[systemd-commits] stable Branch 'v219-stable' - 36 commits - hwdb/20-bluetooth-vendor-product.hwdb hwdb/60-keyboard.hwdb hwdb/70-mouse.hwdb Makefile.am Makefile-man.am man/journalctl.xml man/journal-remote.conf.xml man/kernel-command-line.xml man/systemd-journal-remote.xml man/tmpfiles.d.xml shell-completion/bash shell-completion/zsh src/core src/libsystemd src/python-systemd src/shared src/systemctl src/test src/timedate src/udev src/update-done tmpfiles.d/systemd-nologin.conf units/console-getty.service.m4.in units/.gitignore units/systemd-importd.service.in units/systemd-resolved.service.in units/systemd-resolved.service.m4.in units/systemd-udevd.service.in units/systemd-udev-trigger.service.in units/systemd-user-sessions.service.in

Zbigniew Jędrzejewski-Szmek zbyszek at kemper.freedesktop.org
Mon May 18 05:34:58 PDT 2015


 Makefile-man.am                        |    7 ++
 Makefile.am                            |    2 
 hwdb/20-bluetooth-vendor-product.hwdb  |   36 ++++++++++
 hwdb/60-keyboard.hwdb                  |    6 +
 hwdb/70-mouse.hwdb                     |    8 ++
 man/journal-remote.conf.xml            |  114 +++++++++++++++++++++++++++++++++
 man/journalctl.xml                     |    5 -
 man/kernel-command-line.xml            |    2 
 man/systemd-journal-remote.xml         |    1 
 man/tmpfiles.d.xml                     |    6 -
 shell-completion/bash/systemctl.in     |    2 
 shell-completion/zsh/_hostnamectl      |   12 +++
 shell-completion/zsh/_journalctl       |    1 
 shell-completion/zsh/_loginctl         |    5 -
 shell-completion/zsh/_systemctl.in     |    5 +
 src/core/automount.c                   |    3 
 src/core/kmod-setup.c                  |   11 ++-
 src/core/mount.c                       |    4 -
 src/core/unit.c                        |   10 ++
 src/libsystemd/sd-daemon/sd-daemon.c   |   61 +++++++----------
 src/python-systemd/_daemon.c           |    2 
 src/python-systemd/daemon.py           |    2 
 src/shared/exit-status.c               |    2 
 src/shared/install.c                   |   10 +-
 src/shared/label.c                     |   18 +++++
 src/shared/label.h                     |    1 
 src/shared/util.c                      |    3 
 src/systemctl/systemctl.c              |   11 +--
 src/test/test-unit-file.c              |   15 ++++
 src/timedate/timedated.c               |    4 -
 src/udev/udev-builtin-net_id.c         |    2 
 src/udev/udevadm-settle.c              |    8 ++
 src/udev/udevd.c                       |   15 ++++
 src/update-done/update-done.c          |   12 ++-
 tmpfiles.d/systemd-nologin.conf        |    2 
 units/.gitignore                       |    1 
 units/console-getty.service.m4.in      |    1 
 units/systemd-importd.service.in       |    3 
 units/systemd-resolved.service.in      |   29 --------
 units/systemd-resolved.service.m4.in   |   31 ++++++++
 units/systemd-udev-trigger.service.in  |    2 
 units/systemd-udevd.service.in         |    3 
 units/systemd-user-sessions.service.in |    2 
 43 files changed, 367 insertions(+), 113 deletions(-)

New commits:
commit 22eade6dd8422ba6d044c265f0620e3ebb900320
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date:   Tue May 5 16:35:34 2015 -0400

    timedated: correctly set context on /etc/localtime
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1190377
    (cherry picked from commit fad44453ec789f49529ea5244b2c2e4d5ad1d420)

diff --git a/src/shared/label.c b/src/shared/label.c
index 82f10b2..7d0a6bc 100644
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -78,3 +78,21 @@ int symlink_label(const char *old_path, const char *new_path) {
 
         return mac_smack_fix(new_path, false, false);
 }
+
+int symlink_label_atomic(const char *old_path, const char *new_path) {
+        int r;
+
+        assert(old_path);
+        assert(new_path);
+
+        r = mac_selinux_create_file_prepare(new_path, S_IFLNK);
+        if (r < 0)
+                return r;
+
+        r = symlink_atomic(old_path, new_path);
+        mac_selinux_create_file_clear();
+        if (r < 0)
+                return r;
+
+        return mac_smack_fix(new_path, false, false);
+}
diff --git a/src/shared/label.h b/src/shared/label.h
index 8070bcb..7935964 100644
--- a/src/shared/label.h
+++ b/src/shared/label.h
@@ -28,3 +28,4 @@ int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
 
 int mkdir_label(const char *path, mode_t mode);
 int symlink_label(const char *old_path, const char *new_path);
+int symlink_label_atomic(const char *old_path, const char *new_path);
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index f2d23f3..01ab9c9 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -34,6 +34,7 @@
 #include "clock-util.h"
 #include "conf-files.h"
 #include "path-util.h"
+#include "label.h"
 #include "fileio-label.h"
 #include "label.h"
 #include "bus-util.h"
@@ -123,7 +124,8 @@ static int context_write_data_timezone(Context *c) {
         if (!p)
                 return log_oom();
 
-        r = symlink_atomic(p, "/etc/localtime");
+        mac_selinux_init("/etc");
+        r = symlink_label_atomic(p, "/etc/localtime");
         if (r < 0)
                 return r;
 

commit ed66f51061f2ce4d31838739c51f11276f97aaaf
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date:   Fri Mar 13 21:22:05 2015 -0500

    sd-daemon: simplify sd_pid_notify_with_fds
    
    Coverity was complaining that CMSG_NXTHDR is used without
    checking the return value. In this case it cannot fail, but
    it is a good excuse to simplify the function a bit.
    
    CID #1261726.
    
    (cherry picked from commit 64144440a5d2d94482f882b992fd2a4e0dca7a05)
    
    http://lists.freedesktop.org/archives/systemd-devel/2015-April/031348.html

diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c
index 22a3a53..1474321 100644
--- a/src/libsystemd/sd-daemon/sd-daemon.c
+++ b/src/libsystemd/sd-daemon/sd-daemon.c
@@ -352,12 +352,10 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char
                 .msg_iovlen = 1,
                 .msg_name = &sockaddr,
         };
-        struct cmsghdr *control;
         _cleanup_close_ int fd = -1;
         struct cmsghdr *cmsg = NULL;
         const char *e;
-        size_t controllen_without_ucred = 0;
-        bool try_without_ucred = false;
+        bool have_pid;
         int r;
 
         if (!state) {
@@ -396,42 +394,37 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char
         if (msghdr.msg_namelen > sizeof(struct sockaddr_un))
                 msghdr.msg_namelen = sizeof(struct sockaddr_un);
 
-        control = alloca(CMSG_SPACE(sizeof(struct ucred)) + CMSG_SPACE(sizeof(int) * n_fds));
+        have_pid = pid != 0 && pid != getpid();
 
-        if (n_fds > 0) {
-                msghdr.msg_control = control;
-                msghdr.msg_controllen = CMSG_LEN(sizeof(int) * n_fds);
+        if (n_fds > 0 || have_pid) {
+                msghdr.msg_controllen = CMSG_SPACE(sizeof(int) * n_fds) +
+                                        CMSG_SPACE(sizeof(struct ucred) * have_pid);
+                msghdr.msg_control = alloca(msghdr.msg_controllen);
 
                 cmsg = CMSG_FIRSTHDR(&msghdr);
-                cmsg->cmsg_level = SOL_SOCKET;
-                cmsg->cmsg_type = SCM_RIGHTS;
-                cmsg->cmsg_len = CMSG_LEN(sizeof(int) * n_fds);
+                if (n_fds > 0) {
+                        cmsg->cmsg_level = SOL_SOCKET;
+                        cmsg->cmsg_type = SCM_RIGHTS;
+                        cmsg->cmsg_len = CMSG_LEN(sizeof(int) * n_fds);
 
