- " \n" \
- " \n" \
-- " \n" \
-+ " \n" \
- " \n" \
- " \n" \
- " \n" \
-diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
-index 56b02a1..2b6d799 100644
---- a/src/core/dbus-manager.c
-+++ b/src/core/dbus-manager.c
-@@ -1550,7 +1550,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
- _cleanup_strv_free_ char **l = NULL;
- char **e = NULL;
-
-- SELINUX_ACCESS_CHECK(connection, message, "reboot");
-+ SELINUX_ACCESS_CHECK(connection, message, "reload");
-
- r = bus_parse_strv(message, &l);
- if (r == -ENOMEM)
-@@ -1577,7 +1577,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
- _cleanup_strv_free_ char **l = NULL;
- char **e = NULL;
-
-- SELINUX_ACCESS_CHECK(connection, message, "reboot");
-+ SELINUX_ACCESS_CHECK(connection, message, "reload");
-
- r = bus_parse_strv(message, &l);
- if (r == -ENOMEM)
-@@ -1605,7 +1605,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
- char **f = NULL;
- DBusMessageIter iter;
-
-- SELINUX_ACCESS_CHECK(connection, message, "reboot");
-+ SELINUX_ACCESS_CHECK(connection, message, "reload");
-
- if (!dbus_message_iter_init(message, &iter))
- goto oom;
-diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c
-index 2e99fba..e72749a 100644
---- a/src/core/dbus-swap.c
-+++ b/src/core/dbus-swap.c
-@@ -93,6 +93,7 @@ static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_swap_append_swap_result, swap_result,
- static const BusProperty bus_swap_properties[] = {
- { "What", bus_property_append_string, "s", offsetof(Swap, what), true },
- { "Priority", bus_swap_append_priority, "i", 0 },
-+ { "TimeoutUSec",bus_property_append_usec, "t", offsetof(Swap, timeout_usec)},
- BUS_EXEC_COMMAND_PROPERTY("ExecActivate", offsetof(Swap, exec_command[SWAP_EXEC_ACTIVATE]), false),
- BUS_EXEC_COMMAND_PROPERTY("ExecDeactivate", offsetof(Swap, exec_command[SWAP_EXEC_DEACTIVATE]), false),
- { "ControlPID", bus_property_append_pid, "u", offsetof(Swap, control_pid) },
diff --git a/src/core/main.c b/src/core/main.c
-index 7fc06be..101ce79 100644
+index 41605ee..8517369 100644
--- a/src/core/main.c
+++ b/src/core/main.c
-@@ -1590,14 +1590,14 @@ int main(int argc, char *argv[]) {
- log_error("Failed to adjust timer slack: %m");
-
- if (arg_capability_bounding_set_drop) {
-- r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
-+ r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
- if (r < 0) {
-- log_error("Failed to drop capability bounding set: %s", strerror(-r));
-+ log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
- goto finish;
- }
-- r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
-+ r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
- if (r < 0) {
-- log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
-+ log_error("Failed to drop capability bounding set: %s", strerror(-r));
- goto finish;
- }
- }
-@@ -1650,6 +1650,7 @@ int main(int argc, char *argv[]) {
- /* This will close all file descriptors that were opened, but
- * not claimed by any unit. */
- fdset_free(fds);
-+ fds = NULL;
-
- if (serialization) {
- fclose(serialization);
-@@ -1857,7 +1858,7 @@ finish:
+@@ -1883,7 +1883,7 @@ finish:
char_array_0(sfd);
i = 0;
@@ -147,69 +26,11 @@ index 7fc06be..101ce79 100644
if (switch_root_dir)
args[i++] = "--switched-root";
args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
-diff --git a/src/core/manager.c b/src/core/manager.c
-index c7f8f20..0508628 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) {
-
- case SIGINT:
- if (m->running_as == SYSTEMD_SYSTEM) {
-- manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE);
-+ manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
- break;
- }
-
-diff --git a/src/core/service.c b/src/core/service.c
-index 3617c24..4d0e2ad 100644
---- a/src/core/service.c
-+++ b/src/core/service.c
-@@ -2642,6 +2642,9 @@ static int service_serialize(Unit *u, FILE *f, FDSet *fds) {
- if (s->exec_context.var_tmp_dir)
- unit_serialize_item(u, f, "var-tmp-dir", s->exec_context.var_tmp_dir);
-
-+ if (s->forbid_restart)
-+ unit_serialize_item(u, f, "forbid-restart", yes_no(s->forbid_restart));
