update ChangeLog

X-Gentoo-Bug: 559540
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=559540

BUSYBOX.md

@@ -1,6 +1,4 @@
-Using Busybox as your Default Shell
------------------------------------
-
+# Using Busybox as your Default Shell with OpenRC
 
 If you have/bin/sh linked to busybox, you need to be aware of several
 incompatibilities between busybox's applets and the standalone
@@ -27,5 +25,8 @@ CONFIG_SETFONT -- The setfont applet does not support the -u option from kbd.
 CONFIG_IP -- The ip applet  doesn't support the "scope" modifier for
 "ip route add" and "ip address add".
 
+CONFIG_BB_SYSCTL -- The sysctl applet does not support the --system command
+line switch.
+
 There is work to get most of these supported by busybox, so this file
 will be updated as things change.

FEATURE-REMOVAL-SCHEDULE.md

@@ -1,34 +1,31 @@
+# Features Scheduled for Removal
+
 The following is a list of files and features that are going to be removed in
 the source tree.  Every entry should contain what exactly is going away, why it
 is happening, and who is going to be doing the work.  When the feature is
 removed, it should also be removed from this file.
 
----------------------------
-
-What: Service pause action
+## Service pause action
 
 When: 1.0
 
-Why: ...
+Why: The same affect can be obtained with the --nodeps option to stop.
 
 Who:
 
----------------------------
-
-What: start-stop-daemon options --startas, --chuid , --oknodo
+## start-stop-daemon options --startas, --chuid , --oknodo
 
 When: 1.0
 
 Why: Obsolete or replaced by other options.
-	 --startas => use --name or --exec
-	 --chuid => use --user
-	 --oknodo => ignore return code instead
+
+* --startas => use --name or --exec
+* --chuid => use --user
+* --oknodo => ignore return code instead
 
 Who:
 
----------------------------
-
-What: runscript and rc symbolic links
+## runscript and rc symbolic links
 
 When: 1.0
 
@@ -37,9 +34,7 @@ Why: Deprecated in favor of openrc-run and openrc due to naming
 
 Who:
 
----------------------------
-
-What: support for the opts variable in service scripts
+## support for the opts variable in service scripts
 
 When: 1.0
 
@@ -48,9 +43,7 @@ Why: Depprecated in favor of extra_commands, extra_started_commands
 
 Who:
 
----------------------------
-
-What: support for local_start and local_stop
+## support for local_start and local_stop
 
 When: 1.0
 
@@ -58,9 +51,7 @@ Why: Depprecated in favor of executable scripts in @SYSCONFDIR@/local.d
 
 Who:
 
----------------------------
-
-What: the mtab service script
+## the mtab service script
 
 When: make warnings more visible in 1.0, remove in 2.0
 
@@ -68,5 +59,3 @@ Why: /etc/mtab should be a symbolic link to /proc/self/mounts on modern
 	 Linux systems
 
 Who:
-
----------------------------

HISTORY.md

@@ -1,3 +1,5 @@
+# OpenRC History
+
 This history of OpenRC was written by Daniel Robbins, Roy Marples, William
 Hubbs and others.
 

Makefile

@@ -2,7 +2,10 @@
 # Copyright (c) 2007-2009 Roy Marples <roy@marples.name>
 # Released under the 2-clause BSD license.
 
-include Makefile.inc
+TOP:=		${dir ${realpath ${firstword ${MAKEFILE_LIST}}}}
+MK=			${TOP}/mk
+
+include ${TOP}/Makefile.inc
 
 SUBDIR=		conf.d etc init.d local.d man scripts sh src sysctl.d
 
@@ -17,12 +20,11 @@ SUBDIR+=	runlevels
 
 INSTALLAFTER=	_installafter
 
-MK= 		mk
 include ${MK}/sys.mk
 include ${MK}/os.mk
 include ${MK}/subdir.mk
 include ${MK}/dist.mk
-include ${MK}/git.mk
+include ${MK}/gitver.mk
 
 _installafter:
 ifeq (${MKPREFIX},yes)

Makefile.inc

@@ -1,3 +1,3 @@
 NAME=		openrc
-VERSION=	0.13.11
+VERSION=	0.18.4
 PKG=		${NAME}-${VERSION}

NEWS

@@ -1,44 +0,0 @@
-OpenRC NEWS
-
-This file will contain a list of notable changes for each release.
-
-OpenRC-0.13.2
-=============
-
-A chroot variable has been added to the service script variables.
-This fixes the support for running a service in a chroot.
-This is documented in man 8 openrc-run.
-
-The netmount service now mounts nfs file systems.
-This change was made to correct a fix for an earlier bug.
-
-OpenRC-0.13
-===========
-
-/sbin/rc was renamed to /sbin/openrc and /sbin/runscript was renamed to
-/sbin/openrc-run due to naming conflicts with other software.
-
-Backward compatible symbolic links are currently in place so your
-system will keep working if you are using the old names; however, it is
-strongly advised that you migrate to the new names because the symbolic
-links will be removed in the future.
-Warnings have been added to assist with this migration; however, due to the
-level of noise they produce, they only appear in verbose mode in this release.
-
-The devfs script now handles the initial mounting and setup of the
-/dev directory. If /dev has already been mounted by the kernel or an
-initramfs, devfs will remount /dev with the correct mount options
-instead of mounting a second /dev over the existing mount point.
-
-It attempts to mount /dev from fstab first if an entry exists there. If
-it doesn't it attempts to mount devtmpfs if it is configured in the
-kernel. If not, it attempts to mount tmpfs.
-If none of these is available, an error message is displayed and static
-/dev is assumed.
-
-OpenRC-0.12
-===========
-
-The net.* scripts, originally from Gentoo Linux, have
-been removed. If you need these scripts, look for a package called
-netifrc, which is maintained by them.

NEWS.md

@@ -0,0 +1,97 @@
+# OpenRC NEWS
+
+This file will contain a list of notable changes for each release. Note
+the information in this file is in reverse order.
+
+## OpenRC-0.18.3
+
+Modern Linux systems expect /etc/mtab to be a symbolic link to
+/proc/self/mounts. Reasons for this change include support for mount
+namespaces, which will not work if /etc/mtab is a file.
+By default, the mtab service enforces this on each reboot.
+
+If you find that this breaks your system in some way, please do the
+following:
+
+- Set mtab_is_file=yes in /etc/conf.d/mtab.
+
+- Restart mtab. This will recreate the /etc/mtab file.
+
+- Check for an issue on https://github.com/openrc/openrc/issues
+  explaining why you need /etc/mtab to be a file. If there isn't one,
+  please open one and explain in detail why you need this to be a file.
+  If there is one, please add your comments to it. Please give concrete
+  examples of why  it is important that /etc/mtab be a file instead of a
+  symbolic link. Those comments will be taken into consideration for how
+  long to keep supporting mtab as a file or when the support can be
+  removed.
+
+## OpenRC-0.18
+
+The behaviour of localmount and netmount in this version is changing. In
+the past, these services always started successfully. In this version,
+they will be able to fail if file systems they mount fail to mount. If
+you have file systems listed in fstab which should not be mounted at
+boot time, make sure to add noauto to the mount options. If you have
+file systems that you want to attempt to mount at boot time but failure
+should be allowed, add nofail to the mount options for these file
+systems in fstab.
+
+## OpenRC-0.14
+
+The binfmt service, which registers misc binary formats with the Linux
+kernel, has been separated from the procfs service. This service will be
+automatically added to the boot runlevel for new Linux installs. When
+you upgrade, you will need to use rc-update to add it to your boot
+runlevel.
+
+The procfs service no longer automounts the deprecated usbfs and
+usbdevfs file systems. Nothing should be using usbdevfs any longer, and
+if you still need usbfs it can be added to fstab.
+
+Related to the above change, the procfs service no longer attempts to
+modprobe the usbcore module. If your device manager does not load it,
+you will need to configure the modules service to do so.
+
+The override order of binfmt.d and tmpfiles.d directories has been
+changed to match systemd. Files in /run/binfmt.d and /run/tmpfiles.d
+override their /usr/lib counterparts, and files in the /etc counterparts
+override both /usr/lib and /run.
+
+## OpenRC-0.13.2
+
+A chroot variable has been added to the service script variables.
+This fixes the support for running a service in a chroot.
+This is documented in man 8 openrc-run.
+
+The netmount service now mounts nfs file systems.
+This change was made to correct a fix for an earlier bug.
+
+## OpenRC-0.13
+
+/sbin/rc was renamed to /sbin/openrc and /sbin/runscript was renamed to
+/sbin/openrc-run due to naming conflicts with other software.
+
+Backward compatible symbolic links are currently in place so your
+system will keep working if you are using the old names; however, it is
+strongly advised that you migrate to the new names because the symbolic
+links will be removed in the future.
+Warnings have been added to assist with this migration; however, due to the
+level of noise they produce, they only appear in verbose mode in this release.
+
+The devfs script now handles the initial mounting and setup of the
+/dev directory. If /dev has already been mounted by the kernel or an
+initramfs, devfs will remount /dev with the correct mount options
+instead of mounting a second /dev over the existing mount point.
+
+It attempts to mount /dev from fstab first if an entry exists there. If
+it doesn't it attempts to mount devtmpfs if it is configured in the
+kernel. If not, it attempts to mount tmpfs.
+If none of these is available, an error message is displayed and static
+/dev is assumed.
+
+## OpenRC-0.12
+
+The net.* scripts, originally from Gentoo Linux, have
+been removed. If you need these scripts, look for a package called
+netifrc, which is maintained by them.

README

@@ -1,66 +0,0 @@
-OpenRC README
-
-
-Installation
-------------
-make install
-Yup, that simple. Works with GNU make.
-
-You may wish to tweak the installation with the below arguments
-PROGLDFLAGS=-static
-LIBNAME=lib64
-DESTDIR=/tmp/openrc-image
-MKNET=no
-MKPAM=pam
-MKPREFIX=yes
-MKPKGCONFIG=no
-MKSELINUX=yes
-MKSTATICLIBS=no
-MKTERMCAP=ncurses
-MKTERMCAP=termcap
-MKTOOLS=yes
-PKG_PREFIX=/usr/pkg
-LOCAL_PREFIX=/usr/local
-PREFIX=/usr/local
-
-We don't support building a static OpenRC with PAM.
-You may need to use PROGLDFLAGS=-Wl,-Bstatic on glibc instead of just -static.
-If you debug memory under valgrind, add -DDEBUG_MEMORY to your CPPFLAGS
-so that all malloc memory should be freed at exit.
-If you are building OpenRC for a Gentoo Prefix installation, add
-MKPREFIX=yes.
-
-You can also brand OpenRC if you so wish like so
-BRANDING=\"Gentoo/$(uname -s)\"
-
-PKG_PREFIX should be set to where packages install to by default.
-LOCAL_PREFIX should be set when to where user maintained packages are.
-Only set LOCAL_PREFIX if different from PKG_PREFIX.
-PREFIX should be set when OpenRC is not installed to /.
-
-If any of the following files exist then we do not overwrite them
-/etc/devd.conf
-/etc/rc
-/etc/rc.shutdown
-/etc/conf.d/*
-
-rc and rc.shutdown are the hooks from the BSD init into OpenRC.
-devd.conf is modified from FreeBSD to call /etc/rc.devd which is a generic
-hook into OpenRC.
-inittab is the same, but for SysVInit as used by most Linux distributions.
-This can be found in the support folder.
-Obviously, if you're installing this onto a system that does not use OpenRC
-by default then you may wish to backup the above listed files, remove them
-and then install so that the OS hooks into OpenRC.
-
-init.d.misc is not installed by default as the scripts will need
-tweaking on a per distro basis. They are also non essential to the operation
-of the system.
-
-Reporting Bugs
---------------
-Since Gentoo Linux is hosting OpenRC development, Bugs should go to
-the Gentoo Bugzilla:
-	http://bugs.gentoo.org/
-They should be filed under the "Gentoo Hosted Projects" product and
-the "openrc" component.