-                memcpy(CMSG_DATA(cmsg), fds, sizeof(int) * n_fds);
-        }
-
-        if (pid != 0 && pid != getpid()) {
-                struct ucred *ucred;
-
-                try_without_ucred = true;
-                controllen_without_ucred = msghdr.msg_controllen;
+                        memcpy(CMSG_DATA(cmsg), fds, sizeof(int) * n_fds);
 
-                msghdr.msg_control = control;
-                msghdr.msg_controllen += CMSG_LEN(sizeof(struct ucred));
+                        if (have_pid)
+                                assert_se(cmsg = CMSG_NXTHDR(&msghdr, cmsg));
+                }
 
-                if (cmsg)
-                        cmsg = CMSG_NXTHDR(&msghdr, cmsg);
-                else
-                        cmsg = CMSG_FIRSTHDR(&msghdr);
+                if (have_pid) {
+                        struct ucred *ucred;
 
-                cmsg->cmsg_level = SOL_SOCKET;
-                cmsg->cmsg_type = SCM_CREDENTIALS;
-                cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
+                        cmsg->cmsg_level = SOL_SOCKET;
+                        cmsg->cmsg_type = SCM_CREDENTIALS;
+                        cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
 
-                ucred = (struct ucred*) CMSG_DATA(cmsg);
-                ucred->pid = pid;
-                ucred->uid = getuid();
-                ucred->gid = getgid();
+                        ucred = (struct ucred*) CMSG_DATA(cmsg);
+                        ucred->pid = pid;
+                        ucred->uid = getuid();
+                        ucred->gid = getgid();
+                }
         }
 
         /* First try with fake ucred data, as requested */
@@ -441,10 +434,10 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char
         }
 
         /* If that failed, try with our own ucred instead */
-        if (try_without_ucred) {
-                if (controllen_without_ucred <= 0)
+        if (have_pid) {
+                msghdr.msg_controllen -= CMSG_SPACE(sizeof(struct ucred));
+                if (msghdr.msg_controllen == 0)
                         msghdr.msg_control = NULL;
-                msghdr.msg_controllen = controllen_without_ucred;
 
                 if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) {
                         r = 1;

commit 6cd7b4cf78462c45c2d255a9fbee3fbb5fb015e5
Author: Lennart Poettering <lennart at poettering.net>
Date:   Mon Apr 27 17:25:57 2015 +0200

    update-done: ignore nanosecond file timestamp components, they are not reliable
    
    https://bugs.freedesktop.org/show_bug.cgi?id=90192
    (cherry picked from commit 329c542585cd92cb905990e3bf59eda16fd88cfb)

diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
index 561963e..cb5cd6f 100644
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -36,9 +36,15 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
         assert(ts);
 
         if (stat(path, &st) >= 0) {
-                /* Is the timestamp file already newer than the OS? If so, there's nothing to do. */
-                if (st.st_mtim.tv_sec > ts->tv_sec ||
-                    (st.st_mtim.tv_sec == ts->tv_sec && st.st_mtim.tv_nsec >= ts->tv_nsec))
+                /* Is the timestamp file already newer than the OS? If
+                 * so, there's nothing to do. We ignore the nanosecond
+                 * component of the timestamp, since some file systems
+                 * do not support any better accuracy than 1s and we
+                 * have no way to identify the accuracy
+                 * available. Most notably ext4 on small disks (where
+                 * 128 byte inodes are used) does not support better
+                 * accuracy than 1s. */
+                if (st.st_mtim.tv_sec > ts->tv_sec)
                         return 0;
 
                 /* It is older? Then let's update it */

commit 10303903dc22ad1711df58556e7057ce59471b2e
Author: Lennart Poettering <lennart at poettering.net>
Date:   Fri Apr 24 17:28:06 2015 +0200

    unit: don't add automatic dependencies on device units if they aren't supported
    
    http://lists.freedesktop.org/archives/systemd-devel/2015-April/031187.html
    (cherry picked from commit 47bc12e1ba35d38edda737dae232088d6d3ae688)

diff --git a/src/core/unit.c b/src/core/unit.c
index 565455b..b9e1f13 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -2830,14 +2830,18 @@ int unit_add_node_link(Unit *u, const char *what, bool wants) {
 
         assert(u);
 
-        if (!what)
-                return 0;
-
         /* Adds in links to the device node that this unit is based on */
+        if (isempty(what))
+                return 0;
 
         if (!is_device_path(what))
                 return 0;
 
+        /* When device units aren't supported (such as in a
+         * container), don't create dependencies on them. */
+        if (unit_vtable[UNIT_DEVICE]->supported && !unit_vtable[UNIT_DEVICE]->supported(u->manager))
+                return 0;
+
         e = unit_name_from_path(what, ".device");
         if (!e)
                 return -ENOMEM;

commit 0e1b8518cc0409b268bdede1ae4b424c8544ed20
Author: Lennart Poettering <lennart at poettering.net>
Date:   Fri Apr 24 16:12:28 2015 +0200

    units: set KillMode=mixed for our daemons that fork worker processes
    
    The daemons should really have the time to kill the workers first,
    before systemd does it, hence use KillMode=mixed for these daemons.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=90051
    (cherry picked from commit 658f26b828fdd7007cfe82d794f610525b21cb99)

diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index 45e98fd..6359e5c 100644
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -18,3 +18,4 @@ WatchdogSec=1min
 PrivateTmp=yes
 ProtectSystem=full
 ProtectHome=yes
+KillMode=mixed
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index a133044..32f04d9 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -22,3 +22,4 @@ Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-udevd
 MountFlags=slave
+KillMode=mixed

commit 327176ac36892d068e821a1c496ca0862024f02b
Author: Peter Hutterer <peter.hutterer at who-t.net>
Date:   Thu Apr 23 10:44:30 2015 +1000

    hwdb: add HP X1000 DPI info
    
    Device name is PixArt, but it's sold as a HP brand.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=90142
    (cherry picked from commit e8043cd5fe283ff3023f98c15a2f09328805efab)

diff --git a/hwdb/70-mouse.hwdb b/hwdb/70-mouse.hwdb
index 93ee4d9..6f06e17 100644
--- a/hwdb/70-mouse.hwdb
+++ b/hwdb/70-mouse.hwdb
@@ -125,6 +125,14 @@ mouse:usb:v0461p4d16:name:USB Optical Mouse:
  MOUSE_DPI=500 at 125
 
 ##########################################
+# HP
+##########################################
+
+# HP X1000
+mouse:usb:v093ap2510:name:PixArt USB Optical Mouse:
+ MOUSE_DPI=1000 at 125
+
+##########################################
 # Lenovo
 ##########################################
 

commit e7a90c1117e4d37be191a6567b405d7908a30434
Author: Martin Pitt <martin.pitt at ubuntu.com>
Date:   Wed Apr 22 23:09:43 2015 +0100

    util: Fix assertion in split() on missing '
    
    When parsing a unit with a trailing slash after an escaped line break, like
    
      ExecStart=/bin/echo 'foo \
        bar'
    
    the split() function (through config_parse()) asserted and crashed pid 1:
    
      Assertion 'current[*l + 1] == quotechars[0]' failed at ../src/shared/util.c:583, function split(). Aborting.
    
    Fix this by returning an error in this case ("trailing garbage").
    