-+
- return 0;
- }
-
-@@ -2776,6 +2779,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
- return log_oom();
-
- s->exec_context.var_tmp_dir = t;
-+ } else if (streq(key, "forbid-restart")) {
-+ int b;
-+
-+ b = parse_boolean(value);
-+ if (b < 0)
-+ log_debug_unit(u->id, "Failed to parse forbid-restart value %s", value);
-+ else
-+ s->forbid_restart = b;
- } else
- log_debug_unit(u->id, "Unknown serialization key '%s'", key);
-
-diff --git a/src/core/snapshot.c b/src/core/snapshot.c
-index a63eccd..a6807eb 100644
---- a/src/core/snapshot.c
-+++ b/src/core/snapshot.c
-@@ -217,8 +217,10 @@ int snapshot_create(Manager *m, const char *name, bool cleanup, DBusError *e, Sn
- if (asprintf(&n, "snapshot-%u.snapshot", ++ m->n_snapshots) < 0)
- return -ENOMEM;
-
-- if (!manager_get_unit(m, n))
-+ if (!manager_get_unit(m, n)) {
-+ name = n;
- break;
-+ }
-
- free(n);
- }
diff --git a/src/core/umount.c b/src/core/umount.c
-index 1e95ad7..9f0e471 100644
+index d1258f0..0311812 100644
--- a/src/core/umount.c
+++ b/src/core/umount.c
-@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
+@@ -404,6 +404,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
* anyway, since we are running from it. They have
* already been remounted ro. */
if (path_equal(m->path, "/")
@@ -218,285 +39,11 @@ index 1e95ad7..9f0e471 100644
#ifndef HAVE_SPLIT_USR
|| path_equal(m->path, "/usr")
#endif
-diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
-index 81b7708..edd0b40 100644
---- a/src/cryptsetup/cryptsetup-generator.c
-+++ b/src/cryptsetup/cryptsetup-generator.c
-@@ -111,6 +111,7 @@ static int create_disk(
- "Conflicts=umount.target\n"
- "DefaultDependencies=no\n"
- "BindsTo=dev-mapper-%i.device\n"
-+ "IgnoreOnIsolate=true\n"
- "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
- f);
-
-diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
-index c17299f..6b3e67e 100644
---- a/src/fstab-generator/fstab-generator.c
-+++ b/src/fstab-generator/fstab-generator.c
-@@ -351,7 +351,7 @@ static int add_mount(
-
- if (automount && !path_equal(where, "/")) {
- automount_name = unit_name_from_path(where, ".automount");
-- if (!name)
-+ if (!automount_name)
- return log_oom();
-
- automount_unit = strjoin(arg_dest, "/", automount_name, NULL);
-@@ -596,9 +596,9 @@ static int parse_proc_cmdline(void) {
- } else if (startswith(word, "rd.fstab=")) {
-
- if (in_initrd()) {
-- r = parse_boolean(word + 6);
-+ r = parse_boolean(word + 9);
- if (r < 0)
-- log_warning("Failed to parse fstab switch %s. Ignoring.", word + 6);
-+ log_warning("Failed to parse fstab switch %s. Ignoring.", word + 9);
- else
- arg_enabled = r;
- }
-diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
-index 38499a6..bb80905 100644
---- a/src/journal/journal-file.c
-+++ b/src/journal/journal-file.c
-@@ -907,6 +907,8 @@ static int journal_file_append_field(
-
- osize = offsetof(Object, field.payload) + size;
- r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p);
-+ if (r < 0)
-+ return r;
-
- o->field.hash = htole64(hash);
- memcpy(o->field.payload, field, size);
-diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
-index 88163c0..e09ba4c 100644
---- a/src/journal/journald-server.c
-+++ b/src/journal/journald-server.c
-@@ -333,8 +333,10 @@ void server_rotate(Server *s) {
- if (r < 0)
- if (f)
- log_error("Failed to rotate %s: %s", f->path, strerror(-r));
-- else
-+ else {
- log_error("Failed to create user journal: %s", strerror(-r));
-+ hashmap_remove(s->user_journals, k);
-+ }
- else {
- hashmap_replace(s->user_journals, k, f);
- server_fix_perms(s, f, PTR_TO_UINT32(k));
-@@ -975,7 +977,8 @@ int process_event(Server *s, struct epoll_event *ev) {
- ssize_t n;
-
- if (ev->events != EPOLLIN) {
-- log_error("Got invalid event from epoll.");
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ "signal fd", ev->events);
- return -EIO;
- }
-
-@@ -1024,8 +1027,12 @@ int process_event(Server *s, struct epoll_event *ev) {
- } else if (ev->data.fd == s->dev_kmsg_fd) {
- int r;
-
-- if (ev->events != EPOLLIN) {