README.md

@@ -0,0 +1,99 @@
+# OpenRC README
+
+OpenRC is a dependency-based init system that works with the
+system-provided init program, normally `/sbin/init`. Currently, it does
+not have an init program of its own.
+
+## Installation
+
+OpenRC requires GNU make.
+
+Once you have GNU Make installed, the default OpenRC installation can be
+executed using this command:
+
+make install
+
+## Configuration
+
+You may wish to configure the installation by passing one or more of the
+below arguments to the make command
+
+```
+PROGLDFLAGS=-static
+LIBNAME=lib64
+DESTDIR=/tmp/openrc-image
+MKNET=no
+MKPAM=pam
+MKPREFIX=yes
+MKPKGCONFIG=no
+MKSELINUX=yes
+MKSTATICLIBS=no
+MKTERMCAP=ncurses
+MKTERMCAP=termcap
+MKTOOLS=yes
+PKG_PREFIX=/usr/pkg
+LOCAL_PREFIX=/usr/local
+PREFIX=/usr/local
+BRANDING=\"Gentoo/$(uname -s)\"
+```
+
+## Notes
+
+We don't support building a static OpenRC with PAM.
+
+You may need to use `PROGLDFLAGS=-Wl,-Bstatic` on glibc instead of just `-static`.
+
+If you debug memory under valgrind, add `-DDEBUG_MEMORY`
+to your `CPPFLAGS` so that all malloc memory should be freed at exit.
+
+If you are building OpenRC for a Gentoo Prefix installation, add `MKPREFIX=yes`.
+
+`PKG_PREFIX` should be set to where packages install to by default.
+
+`LOCAL_PREFIX` should be set when to where user maintained packages are.
+Only set `LOCAL_PREFIX` if different from `PKG_PREFIX`.
+
+`PREFIX` should be set when OpenRC is not installed to /.
+
+If any of the following files exist then we do not overwrite them
+
+```
+/etc/devd.conf
+/etc/rc
+/etc/rc.shutdown
+/etc/conf.d/*
+```
+
+`rc` and `rc.shutdown` are the hooks from the BSD init into OpenRC.
+
+`devd.conf` is modified from FreeBSD to call `/etc/rc.devd` which is a
+generic hook into OpenRC.
+
+`inittab` is the same, but for SysVInit as used by most Linux distributions.
+This can be found in the support folder.
+
+Obviously, if you're installing this onto a system that does not use
+OpenRC by default then you may wish to backup the above listed files,
+remove them and then install so that the OS hooks into OpenRC.
+
+`init.d.misc` is not installed by default as the scripts will need
+tweaking on a per distro basis. They are also non essential to the
+operation of the system.
+
+## Reporting Bugs
+
+If you are using Gentoo Linux, bugs can be filed on their bugzilla under
+the `gentoo hosted projects` product and the `openrc` component [1].
+Otherwise, you can report issues on our github [2].
+
+Better yet, if you can contribute code, please feel free to submit pull
+requests [3].
+
+## IRC Channel
+
+We have an official irc channel, #openrc on freenode, feel free to join
+us there.
+
+[1]	https://bugs.gentoo.org/
+[2]	https://github.com/openrc/openrc/issues
+[3]	https://github.com/openrc/openrc/pulls

STYLE-GUIDE.md

@@ -1,23 +1,23 @@
+# OpenRC Style Guide
+
 This is the openrc style manual.  It governs the coding style of all code
 in this repository.  Follow it.  Contact openrc@gentoo.org for any questions
 or fixes you might notice.
 
-##########
-# C CODE #
-##########
+## C CODE
 
-The BSD Kernel Normal Form (KNF) style is used:
-	http://en.wikipedia.org/wiki/Indent_style#BSD_KNF_style
-Basically, it's like K&R/LKML, but wrapped lines that are indented use 4 spaces.
+The BSD Kernel Normal Form (KNF) style is used [1]. Basically, it is like
+K&R/LKML, but wrapped lines that are indented use 4 spaces. Here are the
+highlights.
 
-Highlights:
-	- no trailing whitespace
-	- indented code use tabs (not line wrapped)
-	- cuddle the braces (except for functions)
-	- space after native statements and before paren (for/if/while/...)
-	- no space between function and paren
-	- pointer asterisk cuddles the variable, not the type
+- no trailing whitespace
+- indented code use tabs (not line wrapped)
+- cuddle the braces (except for functions)
+- space after native statements and before paren (for/if/while/...)
+- no space between function and paren
+- pointer asterisk cuddles the variable, not the type
 
+```
 void foo(int c)
 {
 	int ret = 0;
@@ -32,16 +32,15 @@ void foo(int c)
 
 	return ret;
 }
+```
 
-##################
-# COMMIT MESSAGES #
-##################
+## COMMIT MESSAGES
 
 The following is an example of a correctly formatted git commit message
 for this repository. Most of this information came from this blog post
-[1], so I would like to thank the author.
+[2], so I would like to thank the author.
 
-### cut here ###
+```
 Capitalized, short (50 chars or less) summary
 
 More detailed explanatory text, if necessary.  Wrap it to about 72
@@ -67,7 +66,7 @@ Further paragraphs come after blank lines.
 Reported-by: User Name <email>
 X-[Distro]-Bug: BugID
 X-[Distro]-Bug-URL: URL for the bug (on the distribution's web site typically)
-### cut here ###
+```
 
 If you did not write the code and the patch does not include authorship
 information in a format git can use, please use the --author option of the
@@ -81,5 +80,5 @@ different from the author and committer.
   *BSD. Also, [Distro] should be replaced with the name of the
   distribution, e.g. X-Gentoo-Bug.
 
-[1] http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
-
+[1]	http://en.wikipedia.org/wiki/Indent_style#BSD_KNF_style
+[2] http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html

conf.d/Makefile

@@ -15,7 +15,7 @@ include ${MK}/os.mk
 
 CONF-FreeBSD=	ipfw moused powerd rarpd savecore syscons
 
-CONF-Linux=	consolefont devfs dmesg hwclock keymaps killprocs modules
+CONF-Linux=	consolefont devfs dmesg hwclock keymaps killprocs modules mtab
 
 CONF-NetBSD=	moused rarpd savecore
 

conf.d/mtab

@@ -0,0 +1,5 @@
+# This setting controls whether /etc/mtab is a file or symbolic link.
+# Most of the time, you shouldn't touch this. However, if the default
+# breaks your system in some way, please see the NEWS.md file that comes
+# with OpenRC for the actions to take.
+# mtab_is_file=no

etc/rc.conf.Linux

@@ -2,14 +2,15 @@
 # LINUX SPECIFIC OPTIONS
 
 # This is the subsystem type. Valid options on Linux:
-# ""        - nothing special
-# "lxc"     - Linux Containers
-# "openvz"  - Linux OpenVZ
-# "prefix"  - Prefix
-# "uml"     - Usermode Linux
-# "vserver" - Linux vserver
-# "xen0"    - Xen0 Domain
-# "xenU"    - XenU Domain
+# ""               - nothing special
+# "lxc"            - Linux Containers
+# "openvz"         - Linux OpenVZ
+# "prefix"         - Prefix
+# "uml"            - Usermode Linux
+# "vserver"        - Linux vserver
+# "systemd-nspawn" - Container created by the systemd-nspawn utility
+# "xen0"           - Xen0 Domain
+# "xenU"           - XenU Domain
 # If this is commented out, automatic detection will be used.
 #
 # This should be set to the value representing the environment this file is
@@ -61,12 +62,21 @@ rc_tty_number=12
 # Set the devices controller settings for this service.
 #rc_cgroup_devices=""
 
+# Set the hugetlb controller settings for this service.
+#rc_cgroup_hugetlb=""
+
 # Set the memory controller settings for this service.
 #rc_cgroup_memory=""
 
+# Set the net_cls controller settings for this service.
+#rc_cgroup_net_cls=""
+
 # Set the net_prio controller settings for this service.
 #rc_cgroup_net_prio=""
 
+# Set the pids controller settings for this service.
+#rc_cgroup_pids=""
+
 # Set this to YES if yu want all of the processes in a service's cgroup
 # killed when the service is stopped or restarted.
 # This should not be set globally because it kills all of the service's

etc/rc.conf.in

@@ -116,6 +116,9 @@
 #SSD_NICELEVEL="-19"
 
 # Pass ulimit parameters
+# If you are using bash in POSIX mode for your shell, note that the
+# ulimit command uses a block size of 512 bytes for the -c and -f
+# options
 #rc_ulimit="-u 30"
 
 # It's possible to define extra dependencies for services like so

etc/rc.in

@@ -10,9 +10,9 @@
 trap : SIGINT
 trap "echo 'Boot interrupted'; exit 1" SIGQUIT
 
-/sbin/rc sysinit || exit 1
-/sbin/rc boot || exit 1
-/sbin/rc default
+/sbin/openrc sysinit || exit 1
+/sbin/openrc boot || exit 1
+/sbin/openrc default
 
 # We don't actually care if rc default worked or not, we should exit 0
 # to allow logins

etc/rc.shutdown.in

@@ -14,4 +14,4 @@ LD_LIBRARY_PATH="/lib${LD_LIBRARY_PATH:+:}${LDLIBRARY_PATH}" ; export LD_LIBRARY
 [ -z "$TERM" -o "$TERM" = "dumb" ] && TERM="@TERM@" && export TERM
 
 action=${1:-shutdown}
-exec /sbin/rc "${action}"
+exec /sbin/openrc "${action}"

init.d/.gitignore

@@ -23,6 +23,7 @@ modules
 mount-ro
 mtab
 numlock
+osclock
 procfs
 staticroute
 sysfs

init.d/Makefile

@@ -2,8 +2,8 @@ include ../mk/net.mk
 
 DIR=	${INITDIR}
 SRCS=	bootmisc.in fsck.in hostname.in local.in localmount.in loopback.in \
-	netmount.in root.in savecache.in swap.in swapfiles.in \
-	tmpfiles.setup.in swclock.in sysctl.in urandom.in ${SRCS-${OS}}
+	netmount.in osclock.in root.in savecache.in swap.in swapfiles.in \
+	tmpfiles.setup.in swclock.in sysctl.in urandom.in s6-svscan.in ${SRCS-${OS}}
 BIN=	${OBJS}
 
