Backport a few more patches

0020-test-compress-benchmark-skip-loop-iteration-if-size-.patch

@@ -1,9 +1,11 @@
-From 15b947fb798cd131355ba9935802d58e92bdba6e Mon Sep 17 00:00:00 2001
+From f4bb8c3a9aed5ddefb66380c818d04aa0b663693 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Fri, 4 Mar 2016 21:46:47 -0500
 Subject: [PATCH] test-compress-benchmark: skip loop iteration if size is 0
 
 Otherwise we would hit an assert in the compression code.
+
+(cherry picked from commit 15b947fb798cd131355ba9935802d58e92bdba6e)
 ---
  src/journal/test-compress-benchmark.c | 2 ++
  1 file changed, 2 insertions(+)

0021-time-util-fall-back-to-CLOCK_MONOTONIC-if-CLOCK_BOOT.patch

@@ -0,0 +1,38 @@
+From c411521802d5e89eeb5cdf39cdd7b9538a3a3a08 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue, 15 Mar 2016 12:43:33 +0100
+Subject: [PATCH] time-util: fall back to CLOCK_MONOTONIC if CLOCK_BOOTTIME
+ unsupported
+
+It was added in 2.6.39, and causes an assertion to fail when running in mock
+hosted on 2.6.23-based RHEL-6:
+
+Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at systemd/src/basic/time-util.c:70, function now(). Aborting.
+
+(cherry picked from commit 2abd5b5a49ae368b258ffc7257ab703bccda67dd)
+---
+ src/basic/time-util.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 510f018d9b..ec112e23e2 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -47,12 +47,15 @@ static clockid_t map_clock_id(clockid_t c) {
+         /* Some more exotic archs (s390, ppc, …) lack the "ALARM" flavour of the clocks. Thus, clock_gettime() will
+          * fail for them. Since they are essentially the same as their non-ALARM pendants (their only difference is
+          * when timers are set on them), let's just map them accordingly. This way, we can get the correct time even on
+-         * those archs. */
++         * those archs.
++         *
++         * Also, older kernels don't support CLOCK_BOOTTIME: fall back to CLOCK_MONOTONIC. */
+ 
+         switch (c) {
+ 
++        case CLOCK_BOOTTIME:
+         case CLOCK_BOOTTIME_ALARM:
+-                return CLOCK_BOOTTIME;
++                return clock_boottime_or_monotonic ();
+ 
+         case CLOCK_REALTIME_ALARM:
+                 return CLOCK_REALTIME;

0022-headers-use-__inline__-instead-of-inline.patch

@@ -0,0 +1,47 @@
+From b1ab67134c28ade32eab8fde37840efac789affc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 11 Mar 2016 13:41:49 -0500
+Subject: [PATCH] headers: use __inline__ instead of inline
+
+https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Alternate-Keywords.html#Alternate-Keywords
+recommends __inline__ over inline in ANSI C compatible headers.
+Tested with gcc-5.3 and clang-3.7.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1316964
+(cherry picked from commit 0cb27225e9c658d80538ace7a267ba0a2d2f44f2)
+---
+ src/systemd/_sd-common.h | 2 +-
+ src/systemd/sd-id128.h   | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/systemd/_sd-common.h b/src/systemd/_sd-common.h
+index 2d4e1f26e1..3bb886be75 100644
+--- a/src/systemd/_sd-common.h
++++ b/src/systemd/_sd-common.h
+@@ -74,7 +74,7 @@
+ #endif
+ 
+ #define _SD_DEFINE_POINTER_CLEANUP_FUNC(type, func)             \
+-        static inline void func##p(type **p) {                  \
++        static __inline__ void func##p(type **p) {              \
+                 if (*p)                                         \
+                         func(*p);                               \
+         }                                                       \
+diff --git a/src/systemd/sd-id128.h b/src/systemd/sd-id128.h
+index a3bf5897b8..4dff0b9b81 100644
+--- a/src/systemd/sd-id128.h
++++ b/src/systemd/sd-id128.h
+@@ -100,11 +100,11 @@ int sd_id128_get_boot(sd_id128_t *ret);
+                 ((x).bytes[15] & 15) >= 10 ? 'a' + ((x).bytes[15] & 15) - 10 : '0' + ((x).bytes[15] & 15), \
+                 0 })
+ 
+-_sd_pure_ static inline int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
++_sd_pure_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
+         return memcmp(&a, &b, 16) == 0;
+ }
+ 
+-_sd_pure_ static inline int sd_id128_is_null(sd_id128_t a) {
++_sd_pure_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
+         return a.qwords[0] == 0 && a.qwords[1] == 0;
+ }
+ 

0023-dev-console-must-be-labeled-with-SELinux-label.patch

@@ -0,0 +1,47 @@
+From 641a7f0c61ff42ea55ad7152e7f874ea5d680a2d Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Wed, 9 Mar 2016 09:29:25 -0500
+Subject: [PATCH] /dev/console must be labeled with SELinux label
+
+If the user specifies an selinux_apifs_context all content created in
+the container including /dev/console should use this label.
+
+Currently when this uses the default label it gets labeled user_devpts_t,
+which would require us to write a policy allowing container processes to
+manage user_devpts_t.  This means that an escaped process would be allowed
+to attack all users terminals as well as other container terminals.  Changing
+the label to match the apifs_context, means the processes would only be allowed
+to manage their specific tty.
+
+This change fixes a problem preventing RKT containers from working with systemd-nspawn.
+
+(cherry picked from commit 68b020494d1ff085281061413d9236b5865ef238)
+---
+ src/nspawn/nspawn.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index ef348c335b..8c06f6ef75 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -87,6 +87,7 @@
+ #ifdef HAVE_SECCOMP
+ #include "seccomp-util.h"
+ #endif
++#include "selinux-util.h"
+ #include "signal-util.h"
+ #include "socket-util.h"
+ #include "stat-util.h"
+@@ -3286,6 +3287,12 @@ int main(int argc, char *argv[]) {
+                 goto finish;
+         }
+ 
++        if (arg_selinux_apifs_context) {
++                r = mac_selinux_apply(console, arg_selinux_apifs_context);
++                if (r < 0)
++                        goto finish;
++        }
++
+         if (unlockpt(master) < 0) {
+                 r = log_error_errno(errno, "Failed to unlock tty: %m");
+                 goto finish;