-- log_error("Got invalid event from epoll.");
-+ if (ev->events & EPOLLERR)
-+ log_warning("/dev/kmsg buffer overrun, some messages lost.");
-+
-+ if (!(ev->events & EPOLLIN)) {
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ "/dev/kmsg", ev->events);
- return -EIO;
- }
-
-@@ -1039,7 +1046,9 @@ int process_event(Server *s, struct epoll_event *ev) {
- ev->data.fd == s->syslog_fd) {
-
- if (ev->events != EPOLLIN) {
-- log_error("Got invalid event from epoll.");
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ ev->data.fd == s->native_fd ? "native fd" : "syslog fd",
-+ ev->events);
- return -EIO;
- }
-
-@@ -1140,12 +1149,7 @@ int process_event(Server *s, struct epoll_event *ev) {
- char *e;
-
- if (n > 0 && n_fds == 0) {
-- e = memchr(s->buffer, '\n', n);
-- if (e)
-- *e = 0;
-- else
-- s->buffer[n] = 0;
--
-+ s->buffer[n] = 0;
- server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
- } else if (n_fds > 0)
- log_warning("Got file descriptors via syslog socket. Ignoring.");
-@@ -1167,7 +1171,8 @@ int process_event(Server *s, struct epoll_event *ev) {
- } else if (ev->data.fd == s->stdout_fd) {
-
- if (ev->events != EPOLLIN) {
-- log_error("Got invalid event from epoll.");
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ "stdout fd", ev->events);
- return -EIO;
- }
-
-@@ -1178,6 +1183,8 @@ int process_event(Server *s, struct epoll_event *ev) {
- StdoutStream *stream;
-
- if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ "stdout stream", ev->events);
- log_error("Got invalid event from epoll.");
- return -EIO;
- }
-diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c
-index 54bf114..bd197d0 100644
---- a/src/journal/mmap-cache.c
-+++ b/src/journal/mmap-cache.c
-@@ -308,9 +308,13 @@ static void mmap_cache_free(MMapCache *m) {
- while ((c = hashmap_first(m->contexts)))
- context_free(c);
-
-+ hashmap_free(m->contexts);
-+
- while ((f = hashmap_first(m->fds)))
- fd_free(f);
-
-+ hashmap_free(m->fds);
-+
- while (m->unused)
- window_free(m->unused);
-
-diff --git a/src/libsystemd-bus/bus-internal.c b/src/libsystemd-bus/bus-internal.c
-index 0e66f3d..cac948e 100644
---- a/src/libsystemd-bus/bus-internal.c
-+++ b/src/libsystemd-bus/bus-internal.c
-@@ -63,7 +63,7 @@ bool object_path_is_valid(const char *p) {
-
- bool interface_name_is_valid(const char *p) {
- const char *q;
-- bool dot, found_dot;
-+ bool dot, found_dot = false;
-
- if (isempty(p))
- return false;
-@@ -103,7 +103,7 @@ bool interface_name_is_valid(const char *p) {
-
- bool service_name_is_valid(const char *p) {
- const char *q;
-- bool dot, found_dot, unique;
-+ bool dot, found_dot = false, unique;
-
- if (isempty(p))
- return false;
-diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
-index 7d6d848..b0eb2f1 100644
---- a/src/libsystemd-bus/sd-bus.c
-+++ b/src/libsystemd-bus/sd-bus.c
-@@ -1088,11 +1088,11 @@ static int dispatch_rqueue(sd_bus *bus, sd_bus_message **m) {
- if (r == 0)
- return ret;
-
-- r = 1;
-+ ret = 1;
- } while (!z);
-
- *m = z;
-- return 1;
-+ return ret;
- }
-
- int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
-diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c
-index 5ccaabd..100c1fb 100644
---- a/src/libudev/libudev-enumerate.c
-+++ b/src/libudev/libudev-enumerate.c
-@@ -299,7 +299,7 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume
- /* skip to be delayed devices, and move the to
- * the point where the prefix changes. We can
- * only move one item at a time. */
-- if (!move_later) {
-+ if (move_later == -1) {
- move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath);
-
- if (move_later_prefix > 0) {
-@@ -718,6 +718,8 @@ static bool match_subsystem(struct udev_enumerate *udev_enumerate, const char *s
- {
- struct udev_list_entry *list_entry;
-
-+ subsystem = subsystem ? : "";
-+
- udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_enumerate->subsystem_nomatch_list)) {
- if (fnmatch(udev_list_entry_get_name(list_entry), subsystem, 0) == 0)
- return false;
-@@ -826,23 +828,27 @@ nomatch:
- static int parent_add_child(struct udev_enumerate *enumerate, const char *path)
- {
- struct udev_device *dev;
-+ int r = 0;
-
- dev = udev_device_new_from_syspath(enumerate->udev, path);
- if (dev == NULL)
- return -ENODEV;
-
- if (!match_subsystem(enumerate, udev_device_get_subsystem(dev)))
-- return 0;
-+ goto nomatch;
- if (!match_sysname(enumerate, udev_device_get_sysname(dev)))
-- return 0;
-+ goto nomatch;
- if (!match_property(enumerate, dev))
-- return 0;
-+ goto nomatch;
- if (!match_sysattr(enumerate, dev))
-- return 0;
-+ goto nomatch;
-
- syspath_add(enumerate, udev_device_get_syspath(dev));
-+ r = 1;
-+
-+nomatch:
- udev_device_unref(dev);
-- return 1;
-+ return r;
- }
-
- static int parent_crawl_children(struct udev_enumerate *enumerate, const char *path, int maxdepth)
-diff --git a/src/libudev/libudev.sym b/src/libudev/libudev.sym
-index 8e09430..1e6f885 100644
---- a/src/libudev/libudev.sym
-+++ b/src/libudev/libudev.sym
-@@ -109,5 +109,6 @@ global:
- } LIBUDEV_189;
-
- LIBUDEV_199 {
-+global:
- udev_device_set_sysattr_value;
- } LIBUDEV_196;
-diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c
-index 7b19ee0..49ee420 100644
---- a/src/modules-load/modules-load.c
-+++ b/src/modules-load/modules-load.c
-@@ -302,8 +302,8 @@ int main(int argc, char *argv[]) {
-
- STRV_FOREACH(i, arg_proc_cmdline_modules) {
- k = load_module(ctx, *i);
-- if (k < 0)
-- r = EXIT_FAILURE;
-+ if (k < 0 && r == 0)
-+ r = k;
- }
-
- r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
-index b1ef912..4f2ab5c 100644
+index d61ecdf..228a3a4 100644
--- a/src/nss-myhostname/netlink.c
+++ b/src/nss-myhostname/netlink.c
-@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
+@@ -112,6 +112,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
continue;
@@ -507,174 +54,21 @@ index b1ef912..4f2ab5c 100644
if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
continue;
-diff --git a/src/shared/efivars.c b/src/shared/efivars.c
-index 8d004ba..99340c9 100644
---- a/src/shared/efivars.c
-+++ b/src/shared/efivars.c
-@@ -383,7 +383,8 @@ int efi_get_boot_options(uint16_t **options) {
- list[count ++] = id;
- }
-
-- qsort(list, count, sizeof(uint16_t), cmp_uint16);
-+ if (list)
-+ qsort(list, count, sizeof(uint16_t), cmp_uint16);
-
- *options = list;
- return count;
-diff --git a/src/shared/env-util.c b/src/shared/env-util.c
-index 6a52fb9..598222c 100644
---- a/src/shared/env-util.c
-+++ b/src/shared/env-util.c
-@@ -406,7 +406,9 @@ char **strv_env_clean_log(char **e, const char *message) {
- e[k++] = *p;
- }
-
-- e[k] = NULL;
-+ if (e)
-+ e[k] = NULL;
-+
- return e;
- }
-
-diff --git a/src/shared/log.c b/src/shared/log.c
-index 27317f7..8f4995a 100644
---- a/src/shared/log.c
-+++ b/src/shared/log.c
-@@ -115,16 +115,20 @@ void log_close_syslog(void) {
-
- static int create_log_socket(int type) {
- int fd;
-+ struct timeval tv;
-
-- /* All output to the syslog/journal fds we do asynchronously,
-- * and if the buffers are full we just drop the messages */
--
-- fd = socket(AF_UNIX, type|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-+ fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0);
- if (fd < 0)
- return -errno;
-
- fd_inc_sndbuf(fd, SNDBUF_SIZE);
-
-+ /* We need a blocking fd here since we'd otherwise lose
-+ messages way too early. However, let's not hang forever in the
-+ unlikely case of a deadlock. */
-+ timeval_store(&tv, 1*USEC_PER_MINUTE);
-+ setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
-+
- return fd;
- }
-
-diff --git a/src/shared/polkit.c b/src/shared/polkit.c
-index cea7074..1c5e9e3 100644
---- a/src/shared/polkit.c
-+++ b/src/shared/polkit.c
-@@ -38,12 +38,8 @@ int verify_polkit(
-
- #ifdef ENABLE_POLKIT
- DBusMessage *m = NULL, *reply = NULL;
-- const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
-+ const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
- uint32_t flags = interactive ? 1 : 0;
-- pid_t pid_raw;
-- uint32_t pid_u32;
-- unsigned long long starttime_raw;
-- uint64_t starttime_u64;
- DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
- int r;