 # Are we installing our network scripts?
@@ -21,7 +21,7 @@ SRCS-FreeBSD=	hostid.in moused.in newsyslog.in pf.in rarpd.in rc-enabled.in \
 SRCS-FreeBSD+=	adjkerntz.in devd.in dumpon.in encswap.in ipfw.in \
 		mixer.in nscd.in powerd.in syscons.in
 
-SRCS-Linux=	devfs.in dmesg.in hwclock.in consolefont.in keymaps.in \
+SRCS-Linux=	binfmt.in devfs.in dmesg.in hwclock.in consolefont.in keymaps.in \
 		killprocs.in modules.in mount-ro.in mtab.in numlock.in \
 		procfs.in sysfs.in termencoding.in tmpfiles.dev.in
 

init.d/binfmt.in

@@ -0,0 +1,20 @@
+#!@SBINDIR@/openrc-run
+# Copyright 2015 William Hubbs <w.d.hubbs@gmail.com>
+# Released under the 2-clause BSD license.
+
+description="Register misc binary format handlers"
+
+depend()
+{
+	after procfs
+	use modules devfs
+	keyword -openvz -prefix -systemd-nspawn -vserver -lxc
+}
+
+start()
+{
+	ebegin "Loading custom binary format handlers"
+	"$RC_LIBEXECDIR"/sh/binfmt.sh
+	eend $?
+	return 0
+}

init.d/bootmisc.in

@@ -119,11 +119,31 @@ clean_run()
 {
 	[ "$RC_SYS" = VSERVER -o "$RC_SYS" = LXC ] && return 0
 	local dir
+	# If / is still read-only due to a problem, this will fail!
+	if ! checkpath -W /; then
+		ewarn "/ is not writable; unable to clean up underlying /run"
+		return 1
+	fi
+	if ! checkpath -W /tmp; then
+		ewarn "/tmp is not writable; unable to clean up underlying /run"
+		return 1
+	fi
+	# Now we know that we can modify /tmp and /
+	# if mktemp -d fails, it returns an EMPTY string
+	# STDERR: mktemp: failed to create directory via template ‘/tmp/tmp.XXXXXXXXXX’: Read-only file system
+	# STDOUT: ''
+	rc=0
 	dir=$(mktemp -d)
-	mount --bind / $dir
-	rm -rf $dir/run/*
-	umount $dir
-	rm -rf $dir
+	if [ -n "$dir" -a -d $dir -a -w $dir ]; then
+		mount --bind / $dir && rm -rf $dir/run/* || rc=1
+		umount $dir && rmdir $dir
+	else
+		rc=1
+	fi
+	if [ $rc -ne 0 ]; then
+		ewarn "Could not clean up underlying /run on /"
+		return 1
+	fi
 }
 
 start()
@@ -193,10 +213,13 @@ start()
 	if yesno $log_dmesg; then
 		if $logw || checkpath -W /var/log; then
 			# Create an 'after-boot' dmesg log
-			if [ "$RC_SYS" != VSERVER -a "$RC_SYS" != OPENVZ -a "$RC_SYS" != LXC ]; then
-				dmesg > /var/log/dmesg
-				chmod 640 /var/log/dmesg
-			fi
+			case "$RC_SYS" in
+				VSERVER|OPENVZ|LXC|SYSTEMD-NSPAWN) ;;
+				*)
+					dmesg > /var/log/dmesg
+					chmod 640 /var/log/dmesg
+					;;
+			esac
 		fi
 	fi
 

init.d/consolefont.in

@@ -7,8 +7,8 @@ description="Sets a font for the consoles."
 depend()
 {
 	need localmount termencoding
-	after hotplug bootmisc
-	keyword -openvz -prefix -uml -vserver -xenu -lxc
+	after hotplug bootmisc modules
+	keyword -openvz -prefix -systemd-nspawn -uml -vserver -xenu -lxc
 }
 
 start()

init.d/devfs.in

@@ -8,7 +8,7 @@ depend()
 {
 	provide dev-mount
 	before dev
-	keyword -prefix -vserver -lxc
+	keyword -prefix -systemd-nspawn -vserver -lxc
 }
 
 mount_dev()

init.d/dmesg.in

@@ -7,7 +7,7 @@ description="Set the dmesg level for a cleaner boot"
 depend()
 {
 	before dev modules
-	keyword -lxc -prefix -vserver
+	keyword -lxc -prefix -systemd-nspawn -vserver
 }
 
 start()

init.d/fsck.in

@@ -9,7 +9,7 @@ _IFS="
 depend()
 {
 	use dev clock modules
-	keyword -jail -openvz -prefix -timeout -vserver -lxc -uml
+	keyword -jail -openvz -prefix -systemd-nspawn -timeout -vserver -lxc -uml
 }
 
 _abort() {

init.d/hostname.in

@@ -5,7 +5,7 @@
 description="Sets the hostname of the machine."
 
 depend() {
-	keyword -prefix -lxc
+	keyword -prefix -systemd-nspawn -lxc
 }
 
 start()

init.d/hwclock.in

@@ -28,7 +28,7 @@ depend()
 	else
 		before *
 	fi
-	keyword -openvz -prefix -uml -vserver -xenu -lxc
+	keyword -openvz -prefix -systemd-nspawn -uml -vserver -xenu -lxc
 }
 
 setupopts()

init.d/keymaps.in

@@ -8,7 +8,7 @@ depend()
 {
 	need localmount termencoding
 	after bootmisc
-	keyword -openvz -prefix -uml -vserver -xenu -lxc
+	keyword -openvz -prefix -systemd-nspawn -uml -vserver -xenu -lxc
 }
 
 start()

init.d/local.in

@@ -20,7 +20,7 @@ start()
 	for file in @SYSCONFDIR@/local.d/*.start; do
 		if [ -x "${file}" ]; then
 			vebegin "Executing \"${file}\""
-			"${file}" $redirect
+			eval "${file}" $redirect
 			retval=$?
 			if [ ${retval} -ne 0 ]; then
 				has_errors=1
@@ -59,7 +59,7 @@ stop()
 	for file in @SYSCONFDIR@/local.d/*.stop; do
 		if [ -x "${file}" ]; then
 			vebegin "Executing \"${file}\""
-			"${file}" $redirect
+			eval "${file}" $redirect
 			retval=$?
 			if [ ${retval} -ne 0 ]; then
 				has_errors=1

init.d/localmount.in

@@ -9,13 +9,13 @@ depend()
 	need fsck
 	use lvm modules mtab
 	after lvm modules
-	keyword -jail -prefix -vserver -lxc
+	keyword -jail -prefix -systemd-nspawn -vserver -lxc
 }
 
 start()
 {
 	# Mount local filesystems in /etc/fstab.
-	local types="noproc" x= no_netdev=
+	local types="noproc" x= no_netdev= rc=
 	for x in $net_fs_list $extra_net_fs_list; do
 		types="${types},no${x}"
 	done
@@ -29,9 +29,11 @@ start()
 	ebegin "Mounting local filesystems"
 	mount -at "$types" $no_netdev
 	eend $? "Some local filesystem failed to mount"
-
-	# Always return 0 - some local mounts may not be critical for boot
-	return 0
+	rc=$?
+	if [ "$RC_UNAME" != Linux ]; then
+		rc=0
+	fi
+	return $rc
 }
 
 stop()
@@ -70,17 +72,19 @@ stop()
 			sync
 		fi
 
-		local aufs_branch aufs_mount_dir aufs_mount_point aufs_si_dir aufs_si_id
-		for aufs_si_dir in /sys/fs/aufs/*; do
-			aufs_mount_dir=${aufs_si_dir#/sys/fs/aufs/}
-			aufs_si_id="$(printf "%s" $aufs_mount_dir | sed 's/_/=/g')"
+		local aufs_branch aufs_mount_point aufs_si_id aufs_br_id branches
+		for aufs_si_dir in /sys/fs/aufs/si*; do
+			[ -d "${aufs_si_dir}" ] || continue
+			aufs_si_id="si=${aufs_si_dir#/sys/fs/aufs/si_}"
 			aufs_mount_point="$(mountinfo -o ${aufs_si_id})"
-			for x in $aufs_si_dir/br[0-9][0-9][0-9]; do
+			branches="$aufs_si_dir/br[0-9] $aufs_si_dir/br[0-9][0-9] $aufs_si_dir/br[0-9][0-9][0-9]"
+			for x in $branches; do
+				[ -e "${x}" ] || continue
 				aufs_branch=$(sed 's/=.*//g' $x)
 				eindent
 				if ! mount -o "remount,del:$aufs_branch" "$aufs_mount_point" > /dev/null 2>&1; then
 					ewarn "Failed to remove branch $aufs_branch from aufs \
-						$aufs_mount_point"
+					$aufs_mount_point"
 				fi
 				eoutdent
 				sync

init.d/loopback.in

@@ -6,7 +6,7 @@ description="Configures the loopback interface."
 
 depend()
 {
-	keyword -jail -prefix -vserver
+	keyword -jail -prefix -systemd-nspawn -vserver
 }
 
 start()

init.d/modules.in

@@ -7,7 +7,7 @@ description="Loads a user defined list of kernel modules."
 depend()
 {
 	use isapnp
-	keyword -openvz -prefix -vserver -lxc
+	keyword -openvz -prefix -systemd-nspawn -vserver -lxc
 }
 
 start()

init.d/mount-ro.in

@@ -7,7 +7,7 @@ description="Re-mount filesytems read-only for a clean reboot."
 depend()
 {
 	need killprocs savecache
-	keyword -openvz -prefix -vserver -lxc
+	keyword -openvz -prefix -systemd-nspawn -vserver -lxc
 }
 
 start()

init.d/mtab.in

@@ -7,33 +7,33 @@ description="Update /etc/mtab to match what the kernel knows about"
 depend()
 {
 	need root
-	keyword -prefix
+	keyword -prefix -systemd-nspawn
 }
 
 start()
 {
-	if [ -L /etc/mtab ]; then
-		return 0
-	fi
-
+	local rc=0
 	ebegin "Updating /etc/mtab"
-	vewarn "The support for updating /etc/mtab as a file is"
-	vewarn "deprecated and will be removed in the future."
-	vewarn "Please run the following command as root on your system."
-	vewarn
-	vewarn "ln -snf /proc/self/mounts /etc/mtab"
-	if ! echo 2>/dev/null >/etc/mtab; then
-		ewend 1 "/etc/mtab is not updateable"
-		return 0
+	if ! checkpath -W /etc; then
+		rc=1
+	elif ! yesno ${mtab_is_file:-no}; then
+		[ ! -L /etc/mtab ] && [ -f /etc/mtab ] &&
+			ewarn "Removing /etc/mtab file"
+		einfo "Creating mtab symbolic link"
+		ln -snf /proc/self/mounts /etc/mtab
+	else
+		[ -L /etc/mtab ] && ewarn "Removing /etc/mtab symbolic link"
+		rm -f /etc/mtab
+		einfo "Creating mtab file"
+		# With / as tmpfs we cannot umount -at tmpfs in localmount as that
+		# makes / readonly and dismounts all tmpfs even if in use which is
+		# not good. Luckily, umount uses /etc/mtab instead of /proc/mounts
+		# which allows this hack to work.
+		grep -v "^[! ]* / tmpfs " /proc/mounts > /etc/mtab
+
+		# Remove stale backups
+		rm -f /etc/mtab~ /etc/mtab~~
 	fi
-
-	# With / as tmpfs we cannot umount -at tmpfs in localmount as that
-	# makes / readonly and dismounts all tmpfs even if in use which is
-	# not good. Luckily, umount uses /etc/mtab instead of /proc/mounts
-	# which allows this hack to work.
-	grep -v "^[! ]* / tmpfs " /proc/mounts > /etc/mtab
-
-	# Remove stale backups
-	rm -f /etc/mtab~ /etc/mtab~~
-	eend 0
+	eend $rc "/etc is not writable; unable to create /etc/mtab"
+	return 0
 }

init.d/netmount.in

@@ -9,7 +9,7 @@ depend()
 	config /etc/fstab
 	use afc-client amd nfsclient autofs openvpn
 	use dns
-	keyword -jail -prefix -vserver -lxc
+	keyword -jail -prefix -systemd-nspawn -vserver -lxc
 }
 
 start()
@@ -27,7 +27,10 @@ start()
 		rc=$?
 	fi
 	ewend $rc "Could not mount all network filesystems"
-	return 0
+	if [ "$RC_UNAME" != Linux ]; then
+		rc=0
+	fi
+	return $rc
 }
 
 stop()

init.d/numlock.in

@@ -9,7 +9,7 @@ ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}}
 depend()
 {
 	need localmount
-	keyword -openvz -prefix -vserver -lxc
+	keyword -openvz -prefix -systemd-nspawn -vserver -lxc
 }
 