    Add corresponding test case. Also fix the missing "unit" argument of
    config_parse_exec() in the comment.
    
    https://launchpad.net/bugs/1447243
    (cherry picked from commit 470dca63cd2b1579f45f72b6b9777494abeff105)

diff --git a/src/shared/util.c b/src/shared/util.c
index 1e1bf94..649344d 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -571,13 +571,12 @@ const char* split(const char **state, size_t *l, const char *separator, bool quo
                 char quotechars[2] = {*current, '\0'};
 
                 *l = strcspn_escaped(current + 1, quotechars);
-                if (current[*l + 1] == '\0' ||
+                if (current[*l + 1] == '\0' || current[*l + 1] != quotechars[0] ||
                     (current[*l + 2] && !strchr(separator, current[*l + 2]))) {
                         /* right quote missing or garbage at the end */
                         *state = current;
                         return NULL;
                 }
-                assert(current[*l + 1] == quotechars[0]);
                 *state = current++ + *l + 2;
         } else if (quoted) {
                 *l = strcspn_escaped(current, separator);
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
index e517f57..9f3e3a2 100644
--- a/src/test/test-unit-file.c
+++ b/src/test/test-unit-file.c
@@ -92,6 +92,7 @@ static void check_execcommand(ExecCommand *c,
 
 static void test_config_parse_exec(void) {
         /* int config_parse_exec(
+                 const char *unit,
                  const char *filename,
                  unsigned line,
                  const char *section,
@@ -303,6 +304,20 @@ static void test_config_parse_exec(void) {
         assert_se(r == 0);
         assert_se(c1->command_next == NULL);
 
+        log_info("/* missing ending ' */");
+        r = config_parse_exec(NULL, "fake", 4, "section", 1,
+                              "LValue", 0, "/path 'foo",
+                              &c, NULL);
+        assert_se(r == 0);
+        assert_se(c1->command_next == NULL);
+
+        log_info("/* missing ending ' with trailing backslash */");
+        r = config_parse_exec(NULL, "fake", 4, "section", 1,
+                              "LValue", 0, "/path 'foo\\",
+                              &c, NULL);
+        assert_se(r == 0);
+        assert_se(c1->command_next == NULL);
+
         exec_command_free_list(c);
 }
 

commit a8d917c7e49e3111aaf7bd80cd1b8731c4ea81ed
Author: Nir Soffer <nirsof at gmail.com>
Date:   Sun Apr 19 02:49:47 2015 +0300

    udev: Fix ping timeout when settle timeout is 0
    
    When running udevadm settle --timeout=0, the ping always times out, and
    udevadm will return 0 without checking the queue state.
    
    (David: Use a reasonable timeout to still get the barrier provided by
     ctrl-ping)
    
    (cherry picked from commit 7375b3c4871861f100860ea4c2848e66b60e6ca4)

diff --git a/src/udev/udevadm-settle.c b/src/udev/udevadm-settle.c
index 40e3e28..33597bc 100644
--- a/src/udev/udevadm-settle.c
+++ b/src/udev/udevadm-settle.c
@@ -114,7 +114,7 @@ static int adm_settle(struct udev *udev, int argc, char *argv[]) {
 
                 uctrl = udev_ctrl_new(udev);
                 if (uctrl != NULL) {
-                        if (udev_ctrl_send_ping(uctrl, timeout) < 0) {
+                        if (udev_ctrl_send_ping(uctrl, MAX(5U, timeout)) < 0) {
                                 log_debug("no connection to daemon");
                                 udev_ctrl_unref(uctrl);
                                 return EXIT_SUCCESS;

commit 08a2ba2c6981ec9fef16639d1bed16a40406f0d0
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Apr 22 13:50:56 2015 +0200

    kmod-setup: load ip_tables kmod at boot
    
    The module is currently no auto-loadable (and this is unlikely to change
    anytime soon, given it's API is via getsockopt/setsockopt). It is needed
    by networkd and nspawn currently.
    
    Users who really don't like the module to be loaded have the option to
    blacklist it still, or not compile it at all. But for all others this
    should make things work out-of-the-box.
    
    (cherry picked from commit 1d3087978a8ee23107cb64aa55ca97aefe9531e2)

diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c
index c0a05b9..97f3b9b 100644
--- a/src/core/kmod-setup.c
+++ b/src/core/kmod-setup.c
@@ -63,16 +63,19 @@ int kmod_setup(void) {
                 bool (*condition_fn)(void);
         } kmod_table[] = {
                 /* auto-loading on use doesn't work before udev is up */
-                { "autofs4", "/sys/class/misc/autofs", true, NULL                 },
+                { "autofs4",   "/sys/class/misc/autofs",    true,  NULL                },
 
                 /* early configure of ::1 on the loopback device */
-                { "ipv6",    "/sys/module/ipv6",       true, NULL                 },
+                { "ipv6",      "/sys/module/ipv6",          true,  NULL                },
 
                 /* this should never be a module */
-                { "unix",    "/proc/net/unix",         true, NULL                 },
+                { "unix",      "/proc/net/unix",            true,  NULL                },
 
                 /* IPC is needed before we bring up any other services */
-                { "kdbus",   "/sys/fs/kdbus",          false, cmdline_check_kdbus },
+                { "kdbus",     "/sys/fs/kdbus",             false, cmdline_check_kdbus },
+
+                /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
+                { "ip_tables", "/proc/net/ip_tables_names", false, NULL                },
         };
         struct kmod_ctx *ctx = NULL;
         unsigned int i;

commit 7abbe742f656e171effea73821c38c29565bcab2
Author: Lennart Poettering <lennart at poettering.net>
Date:   Tue Apr 21 17:26:56 2015 +0200

    tmpfiles: there's no systemd-forbid-user-logins.service service
    
    (cherry picked from commit 451d691ae110a600497348d9f6288bc84efb8642)

diff --git a/tmpfiles.d/systemd-nologin.conf b/tmpfiles.d/systemd-nologin.conf
index d61232b..a30a8da 100644
--- a/tmpfiles.d/systemd-nologin.conf
+++ b/tmpfiles.d/systemd-nologin.conf
@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) and systemd-forbid-user-logins.service(5).
+# See tmpfiles.d(5), systemd-user-session.service(5) and pam_nologin(8).
 # This file has special suffix so it is not run by mistake.
 
 F! /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)"

commit 989f43ac4c07d47147facd62d3703d3d97b50e01
Author: Lubomir Rintel <lkundrak at v3.sk>
Date:   Mon Apr 13 19:46:59 2015 +0200

    importd: add CAP_DAC_OVERRIDE capability
    
    Fedora's filesystem package ships /usr/bin (and other directories) which are
    not writable by its owner. machinectl pull-dkr (and possibly others) are not
    able to extract those:
    
      14182 mkdirat(3, "usr", 0700)           = 0
      14182 mkdirat(3, "usr/bin", 0500)       = 0
      14182 openat(3, "usr/bin/[", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EACCES (Permission denied)
      ...
    
    (cherry picked from commit 15d7b51724cc9775f03f2af4d3eec7f48f39f7de)

diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index 26759ea..45e98fd 100644
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -12,7 +12,7 @@ Documentation=man:systemd-importd.service(8)
 [Service]
 ExecStart=@rootlibexecdir@/systemd-importd
 BusName=org.freedesktop.import1
-CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
 NoNewPrivileges=yes
 WatchdogSec=1min
 PrivateTmp=yes

commit 8d89839589bf8d8498ee21f4257242d38df9b7e0
Author: Nir Soffer <nirsof at gmail.com>
Date:   Sun Apr 19 03:41:26 2015 +0300

    udev: settle should return immediately when timeout is 0
    
    udevadm manual says:
    
        A value of 0 will check if the queue is empty and always return
        immediately.
    
    However, currently we ignore the deadline if the value is 0, and wait
    without any limit.
    
    Zero timeout behaved according to the documentation until commit
    ead7c62ab7 (udevadm: settle - kill alarm()). Looking at this patch, it
    seems that the behavior change was unintended.
    
    This patch restores the documented behavior.
    