- dbus_bool_t authorized = FALSE, challenge = FALSE;
-@@ -68,14 +64,6 @@ int verify_polkit(
-
- #ifdef ENABLE_POLKIT
-
-- pid_raw = bus_get_unix_process_id(c, sender, error);
-- if (pid_raw == 0)
-- return -EINVAL;
--
-- r = get_starttime_of_pid(pid_raw, &starttime_raw);
-- if (r < 0)
-- return r;
--
- m = dbus_message_new_method_call(
- "org.freedesktop.PolicyKit1",
- "/org/freedesktop/PolicyKit1/Authority",
-@@ -86,22 +74,13 @@ int verify_polkit(
-
- dbus_message_iter_init_append(m, &iter_msg);
-
-- pid_u32 = (uint32_t) pid_raw;
-- starttime_u64 = (uint64_t) starttime_raw;
--
- if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
-- !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
-+ !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
- !dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
-- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
-- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
-- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
-- !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
-- !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
-- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
-- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
-- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
-- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
-+ !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
-+ !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
-+ !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
- !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
- !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
- !dbus_message_iter_close_container(&iter_struct, &iter_array) ||
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
-index 3cca861..f6052dd 100644
+index 0887bc3..6b502ce 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
-@@ -1482,7 +1482,7 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
-
- } else if (dbus_message_is_signal(message, "org.freedesktop.systemd1.Manager", "JobRemoved")) {
- uint32_t id;
-- const char *path, *result, *unit;
-+ const char *path, *result, *unit, *r;
-
- if (dbus_message_get_args(message, &error,
- DBUS_TYPE_UINT32, &id,
-@@ -1491,7 +1491,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
- DBUS_TYPE_STRING, &result,
- DBUS_TYPE_INVALID)) {
-
-- free(set_remove(d->set, (char*) path));
-+ r = set_remove(d->set, (char*) path);
-+ if (!r)
-+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-+
-+ free(r);
-
- if (!isempty(result))
- d->result = strdup(result);
-@@ -1511,7 +1515,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
- /* Compatibility with older systemd versions <
- * 183 during upgrades. This should be dropped
- * one day. */
-- free(set_remove(d->set, (char*) path));
-+ r = set_remove(d->set, (char*) path);
-+ if (!r)
-+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-+
-+ free(r);
-
- if (*result)
- d->result = strdup(result);
-@@ -1867,7 +1875,7 @@ static int start_unit_one(
- return log_oom();
+@@ -2561,7 +2561,7 @@ static int start_unit_one(
+ log_debug("Adding %s to the set", p);
r = set_consume(s, p);
-- if (r < 0) {
-+ if (r < 0 && r != -EEXIST) {
- log_error("Failed to add path to set.");
- return r;
- }
+- if (r < 0)
++ if (r < 0 && r != -EEXIST)
+ return log_oom();
+ }
+
diff --git a/units/emergency.service.in b/units/emergency.service.in
-index 442f0e0..6b7eafd 100644
+index 94c090f..0d20640 100644
--- a/units/emergency.service.in
+++ b/units/emergency.service.in
@@ -15,7 +15,6 @@ Before=shutdown.target
@@ -685,30 +79,45 @@ index 442f0e0..6b7eafd 100644
ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
ExecStart=-/sbin/sulogin
ExecStopPost=@SYSTEMCTL@ --fail --no-block default
+diff --git a/units/getty@.service.m4 b/units/getty@.service.m4
+index aa853b8..f76cde0 100644
+--- a/units/getty@.service.m4
++++ b/units/getty@.service.m4
+@@ -23,7 +23,9 @@ IgnoreOnIsolate=yes
+ # On systems without virtual consoles, don't start any getty. Note
+ # that serial gettys are covered by serial-getty@.service, not this
+ # unit.