 _setleds()

init.d/osclock.in

@@ -0,0 +1,12 @@
+#!@SBINDIR@/openrc-run
+# Copyright (c) 2014 Ralph Sennhauser <sera@igentoo.org>
+# Released under the 2-clause BSD license.
+
+# Can be used on OSs that take care of the clock.
+
+description="Provides clock"
+
+depend()
+{
+	provide clock
+}

init.d/procfs.in

@@ -8,66 +8,20 @@ depend()
 {
 	use modules devfs
 	need localmount
-	keyword -openvz -prefix -vserver -lxc
+	keyword -openvz -prefix -systemd-nspawn -vserver -lxc
 }
 
 start()
 {
-	# Make sure we insert usbcore if it's a module
-	if [ -f /proc/modules -a ! -d /sys/module/usbcore -a ! -d /proc/bus/usb ]; then
-		modprobe -q usbcore
-	fi
-
-	[ -e /proc/filesystems ] || return 0
-
 	# Setup Kernel Support for miscellaneous Binary Formats
 	if [ -d /proc/sys/fs/binfmt_misc -a ! -e /proc/sys/fs/binfmt_misc/register ]; then
+		modprobe -q binfmt-misc
 		if grep -qs binfmt_misc /proc/filesystems; then
 			ebegin "Mounting misc binary format filesystem"
 			mount -t binfmt_misc -o nodev,noexec,nosuid \
 				binfmt_misc /proc/sys/fs/binfmt_misc
-			if eend $? ; then
-				local fmts
-				ebegin "Loading custom binary format handlers"
-				fmts=$(grep -hsv -e '^[#;]' -e '^[[:space:]]*$' \
-					/run/binfmt.d/*.conf \
-					/etc/binfmt.d/*.conf \
-					""/usr/lib/binfmt.d/*.conf)
-				if [ -n "${fmts}" ]; then
-					echo "${fmts}" > /proc/sys/fs/binfmt_misc/register
-				fi
 				eend $?
-			fi
 		fi
 	fi
-
-	[ "$RC_SYS" = "OPENVZ" ] && return 0
-
-	# Check what USB fs the kernel support.  Currently
-	# 2.5+ kernels, and later 2.4 kernels have 'usbfs',
-	# while older kernels have 'usbdevfs'.
-	if [ -d /proc/bus/usb -a ! -e /proc/bus/usb/devices ]; then
-		local usbfs=$(grep -Fow usbfs /proc/filesystems ||
-			grep -Fow usbdevfs /proc/filesystems)
-		if [ -n "$usbfs" ]; then
-			ebegin "Mounting USB device filesystem [$usbfs]"
-			local usbgid="$(getent group usb | \
-				sed -e 's/.*:.*:\(.*\):.*/\1/')"
-			mount -t $usbfs \
-				-o ${usbgid:+devmode=0664,devgid=$usbgid,}noexec,nosuid \
-				usbfs /proc/bus/usb
-			eend $?
-		fi
-	fi
-
-	# Setup Kernel Support for SELinux
-	if [ -d /sys/fs/selinux ] && ! mountinfo -q /sys/fs/selinux; then
-		if grep -qs selinuxfs /proc/filesystems; then
-			ebegin "Mounting SELinux filesystem"
-			mount -t selinuxfs selinuxfs /sys/fs/selinux
-			eend $?
-		fi
-	fi
-
 	return 0
 }

init.d/root.in

@@ -7,7 +7,7 @@ description="Mount the root fs read/write"
 depend()
 {
 	need fsck
-	keyword -jail -openvz -prefix -vserver -lxc
+	keyword -jail -openvz -prefix -systemd-nspawn -vserver -lxc
 }
 
 start()

init.d/s6-svscan.in

@@ -0,0 +1,31 @@
+#!@SBINDIR@/openrc-run
+# Copyright (C) 2015 William Hubbs <w.d.hubbs@gmail.com>
+# Released under the 2-clause BSD license.
+
+command=/bin/s6-svscan
+command_args="${RC_SVCDIR}"/s6-scan
+command_background=yes
+pidfile=/var/run/s6-svscan.pid
+
+depend()
+{
+	need localmount
+}
+
+start_pre()
+{
+	einfo "Creating s6 scan directory"
+	checkpath -d -m 0755 "$RC_SVCDIR"/s6-scan
+	return $?
+}
+
+stop_post()
+{
+	ebegin "Stopping any remaining s6 services"
+	s6-svc -dx "${RC_SVCDIR}"/s6-scan/* 2>/dev/null || true
+	eend $?
+
+	ebegin "Stopping any remaining s6 service loggers"
+	s6-svc -dx "${RC_SVCDIR}"/s6-scan/*/log 2>/dev/null || true
+	eend $?
+}

init.d/savecache.in

@@ -7,43 +7,53 @@ description="Saves the caches OpenRC uses to non volatile storage"
 start()
 {
 	if [ -e "$RC_SVCDIR"/clock-skewed ]; then
-		ewarn "WARNING: clock skew detected!"
+		ewarn "Clock skew detected!"
 		if ! yesno "${RC_GOINGDOWN}"; then
 			eerror "Not saving deptree cache"
 			return 1
 		fi
 	fi
-	if ! checkpath -W "$RC_LIBEXECDIR"/cache; then
-		ewarn "WARNING: ${RC_LIBEXECDIR}/cache is not writable!"
-		if ! yesno "${RC_GOINGDOWN}"; then
-			ewarn "Unable to save deptree cache"
+	if [ ! -d "$RC_LIBEXECDIR"/cache ]; then
+		if ! checkpath -W "$RC_LIBEXECDIR"; then
+			eerror "${RC_LIBEXECDIR} is not writable!"
+			eerror "Unable to save dependency cache"
+			if yesno "${RC_GOINGDOWN}"; then
+				return 0
+			fi
 			return 1
 		fi
-		return 0
-	fi
-	ebegin "Saving dependency cache"
-	local rc=
-	if [ ! -d "$RC_LIBEXECDIR"/cache ]; then
 		rm -rf "$RC_LIBEXECDIR"/cache
-		if ! mkdir "$RC_LIBEXECDIR"/cache; then
-			rc=$?
+		if ! mkdir -p "$RC_LIBEXECDIR"/cache; then
+			eerror "Unable to create $RC_LIBEXECDIR/cache"
+			eerror "Unable to save dependency cache"
 			if yesno "${RC_GOINGDOWN}"; then
-				rc=0
+				return 0
 			fi
-			eend $rc
-			return $rc
+			return 1
 		fi
 	fi
-	local save=
+	if ! checkpath -W "$RC_LIBEXECDIR"/cache; then
+		eerror "${RC_LIBEXECDIR}/cache is not writable!"
+		eerror "Unable to save dependency cache"
+		if yesno "${RC_GOINGDOWN}"; then
+			return 0
+		fi
+		return 1
+	fi
+	ebegin "Saving dependency cache"
+	local rc=0 save=
 	for x in deptree depconfig shutdowntime softlevel nettree rc.log; do
 		[ -e "$RC_SVCDIR/$x" ] && save="$save $RC_SVCDIR/$x"
 	done
 	if [ -n "$save" ]; then
-		cp -p $save "$RC_LIBEXECDIR"/cache 2>/dev/null
+		cp -p $save "$RC_LIBEXECDIR"/cache
+		rc=$?
 	fi
-	rc=$?
 	if yesno "${RC_GOINGDOWN}"; then
-		rc=0
+		if [ $rc -ne 0 ]; then
+			eerror "Unable to save dependency cache"
+		fi
+		eend 0
 	fi
-	eend $rc
+	eend $rc "Unable to save dependency cache"
 }

init.d/savecore.in

@@ -23,7 +23,7 @@ start()
 		# Don't quote ${dump_device}, so that if it's unset,
 		# savecore will check on the partitions listed in fstab
 		# without errors in the output
-		savecore -C "$dump_dir" $dump_device >/dev/null
+		savecore -C $dump_device >/dev/null
 	else
 		ls "$dump_dir"/bsd* > /dev/null 2>&1
 	fi

init.d/swap.in

@@ -5,7 +5,7 @@
 depend()
 {
 	before localmount
-	keyword -jail -openvz -prefix -vserver -lxc
+	keyword -jail -openvz -prefix -systemd-nspawn -vserver -lxc
 }
 
 start()

init.d/swapfiles.in

@@ -5,7 +5,7 @@
 depend()
 {
 	need localmount
-	keyword -jail -openvz -prefix -vserver -lxc
+	keyword -jail -openvz -prefix -systemd-nspawn -vserver -lxc
 }
 
 start()

init.d/swclock.in

@@ -8,7 +8,7 @@ depend()
 {
 	before *
 	provide clock
-	keyword -openvz -prefix -uml -vserver -xenu -lxc
+	keyword -openvz -prefix -systemd-nspawn -uml -vserver -xenu -lxc
 }
 