    (cherry picked from commit bf23b9f86f6807c3029a6a46e1999ae0c87ca22a)

diff --git a/src/udev/udevadm-settle.c b/src/udev/udevadm-settle.c
index e60c462..40e3e28 100644
--- a/src/udev/udevadm-settle.c
+++ b/src/udev/udevadm-settle.c
@@ -149,7 +149,7 @@ static int adm_settle(struct udev *udev, int argc, char *argv[]) {
                         break;
                 }
 
-                if (timeout > 0 && now(CLOCK_MONOTONIC) >= deadline)
+                if (now(CLOCK_MONOTONIC) >= deadline)
                         break;
 
                 /* wake up when queue is empty */

commit 25a7f022e7e2e004f12757b7e73d7b7aecfe8926
Author: Martin Pitt <martin.pitt at ubuntu.com>
Date:   Sat Apr 18 22:38:13 2015 +0100

    exit-status: Fix "NOTINSSTALLED" typo
    
    (cherry picked from commit 9f8f87e375175536a972feab79c2ff8901c47f8e)

diff --git a/src/shared/exit-status.c b/src/shared/exit-status.c
index 5c73b4d..90c83a4 100644
--- a/src/shared/exit-status.c
+++ b/src/shared/exit-status.c
@@ -167,7 +167,7 @@ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) {
                         return "NOPERMISSION";
 
                 case EXIT_NOTINSTALLED:
-                        return "NOTINSSTALLED";
+                        return "NOTINSTALLED";
 
                 case EXIT_NOTCONFIGURED:
                         return "NOTCONFIGURED";

commit 8bdb345984f8a00ff866c1b4198888a9eef03395
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date:   Tue Apr 14 20:47:20 2015 -0500

    systemctl: avoid bumping NOFILE rlimit unless needed
    
    We actually only use the journal when showing status. Move setrlimit call
    so it is only called for status.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1184712
    (cherry picked from commit 40acc203c043fd419f3c045dc6f116c3a28411d8)

diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 4ec0cff..089c25f 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -4449,6 +4449,12 @@ static int show(sd_bus *bus, char **args) {
         if (show_properties)
                 pager_open_if_enabled();
 
+        if (show_status)
+                /* Increase max number of open files to 16K if we can, we
+                 * might needs this when browsing journal files, which might
+                 * be split up into many files. */
+                setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
+
         /* If no argument is specified inspect the manager itself */
 
         if (show_properties && strv_length(args) <= 1)
@@ -7207,11 +7213,6 @@ found:
                 }
         }
 
-        /* Increase max number of open files to 16K if we can, we
-         * might needs this when browsing journal files, which might
-         * be split up into many files. */
-        setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
-
         return verb->dispatch(bus, argv + optind);
 }
 

commit 1625df2abbb82af7a0b2c02291e8379f00bdb8c4
Author: Lennart Poettering <lennart at poettering.net>
Date:   Mon Apr 13 15:23:07 2015 +0200

    man: fix examples indentation in tmpfiles.d(5)
    
    (cherry picked from commit bd1100898d63e9e2d8f6327b6895454f9abd5bd0)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 4bd0fcf..9b4e11c 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -504,15 +504,15 @@
       boot with specific modes and ownership.</para>
 
       <programlisting>d /run/screens  1777 root root 10d
-      d /run/uscreens 0755 root root 10d12h
-      t /run/screen - - - - user.name="John Smith" security.SMACK64=screen</programlisting>
+d /run/uscreens 0755 root root 10d12h
+t /run/screen - - - - user.name="John Smith" security.SMACK64=screen</programlisting>
     </example>
     <example>
       <title>/etc/tmpfiles.d/abrt.conf example</title>
       <para><command>abrt</command> needs a directory created at boot with specific mode and ownership and its content should be preserved.</para>
 
       <programlisting>d /var/tmp/abrt 0755 abrt abrt
-      x /var/tmp/abrt/*</programlisting>
+x /var/tmp/abrt/*</programlisting>
     </example>
   </refsect1>
 

commit 9aa4f0e0a69e610ca38ed34692e42be330cb7041
Author: Simon Farnsworth <simon.farnsworth at onelan.co.uk>
Date:   Wed Mar 25 17:00:09 2015 +0000

    python-systemd: fix is_socket_inet to cope with ports
    
    Just a couple of trivial oversights.
    
    (cherry picked from commit 9f1a574d50c1ffd19f18805cc8a3a433c4f2da37)

diff --git a/src/python-systemd/_daemon.c b/src/python-systemd/_daemon.c
index 65cfec7..7c5f1b2 100644
--- a/src/python-systemd/_daemon.c
+++ b/src/python-systemd/_daemon.c
@@ -225,7 +225,7 @@ static PyObject* is_socket_inet(PyObject *self, PyObject *args) {
                               &fd, &family, &type, &listening, &port))
                 return NULL;
 
-        if (port < 0 || port > INT16_MAX) {
+        if (port < 0 || port > UINT16_MAX) {
                 set_error(-EINVAL, NULL, "port must fit into uint16_t");
                 return NULL;
         }
diff --git a/src/python-systemd/daemon.py b/src/python-systemd/daemon.py
index 1c386bb..82011ca 100644
--- a/src/python-systemd/daemon.py
+++ b/src/python-systemd/daemon.py
@@ -26,7 +26,7 @@ def is_socket(fileobj, family=_AF_UNSPEC, type=0, listening=-1):
 
 def is_socket_inet(fileobj, family=_AF_UNSPEC, type=0, listening=-1, port=0):
     fd = _convert_fileobj(fileobj)
-    return _is_socket_inet(fd, family, type, listening)
+    return _is_socket_inet(fd, family, type, listening, port)
 
 def is_socket_unix(fileobj, type=0, listening=-1, path=None):
     fd = _convert_fileobj(fileobj)

commit bb9b6abb1a73cadcd1ce48a83376183163f7ecd6
Author: Daniel Drake <drake at endlessm.com>
Date:   Mon Apr 6 16:03:43 2015 -0600

    udevd: fix synchronization with settle when handling inotify events
    
    udev uses inotify to implement a scheme where when the user closes
    a writable device node, a change uevent is forcefully generated.
    In the case of block devices, it actually requests a partition rescan.
    
    This currently can't be synchronized with "udevadm settle", i.e. this
    is not reliable in a script:
    
     sfdisk --change-id /dev/sda 1 81
     udevadm settle
     mount /dev/sda1 /foo
    
    The settle call doesn't synchronize there, so at the same time we try
    to mount the device, udevd is busy removing the partition device nodes and
    readding them again. The mount call often happens in that moment where the
    partition node has been removed but not readded yet.
    
    This exact issue was fixed long ago:
    http://git.kernel.org/cgit/linux/hotplug/udev.git/commit/?id=bb38678e3ccc02bcd970ccde3d8166a40edf92d3
    
    but that fix is no longer valid now that sequence numbers are no longer
    used.
    
    Fix this by forcing another mainloop iteration after handling inotify events
    before unblocking settle. If the inotify event caused us to generate a
    "change" event, we'll pick that up in the following loop iteration, before
    we reach the end of the loop where we respond to settle's control message,
    unblocking it.
    
    (cherry picked from commit 07ba8037bf2a2d6a683fa107ee6f2b9545fca23e)

diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index e98c1fd..87a3f69 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1502,9 +1502,22 @@ int main(int argc, char *argv[]) {
                         continue;
 
                 /* device node watch */
-                if (is_inotify)
+                if (is_inotify) {
                         handle_inotify(udev);
 
+                        /*
+                         * settle might be waiting on us to determine the queue
+                         * state. If we just handled an inotify event, we might have
+                         * generated a "change" event, but we won't have queued up
+                         * the resultant uevent yet.
+                         *
+                         * Before we go ahead and potentially tell settle that the
+                         * queue is empty, lets loop one more time to update the
+                         * queue state again before deciding.
+                         */
+                        continue;
+                }
+
                 /* tell settle that we are busy or idle, this needs to be before the
                  * PING handling
                  */

commit cc2497363c22f32a4e38ca048f546a651ec45655
Author: Gavin Li <git at thegavinli.com>
Date:   Tue Apr 7 03:30:10 2015 -0700

    hwdb: add Samsung ATIV Book 6 / 8
    
    This adds support for the keyboard illumination keys and fixes
    Fn+F1.
    