+-ConditionPathExists=/dev/tty0
++ConditionPathExists=|/dev/tty0
++ConditionVirtualization=|lxc
++ConditionVirtualization=|lxc-libvirt
+
+ [Service]
+ # the VT is cleared by TTYVTDisallocate
diff --git a/units/local-fs.target b/units/local-fs.target
-index 18c3d74..a09054c 100644
+index ae3cedc..0e36840 100644
--- a/units/local-fs.target
+++ b/units/local-fs.target
-@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7)
- After=local-fs-pre.target
+@@ -13,3 +13,5 @@ DefaultDependencies=no
+ Conflicts=shutdown.target
OnFailure=emergency.target
- OnFailureIsolate=no
+ OnFailureJobMode=replace-irreversibly
+
+X-StopOnReconfiguration=yes
diff --git a/units/remote-fs.target b/units/remote-fs.target
-index 09213e8..47b4cf5 100644
+index 43ffa5c..156a681 100644
--- a/units/remote-fs.target
+++ b/units/remote-fs.target
-@@ -10,5 +10,7 @@ Description=Remote File Systems
- Documentation=man:systemd.special(7)
- After=remote-fs-pre.target
+@@ -12,5 +12,7 @@ After=remote-fs-pre.target
+ DefaultDependencies=no
+ Conflicts=shutdown.target
+X-StopOnReconfiguration=yes
+
[Install]
WantedBy=multi-user.target
diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
-index 269797a..2c640f4 100644
+index 552ef89..af3915f 100644
--- a/units/rescue.service.m4.in
+++ b/units/rescue.service.m4.in
@@ -16,7 +16,6 @@ Before=shutdown.target
@@ -731,11 +140,20 @@ index 8f4fb8f..e0f0147 100644
-After=local-fs.target swap.target emergency.service emergency.target
+After=emergency.service emergency.target
RefuseManualStart=yes
+diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in
+index e945d87..77728f2 100644
+--- a/units/systemd-backlight@.service.in
++++ b/units/systemd-backlight@.service.in
+@@ -19,3 +19,4 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-backlight load %i