 # swclock is an OpenRC built in

init.d/sysctl.GNU.in

@@ -1,4 +1,4 @@
-#!@PREFIX@/sbin/runscript
+#!@PREFIX@/sbin/openrc-run
 # Copyright (c) 2007-2009 Roy Marples <roy@marples.name>
 # Released under the 2-clause BSD license.
 #FIXME: Modify for GNU/Hurd

init.d/sysctl.Linux.in

@@ -5,12 +5,15 @@
 depend()
 {
 	before bootmisc logger
-	keyword -prefix -vserver
+	keyword -prefix -systemd-nspawn -vserver
 }
 
 start()
 {
+	local quiet
+	yesno $rc_verbose || quiet=-q
+
 	ebegin "Configuring kernel parameters"
-	sysctl --system
+	sysctl ${quiet} --system
 	eend $? "Unable to configure some kernel parameters"
 }

init.d/sysfs.in

@@ -8,7 +8,7 @@ sysfs_opts=nodev,noexec,nosuid
 
 depend()
 {
-	keyword -lxc -prefix -vserver
+	keyword -lxc -prefix -systemd-nspawn -vserver
 }
 
 mount_sys()
@@ -82,6 +82,15 @@ mount_misc()
 		fi
 	fi
 
+	# Setup Kernel Support for SELinux
+	if [ -d /sys/fs/selinux ] && ! mountinfo -q /sys/fs/selinux; then
+		if grep -qs selinuxfs /proc/filesystems; then
+			ebegin "Mounting SELinux filesystem"
+			mount -t selinuxfs selinuxfs /sys/fs/selinux
+			eend $?
+		fi
+	fi
+
 	# setup up kernel support for efivarfs
 	# slightly complicated, as if it's build as a module but NOT yet loaded,
 	# it will NOT appear in /proc/filesystems yet
@@ -107,7 +116,7 @@ mount_cgroups()
 		mount -n -t cgroup \
 			-o none,${sysfs_opts},name=openrc,release_agent="$agent" \
 			openrc /sys/fs/cgroup/openrc
-		echo 1 > /sys/fs/cgroup/openrc/notify_on_release
+		printf 1 > /sys/fs/cgroup/openrc/notify_on_release
 	fi
 
 	yesno ${rc_controller_cgroups:-YES} && [ -e /proc/cgroups ] || return 0

init.d/termencoding.in

@@ -9,7 +9,7 @@ ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}}
 
 depend()
 {
-	keyword -lxc -openvz -prefix -uml -vserver -xenu
+	keyword -lxc -openvz -prefix -systemd-nspawn -uml -vserver -xenu
 	use root
 	after bootmisc
 }

init.d/tmpfiles.dev.in

@@ -2,7 +2,7 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Released under the 2-clause BSD license.
 
-description="set up tmpfiles.d entries"
+description="Set up tmpfiles.d entries"
 
 depend()
 {
@@ -13,7 +13,7 @@ depend()
 
 start()
 {
-	ebegin "setting up tmpfiles.d entries for /dev"
+	ebegin "Setting up tmpfiles.d entries for /dev"
 	@LIBEXECDIR@/sh/tmpfiles.sh --prefix=/dev --create --boot ${tmpfiles_opts}
 	eend $?
 	return 0

init.d/tmpfiles.setup.in

@@ -2,7 +2,7 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Released under the 2-clause BSD license.
 
-description="set up tmpfiles.d entries"
+description="Set up tmpfiles.d entries"
 
 depend()
 {
@@ -11,7 +11,7 @@ depend()
 
 start()
 {
-	ebegin "setting up tmpfiles.d entries"
+	ebegin "Setting up tmpfiles.d entries"
 	@LIBEXECDIR@/sh/tmpfiles.sh --exclude-prefix=/dev --create --remove --boot \
 		${tmpfiles_opts}
 	eend $?

init.d/urandom.in

@@ -8,7 +8,7 @@ description="Initializes the random number generator."
 depend()
 {
 	need localmount
-	keyword -jail -lxc -openvz -prefix
+	keyword -jail -lxc -openvz -prefix -systemd-nspawn
 }
 
 save_seed()

man/Makefile

@@ -1,9 +1,17 @@
+MK=		../mk
+include ${MK}/sys.mk
+include ${MK}/os.mk
+
 MAN3=		einfo.3 \
 		rc_config.3 rc_deptree.3 rc_find_pids.3 rc_plugin_hook.3 \
 		rc_runlevel.3 rc_service.3 rc_stringlist.3
 MAN8=		rc-service.8 rc-status.8 rc-update.8 openrc.8 openrc-run.8 \
 		service.8 start-stop-daemon.8
 
+ifeq (${OS},Linux)
+MAN8 += rc-sstat.8
+endif
+
 # Handy macro to create symlinks
 # This does rely on correctly formatting our manpages!
 MAKE_LINKS=	suffix=$${man\#*.}; \
@@ -16,8 +24,6 @@ MAKE_LINKS=	suffix=$${man\#*.}; \
 		fi; \
 		done;
 
-MK=		../mk
-include ${MK}/sys.mk
 include ${MK}/gitignore.mk
 
 all:

man/openrc-run.8

@@ -107,6 +107,19 @@ the service has already been stopped.
 String describing the service.
 .It Ar description_$command
 String describing the extra command.
+.It Ar supervisor
+Supervisor to use to monitor this daemon. If this is unset,
+start-stop-daemon will be used. The only alternate supervisor we support
+in this release is S6 from Skarnet software. To use this, set
+supervisor=s6.
+.It Ar s6_service_path
+The path to the s6 service directory if you are monitoring this service
+with S6. The default is /var/svc.d/${RC_SVCNAME}.
+.It Ar s6_svwait_options_start
+The options to pass to s6-svwait when starting the service via s6.
+.It Ar s6_service_timeout_stop
+The amount of time, in milliseconds, s6-svc should wait for the service
+to go down when stopping the service. The default is 10000.
 .It Ar start_stop_daemon_args
 List of arguments passed to start-stop-daemon when starting the daemon.
 .It Ar command
@@ -114,7 +127,8 @@ Daemon to start or stop via
 .Nm start-stop-daemon
 if no start or stop function is defined by the service.
 .It Ar command_args
-List of arguments to pass to the daemon when starting.
+List of arguments to pass to the daemon when starting via
+.Nm start-stop-daemon .
 .It Ar command_background
 Set this to "true", "yes" or "1" (case-insensitive) to force the daemon into
 the background. This implies the "--make-pidfile" and "--pidfile" option of
@@ -127,6 +141,8 @@ will chroot into this path before writing the pid file or starting the daemon.
 Pidfile to use for the above defined command.
 .It Ar name
 Display name used for the above defined command.
+.It Ar stopsig
+Signal to send when stopping the daemon.
 .It Ar retry
 Retry schedule to use when stopping the daemon. It can either be a
 timeout in seconds or multiple signal/timeout pairs (like SIGTERM/5).

man/rc-sstat.8

@@ -0,0 +1,46 @@
+.\" Copyright (c) 2015 William Hubbs
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd April 24, 2008
+.Dt RC-sstat 8 SMM
+.Os OpenRC
+.Sh NAME
+.Nm rc-sstat
+.Nd show status info about services supervised by s6 then rc-status
+info
+.Sh SYNOPSIS
+.Nm
+.Sh DESCRIPTION
+.Nm
+gathers and displays information about the status of services supervised
+by s6 then runs rc-status to show info about nnormal OpenRC services.
+.Pp
+.Sh EXIT STATUS
+.Nm
+exits 1 if there is an internal error or exits with the same exit codes
+as rc-status.
+.Sh SEE ALSO
+.Xr rc-status 8 ,
+.Xr rc-update 8
+.Sh AUTHORS
+.An William Hubbs <w.d.hubbs@gmail.com>

man/rc-update.8

@@ -87,7 +87,7 @@ If the
 .Fl s , -stack
 option is given then we either add or remove the runlevel from the runlevel.
 This allows inheritance of runlevels.
-
+.Pp
 If the
 .Fl a, -all
 option is given, we remove the service from all runlevels. This is

mk/depend.mk

@@ -6,7 +6,7 @@ IGNOREFILES+=	.depend
 
 .depend: ${SRCS}
 	rm -f .depend
-	${CC} ${CPPFLAGS} -MM ${SRCS} > .depend
+	${CC} ${LOCAL_CPPFLAGS} ${CPPFLAGS} -MM ${SRCS} > .depend
 
 depend: .depend extra_depend
 

mk/dist.mk

@@ -2,7 +2,7 @@
 # Copyright (c) 2008 Roy Marples <roy@marples.name>
 # Released under the 2-clause BSD license.
 
-GITREF?=	HEAD
+GITREF?=	${VERSION}
 DISTPREFIX?=	${NAME}-${VERSION}
 DISTFILE?=	${DISTPREFIX}.tar.bz2
 
@@ -34,7 +34,7 @@ snapshot:
 	mkdir /tmp/${SNAPDIR}
 	cp -RPp * /tmp/${SNAPDIR}
 	(cd /tmp/${SNAPDIR}; make clean)
-	find /tmp/${SNAPDIR} -name .svn -exec rm -rf -- {} \; 2>/dev/null || true
+	rm -rf /tmp/${SNAPDIR}/.git 2>/dev/null || true
 	tar -cvjpf ${SNAPFILE} -C /tmp ${SNAPDIR}
 	rm -rf /tmp/${SNAPDIR}
 	ls -l ${SNAPFILE}

mk/lib.mk

@@ -21,10 +21,10 @@ _LIBS+=			${SHLIB_NAME}
 CLEANFILES+=		${OBJS} ${SOBJS} ${_LIBS} ${SHLIB_LINK}
 
 %.o: %.c
-	${CC} ${CFLAGS} ${CPPFLAGS} -c $< -o $@
+	${CC} ${LOCAL_CFLAGS} ${LOCAL_CPPFLAGS} ${CFLAGS} ${CPPFLAGS} -c $< -o $@
 
 %.So: %.c
-	${CC} ${PICFLAG} -DPIC ${CPPFLAGS} ${CFLAGS} -c $< -o $@
+	${CC} ${PICFLAG} -DPIC ${LOCAL_CFLAGS} ${LOCAL_CPPFLAGS} ${CPPFLAGS} ${CFLAGS} -c $< -o $@
 
 all: depend ${_LIBS}
 
@@ -40,7 +40,7 @@ ${SHLIB_NAME}:	${SOBJS}
 	@${ECHO} building shared library $@
 	@rm -f $@ ${SHLIB_LINK}
 	@ln -fs $@ ${SHLIB_LINK}
-	${CC} ${CFLAGS} ${LDFLAGS} -shared -Wl,-x \
+	${CC} ${LOCAL_CFLAGS} ${CFLAGS} ${LOCAL_LDFLAGS} ${LDFLAGS} -shared -Wl,-x \
 	-o $@ -Wl,-soname,${SONAME} \
 	${SOBJS} ${LDADD}
 

mk/os-GNU.mk

@@ -4,5 +4,5 @@
 SFX=		.GNU.in
 PKG_PREFIX?=	/usr
 
-CPPFLAGS+=	-D_BSD_SOURCE -D_XOPEN_SOURCE=700 -DMAXPATHLEN=4096 -DMAX_PATH=4096
+CPPFLAGS+=	-D_BSD_SOURCE -D_XOPEN_SOURCE=700 -DMAXPATHLEN=4096 -DPATH_MAX=4096
 LIBDL=		-Wl,-Bdynamic -ldl

mk/os-Linux.mk

@@ -4,11 +4,24 @@
 SFX=		.Linux.in
 PKG_PREFIX?=	/usr
 
-CPPFLAGS+=	-D_BSD_SOURCE -D_XOPEN_SOURCE=700
+CPPFLAGS+=	-D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=700
 LIBDL=		-Wl,-Bdynamic -ldl
 
 ifeq (${MKSELINUX},yes)
 CPPFLAGS+= -DHAVE_SELINUX
-LIBSELINUX= -lselinux
+LIBSELINUX?= -lselinux
 LDADD += $(LIBSELINUX)
+
+ifneq (${MKPAM},pam)
+# if using selinux but not pam then we need crypt
+LIBCRYPT?= -lcrypt
+LDADD += $(LIBCRYPT)
+endif
+
+endif
+
+ifeq (${MKAUDIT},yes)
+LIBAUDIT?=	-laudit
+CPPFLAGS+=	-DHAVE_AUDIT
+LDADD+=		${LIBAUDIT}
 endif

mk/pam.mk

@@ -3,6 +3,12 @@ LIBPAM?=	-lpam
 CPPFLAGS+=	-DHAVE_PAM
 LDADD+=		${LIBPAM}
 
+ifeq (${MKSELINUX},yes)
+# with selinux, pam_misc is needed too
+LIBPAM_MISC?=	-lpam_misc
+LDADD+=		${LIBPAM_MISC}
+endif
+
 PAMDIR?=	/etc/pam.d
 PAMMODE?=	0644
 else ifneq (${MKPAM},)

mk/prog.mk

@@ -1,4 +1,4 @@
-# rules to build a library
+# rules to build a program
 # based on FreeBSD's bsd.prog.mk
 