    (cherry picked from commit af97ebf2dd8a2ec0d46f2924e35a63a55523c133)

diff --git a/hwdb/60-keyboard.hwdb b/hwdb/60-keyboard.hwdb
index 8890665..9f99ca8 100644
--- a/hwdb/60-keyboard.hwdb
+++ b/hwdb/60-keyboard.hwdb
@@ -1009,6 +1009,12 @@ keyboard:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*7[34]0U3E*:pvr*
  KEYBOARD_KEY_b3=!prog3                                 # Fn+F11 fan/cooling mode changer
  KEYBOARD_KEY_d5=!wlan                                  # Fn+F12 wlan/airplane switch
 
+# ATIV Book 6 / 8
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*[68][78]0Z*:pvr*
+ KEYBOARD_KEY_ce=!prog1                                 # Fn+F1 launch settings
+ KEYBOARD_KEY_96=!kbdillumup                            # Fn+F10 keyboard backlight up
+ KEYBOARD_KEY_97=!kbdillumdown                          # Fn+F9 keyboard backlight down
+
 # SQ1US
 keyboard:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pnSQ1US:pvr*
  KEYBOARD_KEY_d4=menu

commit 6ee163ccd848bc0283a4895dddd55f3a71626d6a
Author: Nir Soffer <nirsof at gmail.com>
Date:   Wed Apr 8 04:04:16 2015 +0300

    udev: restore udevadm settle timeout
    
    Commit 9ea28c55a2 (udev: remove seqnum API and all assumptions about
    seqnums) introduced a regresion, ignoring the timeout option when
    waiting until the event queue is empty.
    
    Previously, if the udev event queue was not empty when the timeout was
    expired, udevadm settle was returning with exit code 1.  To check if the
    queue is empty, you could invoke udevadm settle with timeout=0. This
    patch restores the previous behavior.
    
    (David: fixed timeout==0 handling and dropped redundant assignment)
    
    (cherry picked from commit 0736455b1186c9515e0f093e1e686e684d225787)

diff --git a/src/udev/udevadm-settle.c b/src/udev/udevadm-settle.c
index fff5de7..e60c462 100644
--- a/src/udev/udevadm-settle.c
+++ b/src/udev/udevadm-settle.c
@@ -56,6 +56,7 @@ static int adm_settle(struct udev *udev, int argc, char *argv[]) {
                 { "quiet",          no_argument,       NULL, 'q' }, /* removed */
                 {}
         };
+        usec_t deadline;
         const char *exists = NULL;
         unsigned int timeout = 120;
         struct pollfd pfd[1] = { {.fd = -1}, };
@@ -105,6 +106,8 @@ static int adm_settle(struct udev *udev, int argc, char *argv[]) {
                 return EXIT_FAILURE;
         }
 
+        deadline = now(CLOCK_MONOTONIC) + timeout * USEC_PER_SEC;
+
         /* guarantee that the udev daemon isn't pre-processing */
         if (getuid() == 0) {
                 struct udev_ctrl *uctrl;
@@ -146,6 +149,9 @@ static int adm_settle(struct udev *udev, int argc, char *argv[]) {
                         break;
                 }
 
+                if (timeout > 0 && now(CLOCK_MONOTONIC) >= deadline)
+                        break;
+
                 /* wake up when queue is empty */
                 if (poll(pfd, 1, MSEC_PER_SEC) > 0 && pfd[0].revents & POLLIN)
                         udev_queue_flush(queue);

commit 7b0a1d188bf80e77d833f1c624a9a9f467f3af25
Author: Ronny Chevalier <chevalier.ronny at gmail.com>
Date:   Fri Apr 10 15:44:02 2015 +0200

    shared: fix memleak
    
    path was used for 2 purposes but it was not freed before being reused.
    
    (cherry picked from commit 0d67448869bd881fd6aea57de6da98800395cf1f)

diff --git a/src/shared/install.c b/src/shared/install.c
index 92b8d6e..efd489e 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -515,7 +515,7 @@ static int find_symlinks_in_scope(
                 UnitFileState *state) {
 
         int r;
-        _cleanup_free_ char *path = NULL;
+        _cleanup_free_ char *normal_path = NULL, *runtime_path = NULL;
         bool same_name_link_runtime = false, same_name_link = false;
 
         assert(scope >= 0);
@@ -523,11 +523,11 @@ static int find_symlinks_in_scope(
         assert(name);
 
         /* First look in runtime config path */
-        r = get_config_path(scope, true, root_dir, &path);
+        r = get_config_path(scope, true, root_dir, &normal_path);
         if (r < 0)
                 return r;
 
-        r = find_symlinks(name, path, &same_name_link_runtime);
+        r = find_symlinks(name, normal_path, &same_name_link_runtime);
         if (r < 0)
                 return r;
         else if (r > 0) {
@@ -536,11 +536,11 @@ static int find_symlinks_in_scope(
         }
 
         /* Then look in the normal config path */
-        r = get_config_path(scope, false, root_dir, &path);
+        r = get_config_path(scope, false, root_dir, &runtime_path);
         if (r < 0)
                 return r;
 
-        r = find_symlinks(name, path, &same_name_link);
+        r = find_symlinks(name, runtime_path, &same_name_link);
         if (r < 0)
                 return r;
         else if (r > 0) {

commit d0d6d8081f89fd03cc2bdb4068239928e36db73c
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date:   Fri Apr 3 08:28:21 2015 -0400

    man: remove 'fs' from 'rootfsflags'
    
    rootfsflags does not appear anywhere else.
    
    (cherry picked from commit d6a12e7ca3a17ce0224fd6c95d827e4f97fe2c9a)

diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml
index 919bd13..eb73727 100644
--- a/man/kernel-command-line.xml
+++ b/man/kernel-command-line.xml
@@ -295,7 +295,7 @@
       <varlistentry>
         <term><varname>root=</varname></term>
         <term><varname>rootfstype=</varname></term>
-        <term><varname>rootfsflags=</varname></term>
+        <term><varname>rootflags=</varname></term>
         <term><varname>ro</varname></term>
         <term><varname>rw</varname></term>
 

commit 7a6c9117eca12a1a59f1323ba7407e7b6dedfa66
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date:   Thu Apr 2 22:58:39 2015 -0400

    core/automount: beef up error message
    
    This should not happen... but when it does more information is nice.
    
    (cherry picked from commit 50b03c8ea1248f2d35a9042a3fa959adc0ceb819)

diff --git a/src/core/automount.c b/src/core/automount.c
index e4c7941..b391f61 100644
--- a/src/core/automount.c
+++ b/src/core/automount.c
@@ -734,7 +734,8 @@ static int automount_dispatch_io(sd_event_source *s, int fd, uint32_t events, vo
         assert(fd == a->pipe_fd);
 
         if (events != EPOLLIN) {
-                log_unit_error(UNIT(a)->id, "Got invalid poll event on pipe.");
+                log_unit_error(UNIT(a)->id, "%s: got invalid poll event %"PRIu32" on pipe (fd=%d)",
+                               UNIT(a)->id, events, fd);
                 goto fail;
         }
 

commit 51265c779c2c9ed84971405827595a41a10c5398
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date:   Thu Apr 2 22:54:35 2015 -0400

    shell-completion: systemctl switch-root verb
    
    The completion is rudimentary (all files). I think this is OK since
    this is used so rarely. But not having it proposed at all is annoying.
    