0024-fstab-generator-fix-automount-option-and-don-t-start.patch

@@ -0,0 +1,90 @@
+From 1b8bdd05fcecd83cc8c8269f06a50ced055ab864 Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Tue, 1 Dec 2015 18:01:44 +0100
+Subject: [PATCH] fstab-generator: fix automount option and don't start
+ associated mount unit at boot
+
+Without this patch applied the mount unit with 'automount' option was still
+pulled by local-fs.target and thus was activated during the boot process which
+defeats the purpose of the 'automount' option:
+
+   $ grep /mnt /etc/fstab
+   /dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0
+
+   $ reboot
+   ...
+
+   $ mount | grep mnt
+   systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
+   /dev/vdb1 on /mnt type ext2 (rw,relatime)
+
+   $ systemctl status mnt.mount | grep Active
+      Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago
+
+With the patch applied:
+
+   $ reboot
+   ...
+
+   $ mount | grep mnt
+   systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
+
+   $ systemctl status mnt.mount | grep Active
+      Active: inactive (dead)
+
+   $ ls /mnt
+   lost+found
+
+   $ systemctl status mnt.mount | grep Active
+      Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago
+
+(cherry picked from commit 2b14df4a9ae92623b584e61db6b5b37accd832c1)
+---
+ src/core/mount.c                      | 11 ++++++++++-
+ src/fstab-generator/fstab-generator.c |  4 ++--
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index de1075d3a0..cfe4b0f517 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -104,6 +104,14 @@ static bool mount_is_auto(const MountParameters *p) {
+         return !fstab_test_option(p->options, "noauto\0");
+ }
+ 
++static bool mount_is_automount(const MountParameters *p) {
++        assert(p);
++
++        return fstab_test_option(p->options,
++                                 "comment=systemd.automount\0"
++                                 "x-systemd.automount\0");
++}
++
+ static bool needs_quota(const MountParameters *p) {
+         assert(p);
+ 
+@@ -328,7 +336,8 @@ static int mount_add_device_links(Mount *m) {
+         if (path_equal(m->where, "/"))
+                 return 0;
+ 
+-        if (mount_is_auto(p) && UNIT(m)->manager->running_as == MANAGER_SYSTEM)
++        if (mount_is_auto(p) && !mount_is_automount(p) &&
++            UNIT(m)->manager->running_as == MANAGER_SYSTEM)
+                 device_wants_mount = true;
+ 
+         r = unit_add_node_link(UNIT(m), p->what, device_wants_mount, m->from_fragment ? UNIT_BINDS_TO : UNIT_REQUIRES);
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index 97a48764ae..6f576b5ecf 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -336,8 +336,8 @@ static int add_mount(
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write unit file %s: %m", unit);
+ 
+-        if (!noauto) {
+-                lnk = strjoin(arg_dest, "/", post, nofail || automount ? ".wants/" : ".requires/", name, NULL);
++        if (!noauto && !automount) {
++                lnk = strjoin(arg_dest, "/", post, nofail ? ".wants/" : ".requires/", name, NULL);
+                 if (!lnk)
+                         return log_oom();
+ 

systemd.spec

@@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        229
-Release:        6%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        7%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        A System and Service Manager
@@ -53,9 +53,13 @@ Patch0016:      0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch
 Patch0017:      0017-resolved-fix-notification-iteration-logic-when-trans.patch
 Patch0018:      0018-selinux-always-try-to-load-the-full-selinux-db.patch
 Patch0019:      0019-selinux-use-raw-variants-of-security_compute_create-.patch
-Patch0020:      0020-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
+Patch0020:      0020-test-compress-benchmark-skip-loop-iteration-if-size-.patch
-Patch0021:      0021-test-compress-benchmark-skip-loop-iteration-if-size-.patch
+Patch0021:      0021-time-util-fall-back-to-CLOCK_MONOTONIC-if-CLOCK_BOOT.patch
+Patch0022:      0022-headers-use-__inline__-instead-of-inline.patch
+Patch0023:      0023-dev-console-must-be-labeled-with-SELinux-label.patch
+Patch0024:      0024-fstab-generator-fix-automount-option-and-don-t-start.patch
 
+Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
 Patch0999:      0999-Add-a-workaround-for-linux-net-if.h-conflict.patch
 
 # kernel-install patch for grubby, drop if grubby is obsolete
@@ -927,6 +931,11 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
 /usr/lib/firewalld/services/*
 
 %changelog
+* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-7
+- Moar patches (#1316964, #1317928)
+- Move vconsole-setup and tmpfiles-setup-dev bits to systmed-udev
+- Protect systemd-udev from deinstallation
+
 * Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-6
 - Create /etc/resolv.conf symlink from systemd-resolved (#1313085)