 # Copyright (c) 2008 Roy Marples <roy@marples.name>
@@ -25,10 +25,10 @@ CLEANFILES+=		${OBJS} ${PROG}
 all: depend ${PROG}
 
 %.o: %.c
-	${CC} ${CFLAGS} ${CPPFLAGS} -c $< -o $@
+	${CC} ${LOCAL_CFLAGS} ${LOCAL_CPPFLAGS} ${CFLAGS} ${CPPFLAGS} -c $< -o $@
 
 ${PROG}: ${SCRIPTS} ${OBJS}
-	${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${OBJS} ${LDADD}
+	${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS}  ${CFLAGS} ${LDFLAGS} -o $@ ${OBJS} ${LDADD}
 
 clean:
 	rm -f ${CLEANFILES}

runlevels/Makefile

@@ -34,7 +34,8 @@ BOOT-FreeBSD+=	hostid newsyslog savecore syslogd
 # FreeBSD specific stuff
 BOOT-FreeBSD+=	adjkerntz dumpon syscons
 
-BOOT-Linux+=	hwclock keymaps modules mtab procfs termencoding tmpfiles.setup
+BOOT-Linux+=	binfmt hwclock keymaps modules mtab procfs termencoding \
+	tmpfiles.setup
 SHUTDOWN-Linux=	killprocs mount-ro
 SYSINIT-Linux=	devfs dmesg sysfs tmpfiles.dev
 

s6-guide.md

@@ -0,0 +1,48 @@
+# Using S6 with OpenRC
+
+Beginning with OpenRC-0.16, we support using the s6 supervision suite
+from Skarmet Software in place of start-stop-daemon for monitoring
+daemons [1].
+
+## Setup
+
+Documenting s6 in detail is beyond the scope of this guide. It will
+document how to set up OpenRC services to communicate with s6.
+
+### Use Default start, stop and status functions
+
+If you write your own start, stop and status functions in your service
+script, none of this will work. You must allow OpenRC to use the default
+functions.
+
+### Dependencies
+
+All OpenRC service scripts that want their daemons monitored by s6
+should have the following line added to their dependencies to make sure
+the s6 scan directory is being monitored.
+
+need s6-svscan
+
+### Variable Settings
+
+The most important setting is the supervisor variable. At the top of
+your service script, you should set this variable as follows:
+
+supervisor=s6
+
+Several other variables affect s6 services. They are documented on the
+openrc-run man page, but I will list them here for convenience:
+
+s6_service_path - the path to the s6 service directory. The default is
+/var/svc.d/$RC_SVCNAME.
+
+s6_svwait_options_start - the options to pass to s6-svwait when starting
+the service. If this is not set, s6-svwait will not be called.
+
+s6_service_timeout_stop - the amount of time, in milliseconds, s6-svc
+should wait for a service to go down when stopping.
+
+This is very early support, so feel free to file bugs if you have
+issues.
+
+[1] http://www.skarnet.org/software/s6

scripts/.gitignore

@@ -0,0 +1 @@
+rc-sstat

scripts/Makefile

@@ -1,5 +1,19 @@
+MK=	../mk
+include ${MK}/os.mk
+
 DIR=	${LIBEXECDIR}/bin
 BIN=	on_ac_power
+INSTALLAFTER = _installafter
+
+ifeq (${OS},Linux)
+SRCS+= rc-sstat.in
+BIN+=	rc-sstat
+endif
+
+_installafter:
+ifeq (${OS},Linux)
+	${INSTALL} -d ${DESTDIR}${SBINDIR}
+	ln -s ${DIR}/rc-sstat ${DESTDIR}/${SBINDIR}/rc-sstat
+endif
 
-MK=	../mk
 include ${MK}/scripts.mk

scripts/rc-sstat.in

@@ -0,0 +1,140 @@
+#!@SHELL@
+
+# Define variables
+scandir="/run/openrc/s6-scan"
+statfile=/dev/shm/s6-svstat.${USER}
+
+color_red='\E[01;31m'
+color_green='\E[32m'
+color_yellow='\E[01;33m'
+
+# Time Modules
+uptimeModules() {
+	# Given a single integer argument representing seconds of uptime...
+	# convert uptime to a friendly human readable string: '2d 16h 58m 46s'
+	# define a variable to keep track of the longest length uptime string
+	uSec=${1:-0}
+
+	uDay=$(( $uSec / 86400 ))
+	uSec=$(( $uSec % 86400 ))
+	uHour=$(( $uSec / 3600 ))
+	uSec=$(( $uSec % 3600 ))
+	uMin=$(( $uSec / 60 ))
+	uSec=$(( $uSec % 60 ))
+
+	[ $uDay -ne 0 ] && pDay="${uDay}d " || pDay=""
+	[ $uHour -ne 0 ] && pHour="${uHour}h " || pHour=""
+	[ $uMin -ne 0 ] && pMin="${uMin}m " || pMin=""
+	[ $uSec -ne 0 ] && pSec="${uSec}s " || pSec=""
+
+	parsedUptime="$( echo ${pDay}${pHour}${pMin}${pSec} | sed 's#[ \t]*$##' )"
+	uCharCount=${#parsedUptime}
+}
+
+# Make sure we are running as root
+if [ $(id -u) != 0 ]; then
+	printf "This command must be run as root\n"
+	exit 1
+fi
+
+# Make sure scandir exists
+if [ ! -d $scandir ]; then
+	printf "%s\n" "$scandir does not exist"
+	exit 1
+fi
+
+# Make sure s6-svscan is running 
+if ! pgrep s6-svscan >/dev/null ; then 
+	printf "s6-svscan is not running\n"
+	exit 1
+fi
+
+# If TERM is undefined (launching sstat through an ssh command) then make it vt100
+if [ -z $TERM -o $TERM = "dumb" ]; then
+	export TERM=vt100
+fi
+
+# Gather list of candidate services s6-supervise may be supervising
+# filter for folders and symlinks at /run/openrc/s6-scan/* ommiting output starting with '.'
+services="$(find $scandir -maxdepth 1 -mindepth 1 \( -type d -or -type l \) | awk -F'/' '{ if ( $NF !~ "^\\." ) print $NF}')"
+if [ -z "$services" ]; then
+	printf "s6 found no services configured for supervision\n"
+	exit 1
+fi
+
+# Gather status for each service from s6-svstat
+# write to tmp file in memory for non I/O bound repeatative access
+rm -f $statfile 2>/dev/null
+for service in $services ; do
+	echo "$service $(s6-svstat ${scandir}/${service})" >> $statfile
+done
+
+# Define longest string from parsed uptime (default to 7 to match string length of 'Up Time')
+timeStringLength=7
+for uptime in $(awk '$2 == "up" {print $5}' $statfile | sort -run)
+do
+	uptimeModules $uptime
+	[ ${uCharCount} -gt $timeStringLength ] && timeStringLength=$uCharCount
+done
+
+
+#   Print the status header like so...
+#                Service Name  State    PID         Up Time           Start Time
+#----------------------------  -----  -----  --------------  -------------------
+printf "\n"
+printf "%28s  %5s  %5s  %${timeStringLength}s  %19s\n" "Service Name" "State" "PID" "Up Time" "Start Time"
+for dashes in 28 5 5 $timeStringLength 19 ; do
+	printf "%0.s-" $(seq 1 $dashes) ; echo -n '  '
+done && printf "\n"
+
+
+#   sshd up (pid 26300) 80373 seconds
+cat $statfile | \
+while read line
+do
+	set $line
+
+	service=$1
+	state=$2
+	pid=${4/)/}
+	time=$5
+
+	# call function to convert time in seconds and define additional variables
+	uptimeModules $time
+
+	if [ "$state" = up ]; then
+		if [ $time -lt 30 ]; then
+			# uptime < 30 seconds, color the whole line yellow
+			echo -en "$color_yellow"
+			# 1st 4 columns are printed with printf for space padding
+			printf "%28s  %5s  %5s  %${timeStringLength}s" $service $state $pid "$parsedUptime"
+			# 4th column is output from date -d
+			echo -e "  $(date -d "${time} seconds ago" "+%F %T")"
+			# reset terminal colors
+			tput sgr0
+		else
+			printf "%28s" $service
+			# uptime > 30 seconds, color just the "state" value green
+			echo -en "$color_green"
+			printf "  %5s" $state
+			# reset terminal colors
+			tput sgr0
+			printf "  %5s" $pid
+			printf "  %${timeStringLength}s"  "$parsedUptime"
+			echo -e "  $(date -d "${time} seconds ago" "+%F %T")"
+		fi
+	else
+		printf "%28s" $service
+		echo -en "$color_red"
+		printf "  %5s" $state
+		tput sgr0
+		echo ""
+	fi
+done
+
+# Cleanup 
+rm -f $statfile 2>/dev/null
+
+printf "\n\n"
+
+rc-status

sh/.gitignore

@@ -1,10 +1,11 @@
 functions.sh
 gendepends.sh
 rc-functions.sh
-runscript.sh
+openrc-run.sh
 cgroup-release-agent.sh
 init.sh
 init-early.sh
 rc-cgroup.sh
 tmpfiles.sh
 migrate-to-run.sh
+binfmt.sh

sh/Makefile

@@ -1,8 +1,8 @@
 DIR=	${LIBEXECDIR}/sh
 SRCS=	init.sh.in functions.sh.in gendepends.sh.in \
-	rc-functions.sh.in runscript.sh.in tmpfiles.sh.in ${SRCS-${OS}}
-INC=	rc-mount.sh functions.sh rc-functions.sh
-BIN=	gendepends.sh init.sh runscript.sh tmpfiles.sh ${BIN-${OS}}
+	openrc-run.sh.in rc-functions.sh.in tmpfiles.sh.in ${SRCS-${OS}}
+INC=	rc-mount.sh functions.sh rc-functions.sh s6.sh start-stop-daemon.sh
+BIN=	gendepends.sh init.sh openrc-run.sh tmpfiles.sh ${BIN-${OS}}
 