    (cherry picked from commit 7b742b3130941b5c8d5e178b6694428fb3b61086)

diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in
index 8063316..3d787cd 100644
--- a/shell-completion/bash/systemctl.in
+++ b/shell-completion/bash/systemctl.in
@@ -160,7 +160,7 @@ _systemctl () {
                              reboot rescue show-environment suspend get-default
                              is-system-running'
                      [NAME]='snapshot'
-                     [FILE]='link'
+                     [FILE]='link switch-root'
                   [TARGETS]='set-default'
         )
 
diff --git a/shell-completion/zsh/_systemctl.in b/shell-completion/zsh/_systemctl.in
index 7f2d5ac..82edfd3 100644
--- a/shell-completion/zsh/_systemctl.in
+++ b/shell-completion/zsh/_systemctl.in
@@ -59,6 +59,7 @@
     "reboot:Shut down and reboot the system"
     "kexec:Shut down and reboot the system with kexec"
     "exit:Ask for user instance termination"
+    "switch-root:Change root directory"
   )
 
   if (( CURRENT == 1 )); then
@@ -297,6 +298,10 @@ done
    _sd_unit_files
 }
 
+(( $+functions[_systemctl_switch-root] )) || _systemctl_switch-root() {
+   _files
+}
+
 # no systemctl completion for:
 #    [STANDALONE]='daemon-reexec daemon-reload default
 #                  emergency exit halt kexec list-jobs list-units

commit 8a4bf5dd52fe70734d566df3315927e41d27ac0e
Author: Ronny Chevalier <chevalier.ronny at gmail.com>
Date:   Tue Apr 7 20:14:28 2015 +0200

    zsh-completion: update hostnamectl
    
    (cherry picked from commit d67b1f525f488e5dfc076972cccf2a6411257fb8)

diff --git a/shell-completion/zsh/_hostnamectl b/shell-completion/zsh/_hostnamectl
index a7217a1..7528e06 100644
--- a/shell-completion/zsh/_hostnamectl
+++ b/shell-completion/zsh/_hostnamectl
@@ -33,6 +33,14 @@ _hostnamectl_set-deployment() {
     fi
 }
 
+_hostnamectl_set-location() {
+    if (( CURRENT <= 3 )); then
+        _message "new location"
+    else
+        _message "no more options"
+    fi
+}
+
 _hostnamectl_command() {
     local -a _hostnamectl_cmds
     _hostnamectl_cmds=(
@@ -40,7 +48,8 @@ _hostnamectl_command() {
         "set-hostname:Set system hostname"
         "set-icon-name:Set icon name for host"
         "set-chassis:Set chassis type for host"
-        "set-deployment:Set deployment environment"
+        "set-deployment:Set deployment environment for host"
+        "set-location:Set location for host"
     )
     if (( CURRENT == 1 )); then
         _describe -t commands 'hostnamectl commands' _hostnamectl_cmds || compadd "$@"
@@ -67,4 +76,5 @@ _arguments -s \
     '--pretty[Only set pretty hostname]' \
     '--no-ask-password[Do not prompt for password]' \
     {-H+,--host=}'[Operate on remote host]:userathost:_sd_hosts_or_user_at_host' \
+    {-M+,--machine=}'[Operate on local container]:machines:_sd_machines' \
     '*::hostnamectl commands:_hostnamectl_command'

commit 5fa78764c2405083d5023f56799e518e641abb2f
Author: Ronny Chevalier <chevalier.ronny at gmail.com>
Date:   Tue Apr 7 19:35:57 2015 +0200

    zsh-completion: add missing -M completion for journalctl
    
    (cherry picked from commit b178d279d92fdf002b18dd2f06f2353af14d0a6e)

diff --git a/shell-completion/zsh/_journalctl b/shell-completion/zsh/_journalctl
index a469bbc..863348e 100644
--- a/shell-completion/zsh/_journalctl
+++ b/shell-completion/zsh/_journalctl
@@ -76,6 +76,7 @@ _arguments -s \
     {-F,--field=}'[List all values a certain field takes]:Fields:_list_fields' \
     '--system[Show system and kernel messages]' \
     '--user[Show messages from user services]' \
+    {-M+,--machine=}'[Operate on local container]:machines:_sd_machines' \
     {-D+,--directory=}'[Show journal files from directory]:directories:_directories' \
     '--file=[Operate on specified journal files]:file:_files' \
     '--root=[Operate on catalog hierarchy under specified directory]:directories:_directories' \

commit 33783ab52be4b52be91b3565948a29fbfc1d0799
Author: Ronny Chevalier <chevalier.ronny at gmail.com>
Date:   Tue Apr 7 19:35:13 2015 +0200

    zsh-completion: update loginctl
    
    (cherry picked from commit 8470025541039f39391815b2ac93952003b7eee8)

diff --git a/shell-completion/zsh/_loginctl b/shell-completion/zsh/_loginctl
index 0de66e1..bd33b66 100644
--- a/shell-completion/zsh/_loginctl
+++ b/shell-completion/zsh/_loginctl
@@ -102,10 +102,11 @@ _arguments -s \
     '--kill-who=[Who to send signal to]:killwho:(main control all)' \
     {-s+,--signal=}'[Which signal to send]:signal:_signals' \
     {-H+,--host=}'[Operate on remote host]:userathost:_sd_hosts_or_user_at_host' \
-    {-M+,--machine=}'[Operate on local container]:machine' \
-    {-P,--privileged}'[Acquire privileges before execution]' \
+    {-M+,--machine=}'[Operate on local container]:machine:_sd_machines' \
     {-l,--full}'[Do not ellipsize output]' \
     '--no-pager[Do not pipe output into a pager]' \
     '--no-legend[Do not show the headers and footers]' \
     '--no-ask-password[Do not ask for system passwords]' \
+    {-n+,--lines=}'[Number of journal entries to show]' \
+    {-o+,--output=}'[Change journal output mode]:output modes:_sd_outputmodes' \
     '*::loginctl command:_loginctl_command'

commit 2f9c8a3cacc7f6743925c8f8eb7fdffd1558c688
Author: Lennart Poettering <lennart at poettering.net>
Date:   Fri Apr 3 14:31:35 2015 +0200

    units: explicitly order systemd-user-sessions.service after nss-user-lookup.target
    
    We should not allow logins before NIS/LDAP users are available.
    
    (cherry picked from commit efb3e19be9c568974b221990b9e84fb5304c5537)

diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
index 0869e73..c09c05d 100644
--- a/units/systemd-user-sessions.service.in
+++ b/units/systemd-user-sessions.service.in
@@ -8,7 +8,7 @@
 [Unit]
 Description=Permit User Sessions
 Documentation=man:systemd-user-sessions.service(8)
-After=remote-fs.target
+After=remote-fs.target nss-user-lookup.target
 
 [Service]
 Type=oneshot

commit bf38766c3a48427673527e7ae8894aeca2e34ffe
Author: Lennart Poettering <lennart at poettering.net>
Date:   Fri Apr 3 14:27:16 2015 +0200

    units: move After=systemd-hwdb-update.service dependency from udev to udev-trigger
    
    Let's move the hwdb regeneration a bit later. Given that hwdb is
    non-essential it should be OK to allow udev to run without it until we
    do the full trigger.
    
    http://lists.freedesktop.org/archives/systemd-devel/2015-April/030074.html
    (cherry picked from commit d8f0930eec248c2f54c85aa5029e1b3775c8dc75)

diff --git a/units/systemd-udev-trigger.service.in b/units/systemd-udev-trigger.service.in
index 0c33909..1e04d11 100644
--- a/units/systemd-udev-trigger.service.in
+++ b/units/systemd-udev-trigger.service.in
@@ -10,7 +10,7 @@ Description=udev Coldplug all Devices
 Documentation=man:udev(7) man:systemd-udevd.service(8)
 DefaultDependencies=no
 Wants=systemd-udevd.service
-After=systemd-udevd-kernel.socket systemd-udevd-control.socket
+After=systemd-udevd-kernel.socket systemd-udevd-control.socket systemd-hwdb-update.service
 Before=sysinit.target
 ConditionPathIsReadWrite=/sys
 
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index 2791f73..a133044 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -10,7 +10,7 @@ Description=udev Kernel Device Manager
 Documentation=man:systemd-udevd.service(8) man:udev(7)
 DefaultDependencies=no
 Wants=systemd-udevd-control.socket systemd-udevd-kernel.socket
-After=systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-hwdb-update.service systemd-sysusers.service
+After=systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-sysusers.service
 Before=sysinit.target
 ConditionPathIsReadWrite=/sys
 

commit 4e19d468a0d5af50fcff6db4f67572689d28b706
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Apr 2 12:14:57 2015 +0200

    man: don't mention "journalctl /dev/sda"
    
    It never worked, and nobody ever worked on it, hence don't mention it.
    