+ ExecStop=@rootlibexecdir@/systemd-backlight save %i
++X-RestartIfChanged=false
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
-index ab2e50c..9563a7d 100644
+index de93879..c9a49f3 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
-@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C
+@@ -25,3 +25,8 @@ WatchdogSec=1min
# Increase the default a bit in order to allow many simultaneous
# services being run since we keep one fd open per service.
LimitNOFILE=16384
@@ -744,6 +162,33 @@ index ab2e50c..9563a7d 100644
+# journald to stop logging (see
+# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
+X-RestartIfChanged=no
+diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in
+index 1879b2f..9b895b9 100644
+--- a/units/systemd-random-seed.service.in
++++ b/units/systemd-random-seed.service.in
+@@ -19,3 +19,4 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-random-seed load
+ ExecStop=@rootlibexecdir@/systemd-random-seed save
++X-RestartIfChanged=false
+diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill@.service.in
+index 9d264a2..c505535 100644
+--- a/units/systemd-rfkill@.service.in
++++ b/units/systemd-rfkill@.service.in
+@@ -19,3 +19,4 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-rfkill load %I
+ ExecStop=@rootlibexecdir@/systemd-rfkill save %I
++X-RestartIfChanged=false
+diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in
+index da7dda7..4cc550d 100644
+--- a/units/systemd-update-utmp.service.in
++++ b/units/systemd-update-utmp.service.in
+@@ -19,3 +19,4 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-update-utmp reboot
+ ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown
++X-RestartIfChanged=false
diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
index 0869e73..b6ed958 100644
--- a/units/systemd-user-sessions.service.in
diff --git a/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch b/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch
deleted file mode 100644
index 7cde2260189a..000000000000
--- a/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Based on a patch for udev in
-nixpkgs(upstart)/pkgs/os-specific/linux/udev/pre-accept4-kernel.patch
-
-It was taken from:
-https://github.com/archlinuxarm/PKGBUILDs/blob/master/core/udev-oxnas/pre-accept4-kernel.patch
-
-Basically, ARM implemented accept4() only in 2.6.36. Nixpkgs now uses
-linux headers from 2.6.35. And the particular nixpkgs glibc version had a bug,
-not checking about 2.6.36 for accept4 on arm.
-
-diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
-index 7b88f74..a9f7b62 100644
---- a/src/journal/journald-stream.c
-+++ b/src/journal/journald-stream.c
-@@ -347,10 +347,12 @@ int stdout_stream_new(Server *s) {
- int fd, r;
- socklen_t len;
- struct epoll_event ev;
-+ int flgs;
-
- assert(s);
-
-- fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
-+ //fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
-+ fd = accept(s->stdout_fd, NULL, NULL);
- if (fd < 0) {
- if (errno == EAGAIN)
- return 0;
-@@ -359,6 +361,11 @@ int stdout_stream_new(Server *s) {
- return -errno;
- }
-
-+ // Since we don't have accept4
-+ flgs = fcntl(fd, F_GETFL, NULL);
-+ if(flgs >= 0) fcntl(fd, F_SETFL, flgs | O_NONBLOCK);
-+ fcntl(fd, F_SETFD, FD_CLOEXEC);
-+
- if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
- log_warning("Too many stdout streams, refusing connection.");
- close_nointr_nofail(fd);
-diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c
-index a235912..c05e4b4 100644
---- a/src/udev/udev-ctrl.c
-+++ b/src/udev/udev-ctrl.c
-@@ -15,6 +15,7 @@
- #include
- #include
- #include
-+#include
- #include
- #include
- #include
-@@ -181,6 +182,7 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl)
- struct ucred ucred;
- socklen_t slen;
- const int on = 1;
-+ int flgs;
-
- conn = calloc(1, sizeof(struct udev_ctrl_connection));
- if (conn == NULL)
-@@ -188,13 +190,19 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl)
- conn->refcount = 1;
- conn->uctrl = uctrl;
-
-- conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
-+ //conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
-+ conn->sock = accept(uctrl->sock, NULL, NULL);
- if (conn->sock < 0) {
- if (errno != EINTR)
- log_error("unable to receive ctrl connection: %m\n");
- goto err;
- }
-
-+ // Since we don't have accept4
-+ flgs = fcntl(conn->sock, F_GETFL, NULL);
-+ if(flgs >= 0) fcntl(conn->sock, F_SETFL, flgs | O_NONBLOCK);
-+ fcntl(conn->sock, F_SETFD, FD_CLOEXEC);
-+
- /* check peer credential of connection */
- slen = sizeof(ucred);
- if (getsockopt(conn->sock, SOL_SOCKET, SO_PEERCRED, &ucred, &slen) < 0) {
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 9c37e0009deb..f86cff13ad82 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7263,7 +7263,9 @@ let
sysstat = callPackage ../os-specific/linux/sysstat { };
- systemd = callPackage ../os-specific/linux/systemd { };
+ systemd = callPackage ../os-specific/linux/systemd {
+ linuxHeaders = linuxHeaders_3_14;
+ };
systemtap = callPackage ../development/tools/profiling/systemtap {
inherit (gnome) libglademm;