 INSTALLAFTER=	_installafter
 
@@ -12,9 +12,9 @@ include ${MK}/os.mk
 SRCS-FreeBSD=
 BIN-FreeBSD=
 
-SRCS-Linux=	cgroup-release-agent.sh.in init-early.sh.in migrate-to-run.sh.in \
-	rc-cgroup.sh.in
-BIN-Linux=	cgroup-release-agent.sh init-early.sh migrate-to-run.sh \
+SRCS-Linux=	binfmt.sh.in cgroup-release-agent.sh.in init-early.sh.in \
+	migrate-to-run.sh.in rc-cgroup.sh.in
+BIN-Linux=	binfmt.sh cgroup-release-agent.sh init-early.sh migrate-to-run.sh \
 	rc-cgroup.sh
 
 SRCS-NetBSD=

sh/binfmt.sh.in

@@ -0,0 +1,85 @@
+#!@SHELL@
+# This is a reimplementation of the systemd binfmt.d code to register
+# misc binary formats with the kernel.
+#
+# Copyright (c) 2015 William Hubbs <w.d.hubbs@gmail.com>
+# Released under the 2-clause BSD license.
+#
+# See the binfmt.d manpage as well:
+# http://0pointer.de/public/systemd-man/binfmt.d.html
+# This script should match the manpage as of 2015/03/31
+#
+
+apply_file() {
+	[ $# -lt 1 ] && return 0
+	FILE="$1"
+	LINENUM=0
+
+	### FILE FORMAT ###
+	# See https://www.kernel.org/doc/Documentation/binfmt_misc.txt
+	while read line; do
+		LINENUM=$(( LINENUM+1 ))
+		case $line in
+			\#*) continue ;;
+			\;*) continue ;;
+		esac
+
+		echo "${line}" > /proc/sys/fs/binfmt_misc/register
+		rc=$?
+		if [ $rc -ne 0 ]; then
+			printf "binfmt: invalid entry on line %d of \`%s'\n" \
+				"$LINENUM" "$FILE" >&2
+			error=1
+		fi
+	done <$FILE
+	return $rc
+}
+
+[ -e /proc/sys/fs/binfmt_misc/register ] || exit 0
+error=0
+if [ $# -gt 0 ]; then
+	while [ $# -gt 0 ]; do
+		apply_file "$1"
+		shift
+	done
+else
+	# The hardcoding of these paths is intentional; we are following the
+	# systemd spec.
+	binfmt_dirs='/usr/lib/binfmt.d/ /run/binfmt.d/ /etc/binfmt.d/'
+	binfmt_basenames=''
+	binfmt_d=''
+
+	# Build a list of sorted unique basenames
+	# directories declared later in the binfmt_d list will override earlier
+	# directories, on a per file basename basis.
+	# `/run/binfmt.d/foo.conf' supersedes `/usr/lib/binfmt.d/foo.conf'.
+	# `/run/binfmt.d/foo.conf' will always be read after `/etc/binfmt.d/bar.conf'
+	for d in ${binfmt_dirs} ; do
+		[ -d $d ] && for f in ${d}/*.conf ; do
+			case "${f##*/}" in
+				systemd.conf|systemd-*.conf) continue;;
+			esac
+			[ -e $f ] && binfmt_basenames="${binfmt_basenames}\n${f##*/}"
+		done # for f in ${d}
+	done # for d in ${binfmt_dirs}
+	binfmt_basenames="$(printf "${binfmt_basenames}\n" | sort -u )"
+
+	for b in $binfmt_basenames ; do
+		real_f=''
+		for d in $binfmt_dirs ; do
+			f=${d}/${b}
+			[ -e "${f}" ] && real_f=$f
+		done
+		[ -e "${real_f}" ] && binfmt_d="${binfmt_d} ${real_f}"
+	done
+
+	# loop through the gathered fragments, sorted globally by filename.
+	# `/run/binfmt.d/foo.conf' will always be read after `/etc/binfmt.d/bar.conf'
+	for FILE in $binfmt_d ; do
+		apply_file "$FILE"
+	done
+fi
+
+exit $error
+
+# vim: set ts=2 sw=2 sts=2 noet ft=sh:

sh/openrc-run.sh.in

@@ -1,5 +1,5 @@
 #!@SHELL@
-# Shell wrapper for runscript
+# Shell wrapper for openrc-run
 
 # Copyright (c) 2007-2009 Roy Marples <roy@marples.name>
 # Released under the 2-clause BSD license.
@@ -34,7 +34,10 @@ sourcex()
 
 sourcex "@LIBEXECDIR@/sh/functions.sh"
 sourcex "@LIBEXECDIR@/sh/rc-functions.sh"
-[ "$RC_SYS" != "PREFIX" ] && sourcex -e "@LIBEXECDIR@/sh/rc-cgroup.sh"
+case $RC_SYS in
+	PREFIX|SYSTEMD-NSPAWN) ;;
+	*) sourcex -e "@LIBEXECDIR@/sh/rc-cgroup.sh";;
+esac
 
 # Support LiveCD foo
 if sourcex -e "/sbin/livecd-functions.sh"; then
@@ -123,76 +126,45 @@ _status()
 }
 
 # Template start / stop / status functions
+# These functions select the appropriate function to call from the
+# supervisor modules
 start()
 {
-	[ -n "$command" ] || return 0
-	local _background=
-	ebegin "Starting ${name:-$RC_SVCNAME}"
-	if yesno "${command_background}"; then
-		if [ -z "${pidfile}" ]; then
-			eend 1 "command_background option used but no pidfile specified"
-			return 1
-		fi
-		_background="--background --make-pidfile"
-	fi
-	if yesno "$start_inactive"; then
-		local _inactive=false
-		service_inactive && _inactive=true
-		mark_service_inactive
-	fi
-	eval start-stop-daemon --start \
-		--exec $command \
-		${chroot:+--chroot} $chroot \
-		${procname:+--name} $procname \
-		${pidfile:+--pidfile} $pidfile \
-		$_background $start_stop_daemon_args \
-		-- $command_args
-	if eend $? "Failed to start $RC_SVCNAME"; then
-		service_set_value "command" "${command}"
-		[ -n "${chroot}" ] && service_set_value "chroot" "${chroot}"
-		[ -n "${pidfile}" ] && service_set_value "pidfile" "${pidfile}"
-		[ -n "${procname}" ] && service_set_value "procname" "${procname}"
-		return 0
-	fi
-	if yesno "$start_inactive"; then
-		if ! $_inactive; then
-			mark_service_stopped
-		fi
-	fi
-	return 1
+	local func=ssd_start
+	case "$supervisor" in
+		s6) func=s6_start ;;
+		?*)
+			ewarn "Invalid supervisor, \"$supervisor\", using start-stop-daemon"
+			;;
+	esac
+	$func
 }
 
 stop()
 {
-	local startcommand="$(service_get_value "command")"
-	local startchroot="$(service_get_value "chroot")"
-	local startpidfile="$(service_get_value "pidfile")"
-	local startprocname="$(service_get_value "procname")"
-	command="${startcommand:-$command}"
-	chroot="${startchroot:-$chroot}"
-	pidfile="${startpidfile:-$pidfile}"
-	procname="${startprocname:-$procname}"
-	[ -n "$command" -o -n "$procname" -o -n "$pidfile" ] || return 0
-	ebegin "Stopping ${name:-$RC_SVCNAME}"
-	start-stop-daemon --stop \
-		${retry:+--retry} $retry \
-		${command:+--exec} $command \
-		${procname:+--name} $procname \
-		${pidfile:+--pidfile} $chroot$pidfile \
-		${stopsig:+--signal} $stopsig
-	eend $? "Failed to stop $RC_SVCNAME"
+	local func=ssd_stop
+	case "$supervisor" in
+		s6) func=s6_stop ;;
+		?*)
+			ewarn "Invalid supervisor, \"$supervisor\", using start-stop-daemon"
+			;;
+	esac
+	$func
 }
 
 status()
 {
-	_status
+	local func=ssd_status
+	case "$supervisor" in
+		s6) func=s6_status ;;
+		?*)
+			ewarn "Invalid supervisor, \"$supervisor\", using start-stop-daemon"
+			;;
+	esac
+	$func
 }
 
 yesno $RC_DEBUG && set -x
-if yesno "${rc_verbose:-$RC_VERBOSE}"; then
-	EINFO_VERBOSE=yes
-	export EINFO_VERBOSE
-fi
 
 _conf_d=${RC_SERVICE%/*}/../conf.d
 # If we're net.eth0 or openvpn.work then load net or openvpn config
@@ -213,6 +185,16 @@ unset _conf_d
 # Load any system overrides
 sourcex -e "@SYSCONFDIR@/rc.conf"
 
+# load service supervisor functions
+sourcex "@LIBEXECDIR@/sh/s6.sh"
+sourcex "@LIBEXECDIR@/sh/start-stop-daemon.sh"
+
+# Set verbose mode
+if yesno "${rc_verbose:-$RC_VERBOSE}"; then
+	EINFO_VERBOSE=yes
+	export EINFO_VERBOSE
+fi
+
 for _cmd; do
 	if [ "$_cmd" != status -a "$_cmd" != describe ]; then
 		# Apply any ulimit defined
@@ -239,20 +221,22 @@ done
 # Load our script
 sourcex "$RC_SERVICE"
 
-for _d in $required_dirs; do
-	if [ ! -d $_d ]; then
+eval "printf '%s\n' $required_dirs" | while read _d; do
+	if [ -n "$_d" ] && [ ! -d "$_d" ]; then
 		eerror "$RC_SVCNAME: \`$_d' is not a directory"
 		exit 1
 	fi
 done
+[ $? -ne 0 ] && exit 1
 unset _d
 
-for _f in $required_files; do
-	if [ ! -r $_f ]; then
+eval "printf '%s\n' $required_files" | while read _f; do
+	if [ -n "$_f" ] && [ ! -r "$_f" ]; then
 		eerror "$RC_SVCNAME: \`$_f' is not readable"
 		exit 1
 	fi
 done
+[ $? -ne 0 ] && exit 1
 unset _f
 
 if [ -n "$opts" ]; then

sh/rc-cgroup.sh.in

@@ -1,6 +1,7 @@
 #!@SHELL@
 # Copyright (c) 2012 Alexander Vershilov <qnikst@gentoo.org>
 # Released under the 2-clause BSD license.
+
 extra_stopped_commands="${extra_stopped_commands} cgroup_cleanup"
 description_cgroup_cleanup="Kill all processes in the cgroup"
 