    (cherry picked from commit c4f54721175bde35e2051d61d3d23285def9619d)

diff --git a/man/journalctl.xml b/man/journalctl.xml
index 770cf9b..08de0ff 100644
--- a/man/journalctl.xml
+++ b/man/journalctl.xml
@@ -817,11 +817,6 @@
 
     <programlisting>journalctl /usr/bin/dbus-daemon</programlisting>
 
-    <para>Show all logs of the kernel device node
-    <filename noindex='true'>/dev/sda</filename>:</para>
-
-    <programlisting>journalctl /dev/sda</programlisting>
-
     <para>Show all kernel logs from previous boot:</para>
 
     <programlisting>journalctl -k -b -1</programlisting>

commit e219205ca3accd36ce59ed19bb0e6d079311d505
Author: Tom Gundersen <teg at jklm.no>
Date:   Wed Apr 1 16:41:41 2015 +0200

    udev: net_id - fix copy-paste error
    
    In case pci_slot overflows we were truncating pci_path instead.
    
    (cherry picked from commit 16f948cb208f1db9a1665f07ac9b22e416dc19d4)

diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 37ff1b8..71f3a59 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -248,7 +248,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
                 if (dev_port > 0)
                         l = strpcpyf(&s, l, "d%d", dev_port);
                 if (l == 0)
-                        names->pci_path[0] = '\0';
+                        names->pci_slot[0] = '\0';
         }
 out:
         udev_device_unref(pci);

commit b9b1f41397212bb0a692454b75434b62a4ade1dc
Author: Michal Sekletar <msekleta at redhat.com>
Date:   Wed Apr 1 13:08:25 2015 +0200

    mount: fix up wording in the comment
    
    (cherry picked from commit 340a1d2330ddc1dd18ad75bcdddf32f63c84b4a1)

diff --git a/src/core/mount.c b/src/core/mount.c
index 3359220..fd4fb6f 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -108,7 +108,7 @@ static bool needs_quota(const MountParameters *p) {
         assert(p);
 
         /* Quotas are not enabled on network filesystems,
-         * but we them, for example, on storages connected via iscsi */
+         * but we want them, for example, on storage connected via iscsi */
         if (p->fstype && fstype_is_network(p->fstype))
                 return false;
 

commit 76e5c9cfb1df3991f631cc7b593ab25a15f8d3eb
Author: Lukas Nykryn <lnykryn at redhat.com>
Date:   Mon Mar 30 14:42:02 2015 +0200

    mount: don't run quotaon only for network filesystems
    
    If you have for example ext4 on iscsi devices it is possible to setup
    qoutas there. Unfortunately, because such fstab entry contains _netdev,
    systemd will not add dependency to quotaon.service.
    
    (cherry picked from commit 11041c8488e956924870379a9203d7f1cac3b038)

diff --git a/src/core/mount.c b/src/core/mount.c
index 3ae0eb4..3359220 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -107,7 +107,9 @@ static bool mount_is_auto(const MountParameters *p) {
 static bool needs_quota(const MountParameters *p) {
         assert(p);
 
-        if (mount_is_network(p))
+        /* Quotas are not enabled on network filesystems,
+         * but we them, for example, on storages connected via iscsi */
+        if (p->fstype && fstype_is_network(p->fstype))
                 return false;
 
         if (mount_is_bind(p))

commit 85967d7434a798b1d73429d87229cfaadfbf44b0
Author: Marcel Holtmann <marcel at holtmann.org>
Date:   Tue Mar 31 22:59:12 2015 +0200

    hwdb: Update database of Bluetooth company identifiers
    
    (cherry picked from commit c185834d77335d50ef0247c39d7e9dffc74707bd)

diff --git a/hwdb/20-bluetooth-vendor-product.hwdb b/hwdb/20-bluetooth-vendor-product.hwdb
index 4fd951a..ff8862b 100644
--- a/hwdb/20-bluetooth-vendor-product.hwdb
+++ b/hwdb/20-bluetooth-vendor-product.hwdb
@@ -1472,3 +1472,39 @@ bluetooth:v01E7*
 
 bluetooth:v01E8*
  ID_VENDOR_FROM_DATABASE=STIR
+
+bluetooth:v01E9*
+ ID_VENDOR_FROM_DATABASE=Sano, Inc
+
+bluetooth:v01EA*
+ ID_VENDOR_FROM_DATABASE=Advanced Application Design, Inc.
+
+bluetooth:v01EB*
+ ID_VENDOR_FROM_DATABASE=AutoMap LLC
+
+bluetooth:v01EC*
+ ID_VENDOR_FROM_DATABASE=Spreadtrum Communications Shanghai Ltd
+
+bluetooth:v01ED*
+ ID_VENDOR_FROM_DATABASE=CuteCircuit LTD
+
+bluetooth:v01EE*
+ ID_VENDOR_FROM_DATABASE=Valeo Service
+
+bluetooth:v01EF*
+ ID_VENDOR_FROM_DATABASE=Fullpower Technologies, Inc.
+
+bluetooth:v01F0*
+ ID_VENDOR_FROM_DATABASE=KloudNation
+
+bluetooth:v01F1*
+ ID_VENDOR_FROM_DATABASE=Zebra Technologies Corporation
+
+bluetooth:v01F2*
+ ID_VENDOR_FROM_DATABASE=Itron, Inc.
+
+bluetooth:v01F3*
+ ID_VENDOR_FROM_DATABASE=The University of Tokyo
+
+bluetooth:v01F4*
+ ID_VENDOR_FROM_DATABASE=UTC Fire and Security

commit b66b41c3b5c9567cafce132782bae32055d6a69a
Author: Chris Morgan <chmorgan at gmail.com>
Date:   Sat Mar 21 20:47:46 2015 -0400

    man: add journal-remote.conf(5)
    
    (cherry picked from commit eaa5251d9167027275d8275862e23e0b7dc8866e)

diff --git a/Makefile-man.am b/Makefile-man.am
index d0fb9aa..28e1007 100644
--- a/Makefile-man.am
+++ b/Makefile-man.am
@@ -1330,14 +1330,20 @@ endif
 
 if HAVE_MICROHTTPD
 MANPAGES += \
+	man/journal-remote.conf.5 \
 	man/systemd-journal-gatewayd.service.8 \
 	man/systemd-journal-remote.8 \
 	man/systemd-journal-upload.8
 MANPAGES_ALIAS += \
+	man/journal-remote.conf.d.5 \
 	man/systemd-journal-gatewayd.8 \
 	man/systemd-journal-gatewayd.socket.8
+man/journal-remote.conf.d.5: man/journal-remote.conf.5
 man/systemd-journal-gatewayd.8: man/systemd-journal-gatewayd.service.8
 man/systemd-journal-gatewayd.socket.8: man/systemd-journal-gatewayd.service.8
+man/journal-remote.conf.d.html: man/journal-remote.conf.html
+	$(html-alias)
+
 man/systemd-journal-gatewayd.html: man/systemd-journal-gatewayd.service.html
 	$(html-alias)
 
@@ -1634,6 +1640,7 @@ EXTRA_DIST += \
 	man/hostname.xml \
 	man/hostnamectl.xml \
 	man/hwdb.xml \
+	man/journal-remote.conf.xml \
 	man/journalctl.xml \
 	man/journald.conf.xml \
 	man/kernel-command-line.xml \
diff --git a/man/journal-remote.conf.xml b/man/journal-remote.conf.xml
new file mode 100644
index 0000000..a7b2227
--- /dev/null
+++ b/man/journal-remote.conf.xml
@@ -0,0 +1,114 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<!--
+  This file is part of systemd.
+
+  Copyright 2015 Chris Morgan
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<refentry id="journal-remote.conf" conditional='HAVE_MICROHTTPD'
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  <refentryinfo>
+    <title>journal-remote.conf</title>
+    <productname>systemd</productname>
+
+    <authorgroup>
+      <author>
+        <contrib>Developer</contrib>
+        <firstname>Chris</firstname>
+        <surname>Morgan</surname>
+        <email>chmorgan at gmail.com</email>
+      </author>
+    </authorgroup>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>journal-remote.conf</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>journal-remote.conf</refname>
+    <refname>journal-remote.conf.d</refname>
+    <refpurpose>Journal remote service configuration files</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>/etc/systemd/journal-remote.conf</filename></para>
+    <para><filename>/etc/systemd/journald.conf.d/*.conf</filename></para>
+    <para><filename>/run/systemd/journald.conf.d/*.conf</filename></para>
+    <para><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>These files configure various parameters of the systemd-remote-journal
+    application,
+    <citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+  </refsect1>
+
+  <xi:include href="standard-conf.xml" xpointer="main-conf" />
+
+  <refsect1>
+    <title>Options</title>
+
+    <para>All options are configured in the
+    <literal>[Remote]</literal> section:</para>
+
+    <variablelist>
+
+      <varlistentry>
+        <term><varname>SplitMode=</varname></term>
+
+        <listitem><para>One of <literal>host</literal> or <literal>none</literal>.
+        </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>ServerKeyFile=</varname></term>
+
+        <listitem><para>SSL key in PEM format</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>ServerCertificateFile=</varname></term>
+
+        <listitem><para>SSL CA certificate in PEM format.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>TrustedCertificateFile=</varname></term>
+
+        <listitem><para>SSL CA certificate.</para></listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </refsect1>
+
+  <refsect1>
+      <title>See Also</title>
+      <para>
+        <citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/man/systemd-journal-remote.xml b/man/systemd-journal-remote.xml
index 2687662..d5bda63 100644
--- a/man/systemd-journal-remote.xml
+++ b/man/systemd-journal-remote.xml
@@ -310,6 +310,7 @@ systemd-journal-remote --url http://some.host:19531/
       <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>journal-remote.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
     </para>
   </refsect1>
 </refentry>

commit 412dc90d0b48e3253786309eb563a8c1e79db22a
Author: Dimitri John Ledkov <dimitri.j.ledkov at intel.com>
Date:   Tue Mar 17 16:37:07 2015 +0100

    resolved: Do not add .busname dependencies, when compiling without kdbus.
    
    (cherry picked from commit defa8e675b2903ad53e093bb2847c7256f0779a5)

diff --git a/Makefile.am b/Makefile.am
index aadaad2..78f77d7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5459,7 +5459,7 @@ dist_dbussystemservice_DATA += \
 	src/resolve/org.freedesktop.resolve1.service
 
 EXTRA_DIST += \
-	units/systemd-resolved.service.in
+	units/systemd-resolved.service.m4.in
 
 SYSTEM_UNIT_ALIASES += \
 	systemd-resolved.service dbus-org.freedesktop.resolve1.service
diff --git a/units/.gitignore b/units/.gitignore
index 6fdb629..c59676c 100644
--- a/units/.gitignore
+++ b/units/.gitignore
@@ -55,6 +55,7 @@
 /systemd-reboot.service
 /systemd-remount-fs.service
 /systemd-resolved.service
+/systemd-resolved.service.m4
 /systemd-hibernate-resume at .service
 /systemd-rfkill at .service
 /systemd-shutdownd.service
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
deleted file mode 100644
index b643da9..0000000
--- a/units/systemd-resolved.service.in
+++ /dev/null
@@ -1,29 +0,0 @@
-#  This file is part of systemd.
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-
-[Unit]
-Description=Network Name Resolution
-Documentation=man:systemd-resolved.service(8)
-After=systemd-networkd.service network.service
-
-# On kdbus systems we pull in the busname explicitly, because it
-# carries policy that allows the daemon to acquire its name.
-Wants=org.freedesktop.resolve1.busname
-After=org.freedesktop.resolve1.busname
-
-[Service]
-Type=notify
-Restart=always
-RestartSec=0
-ExecStart=@rootlibexecdir@/systemd-resolved
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
-ProtectSystem=full
-ProtectHome=yes
-WatchdogSec=1min
-
-[Install]
-WantedBy=multi-user.target
diff --git a/units/systemd-resolved.service.m4.in b/units/systemd-resolved.service.m4.in
new file mode 100644
index 0000000..d133847
--- /dev/null
+++ b/units/systemd-resolved.service.m4.in
@@ -0,0 +1,31 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Network Name Resolution
+Documentation=man:systemd-resolved.service(8)
+After=systemd-networkd.service network.service
+
+m4_ifdef(`ENABLE_KDBUS',
+# On kdbus systems we pull in the busname explicitly, because it
+# carries policy that allows the daemon to acquire its name.
+Wants=org.freedesktop.resolve1.busname
+After=org.freedesktop.resolve1.busname
+
+)m4_dnl
+[Service]
+Type=notify
+Restart=always
+RestartSec=0
+ExecStart=@rootlibexecdir@/systemd-resolved
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
+ProtectSystem=full
+ProtectHome=yes
+WatchdogSec=1min
+
+[Install]
+WantedBy=multi-user.target

commit 78bce4363bb349a64ed98ac307421698c8f8e06e
Author: Jan Pazdziora <jpazdziora at redhat.com>
Date:   Fri Mar 13 12:57:18 2015 +0100

    console-getty.service: don't start when /dev/console is missing
    
    Create minimal image which runs systemd
    
       FROM rhel7.1
       RUN yum install -y /usr/bin/ps
       ENV container docker
       CMD [ "/usr/sbin/init" ]
    
    When you run the container without -t, the process
    
       /sbin/agetty --noclear --keep-baud console 115200 38400 9600
    
    is not happy and checking the journal in the container, there is a stream of
    
    Mar 13 04:50:15 11bf07f59fff agetty[66]: /dev/console: No such file or directory
    Mar 13 04:50:25 11bf07f59fff systemd[1]: console-getty.service holdoff time over, scheduling restart.
    Mar 13 04:50:25 11bf07f59fff systemd[1]: Stopping Console Getty...
    Mar 13 04:50:25 11bf07f59fff systemd[1]: Starting Console Getty...
    Mar 13 04:50:25 11bf07f59fff systemd[1]: Started Console Getty.
    Mar 13 04:50:25 11bf07f59fff agetty[67]: /dev/console: No such file or directory
    Mar 13 04:50:35 11bf07f59fff systemd[1]: console-getty.service holdoff time over, scheduling restart.
    Mar 13 04:50:35 11bf07f59fff systemd[1]: Stopping Console Getty...
    Mar 13 04:50:35 11bf07f59fff systemd[1]: Starting Console Getty...
    Mar 13 04:50:35 11bf07f59fff systemd[1]: Started Console Getty.
    Mar 13 04:50:35 11bf07f59fff agetty[74]: /dev/console: No such file or directory
    Mar 13 04:50:45 11bf07f59fff systemd[1]: console-getty.service holdoff time over, scheduling restart.
    Mar 13 04:50:45 11bf07f59fff systemd[1]: Stopping Console Getty...
    Mar 13 04:50:45 11bf07f59fff systemd[1]: Starting Console Getty...
    
    (cherry picked from commit 1b41981d9a62443d566df6bcabc1b5024e9f5e4a)

diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in
index 8ac51a4..413d940 100644
--- a/units/console-getty.service.m4.in
+++ b/units/console-getty.service.m4.in
@@ -9,6 +9,7 @@
 Description=Console Getty
 Documentation=man:agetty(8)
 After=systemd-user-sessions.service plymouth-quit-wait.service
+ConditionPathExists=/dev/console
 m4_ifdef(`HAVE_SYSV_COMPAT',
 After=rc-local.service
 )m4_dnl



More information about the systemd-commits mailing list