@@ -47,25 +48,27 @@ cgroup_set_values()
 			$controller.*)
 				if [ -n "$name" -a -f "$cgroup/$name" -a -n "$val" ]; then
 					veinfo "$RC_SVCNAME: Setting $cgroup/$name to $val"
-					echo $val > "$cgroup/$name"
+					printf "%s" "$val" > "$cgroup/$name"
 				fi
 				name=$1
 				val=
 				;;
 			*)
-				val="$val $1"
+				[ -n "$val" ] &&
+					val="$val $1" ||
+					val="$1"
 				;;
 		esac
 		shift
 	done
 	if [ -n "$name" -a -f "$cgroup/$name" -a -n "$val" ]; then
 		veinfo "$RC_SVCNAME: Setting $cgroup/$name to $val"
-		echo $val > "$cgroup/$name"
+		printf "%s" "$val" > "$cgroup/$name"
 	fi
 
 	if [ -f "$cgroup/tasks" ]; then
 		veinfo "$RC_SVCNAME: adding to $cgroup/tasks"
-		echo 0 > "$cgroup/tasks"
+		printf "%d" 0 > "$cgroup/tasks"
 	fi
 
 	return 0
@@ -78,14 +81,14 @@ cgroup_add_service()
     # cgroups. But may lead to a problems where that inheriting
     # is needed.
 	for d in /sys/fs/cgroup/* ; do
-		[ -f "${d}"/tasks ] && echo 0 > "${d}"/tasks
+		[ -f "${d}"/tasks ] && printf "%d" 0 > "${d}"/tasks
 	done
 
 	openrc_cgroup=/sys/fs/cgroup/openrc
 	if [ -d "$openrc_cgroup" ]; then
 		cgroup="$openrc_cgroup/$RC_SVCNAME"
 		mkdir -p "$cgroup"
-		[ -f "$cgroup/tasks" ] && echo 0 > "$cgroup/tasks"
+		[ -f "$cgroup/tasks" ] && printf "%d" 0 > "$cgroup/tasks"
 	fi
 }
 
@@ -106,12 +109,21 @@ cgroup_set_limits()
 	local devices="${rc_cgroup_devices:-$RC_CGROUP_DEVICES}"
 	[ -n "$devices" ] && cgroup_set_values devices "$devices"
 
+	local hugetlb="${rc_cgroup_hugetlb:-$RC_CGROUP_HUGETLB}"
+	[ -n "$hugetlb" ] && cgroup_set_values hugetlb "$hugetlb"
+
 	local memory="${rc_cgroup_memory:-$RC_CGROUP_MEMORY}"
 	[ -n "$memory" ] && cgroup_set_values memory "$memory"
 
+	local net_cls="${rc_cgroup_net_cls:-$RC_CGROUP_NET_CLS}"
+	[ -n "$net_cls" ] && cgroup_set_values net_cls "$net_cls"
+
 	local net_prio="${rc_cgroup_net_prio:-$RC_CGROUP_NET_PRIO}"
 	[ -n "$net_prio" ] && cgroup_set_values net_prio "$net_prio"
 
+	local pids="${rc_cgroup_pids:-$RC_CGROUP_PIDS}"
+	[ -n "$pids" ] && cgroup_set_values pids "$pids"
+
 	return 0
 }
 

sh/rc-functions.sh.in

@@ -85,7 +85,7 @@ get_bootparam()
 	return 1
 }
 
-# Called from runscript.sh or gendepends.sh
+# Called from openrc-run.sh or gendepends.sh
 _depend() {
 	depend
 	local _rc_svcname=$(shell_var "$RC_SVCNAME") _deptype= _depends=

sh/s6.sh

@@ -0,0 +1,50 @@
+# Start / stop / status functions for s6 support
+# Copyright (c) 2015 William Hubbs <w.d.hubbs@gmail.com>
+# Released under the 2-clause BSD license.
+
+[ -z "${s6_service_path}" ] && s6_service_path="/var/svc.d/${RC_SVCNAME}"
+
+s6_start()
+{
+	if [ ! -d "${s6_service_path}" ]; then
+		eerror "${s6_service_path} does not exist."
+ 	return 1
+ fi
+	s6_service_link="${RC_SVCDIR}/s6-scan/${s6_service_path##*/}"
+	ebegin "Starting ${name:-$RC_SVCNAME}"
+	ln -sf "${s6_service_path}" "${s6_service_link}"
+	s6-svscanctl -na "${RC_SVCDIR}"/s6-scan
+	sleep 1.5
+	s6-svc -u "${s6_service_link}"
+	if [ -n "$s6_svwait_options_start" ]; then
+		s6-svwait ${s6_svwait_options_start} "${s6_service_link}"
+	fi
+	sleep 1.5
+	set -- $(s6-svstat "${s6_service_link}")
+	[ "$1" = "up" ]
+	eend $? "Failed to start $RC_SVCNAME"
+}
+
+s6_stop()
+{
+	if [ ! -d "${s6_service_path}" ]; then
+		eerror "${s6_service_path} does not exist."
+ 	return 1
+ fi
+	s6_service_link="${RC_SVCDIR}/s6-scan/${s6_service_path##*/}"
+	ebegin "Stopping ${name:-$RC_SVCNAME}"
+	s6-svc -Dd -T ${s6_service_timeout_stop:-10000} "${s6_service_link}"
+	set -- $(s6-svstat "${s6_service_link}")
+	[ "$1" = "down" ]
+	eend $? "Failed to stop $RC_SVCNAME"
+}
+
+s6_status()
+{
+	s6_service_link="${RC_SVCDIR}/s6-scan/${s6_service_path##*/}"
+	if [ -L "${s6_service_link}" ]; then
+		s6-svstat "${s6_service_link}"
+	else
+		_status
+	fi
+}

sh/start-stop-daemon.sh

@@ -0,0 +1,77 @@
+# start / stop / status functions for start-stop-daemon
+# Copyright (c) 2007-2009 Roy Marples <roy@marples.name>
+# Released under the 2-clause BSD license.
+
+ssd_start()
+{
+	if [ -z "$command" ]; then
+		ewarn "The command variable is undefined."
+		ewarn "There is nothing for ${name:-$RC_SVCNAME} to start."
+		ewarn "If this is what you intend, please write a start function."
+		ewarn "This will become a failure in a future release."
+		return 0
+	fi
+
+	local _background=
+	ebegin "Starting ${name:-$RC_SVCNAME}"
+	if yesno "${command_background}"; then
+		if [ -z "${pidfile}" ]; then
+			eend 1 "command_background option used but no pidfile specified"
+			return 1
+		fi
+		if [ -n "${command_args_background}" ]; then
+			eend 1 "command_background used with command_args_background"
+			return 1
+		fi
+		_background="--background --make-pidfile"
+	fi
+	if yesno "$start_inactive"; then
+		local _inactive=false
+		service_inactive && _inactive=true
+		mark_service_inactive
+	fi
+	eval start-stop-daemon --start \
+		--exec $command \
+		${procname:+--name} $procname \
+		${pidfile:+--pidfile} $pidfile \
+		${command_user+--user} $command_user \
+		$_background $start_stop_daemon_args \
+		-- $command_args $command_args_background
+	if eend $? "Failed to start $RC_SVCNAME"; then
+		service_set_value "command" "${command}"
+		[ -n "${pidfile}" ] && service_set_value "pidfile" "${pidfile}"
+		[ -n "${procname}" ] && service_set_value "procname" "${procname}"
+		return 0
+	fi
+	if yesno "$start_inactive"; then
+		if ! $_inactive; then
+			mark_service_stopped
+		fi
+	fi
+	return 1
+}
+
+ssd_stop()
+{
+	local startcommand="$(service_get_value "command")"
+	local startpidfile="$(service_get_value "pidfile")"
+	local startprocname="$(service_get_value "procname")"
+	command="${startcommand:-$command}"
+	pidfile="${startpidfile:-$pidfile}"
+	procname="${startprocname:-$procname}"
+	[ -n "$command" -o -n "$procname" -o -n "$pidfile" ] || return 0
+	ebegin "Stopping ${name:-$RC_SVCNAME}"
+	start-stop-daemon --stop \
+		${retry:+--retry} $retry \
+		${command:+--exec} $command \
+		${procname:+--name} $procname \
+		${pidfile:+--pidfile} $pidfile \
+		${stopsig:+--signal} $stopsig
+
+	eend $? "Failed to stop $RC_SVCNAME"
+}
+
+ssd_status()
+{
+	_status
+}

sh/tmpfiles.sh.in

@@ -53,10 +53,18 @@ relabel() {
 	done
 }
 
+splitpath() {
+    local path=$1
+    while [ -n "$path" ]; do
+        echo $path
+        path=${path%/*}
+    done
+}
+
 _restorecon() {
     local path=$1
     if [ -x /sbin/restorecon ]; then
-        dryrun_or_real restorecon -F "$path"
+        dryrun_or_real restorecon -F $(splitpath "$path")
     fi
 }
 
@@ -122,6 +130,7 @@ _d() {
 
 	if [ ! -d "$path" ]; then
 		dryrun_or_real mkdir -p "$path" 2>/dev/null
+		_restorecon "$path"
 		dryrun_or_real $CHECKPATH -dq -m "$mode" -o "$uid:$gid" "$path"
 	fi
 }
@@ -137,10 +146,18 @@ _D() {
 
 	if [ $CREATE -gt 0 ]; then
 		dryrun_or_real mkdir -p "$path" 2>/dev/null
+		_restorecon "$path"
 		dryrun_or_real $CHECKPATH -Dq -m "$mode" -o "$uid:$gid" "$path"
 	fi
 }
 
+_v() {
+	# Create a subvolume if the path does not exist yet and the file system
+	# supports this (btrfs). Otherwise create a normal directory.
+	# TODO: Implement btrfs subvol creation.
+	_d "$@"
+}
+
 _L() {
 	# Create a symlink if it doesn't exist yet
 	local path=$1 mode=$2 uid=$3 gid=$4 age=$5 arg=$6
@@ -245,7 +262,7 @@ PREFIX=
 FILE=
 fragments=
 # XXX: The harcoding of /usr/lib/ is an explicit choice by upstream
-tmpfiles_dirs='/usr/lib/tmpfiles.d/ /etc/tmpfiles.d/ /run/tmpfiles.d/'
+tmpfiles_dirs='/usr/lib/tmpfiles.d/ /run/tmpfiles.d/ /etc/tmpfiles.d/'
 tmpfiles_basenames=''
 tmpfiles_d=''
 # Build a list of sorted unique basenames
@@ -336,7 +353,7 @@ for FILE in $tmpfiles_d ; do
 
 		# whine about invalid entries
 		case $cmd in
-			f|F|w|d|D|p|L|c|C|b|x|X|r|R|z|Z) ;;
+			f|F|w|d|D|v|p|L|c|C|b|x|X|r|R|z|Z) ;;
 			*) warninvalid ; continue ;;
 		esac
 
@@ -344,7 +361,7 @@ for FILE in $tmpfiles_d ; do
 		if [ "$mode" = '-' -o "$mode" = '' ]; then
 			case "$cmd" in
 				p|f|F) mode=0644 ;;
-				d|D) mode=0755 ;;
+				d|D|v) mode=0755 ;;
 				C|z|Z|x|r|R|L) ;;
 			esac
 		fi

src/libeinfo/Makefile

@@ -4,7 +4,7 @@ SRCS=			libeinfo.c
 INCS=			einfo.h
 VERSION_MAP=		einfo.map
 
-CPPFLAGS+=		-I../includes
+LOCAL_CPPFLAGS+=		-I../includes
 
 MK=			../../mk
 include ${MK}/lib.mk

src/librc/Makefile

@@ -7,7 +7,7 @@ VERSION_MAP=	rc.map
 
 LDADD+=		${LIBKVM}
 
-CPPFLAGS+=	-I../includes
+LOCAL_CPPFLAGS+=	-I../includes
 
 MK=		../../mk
 include ${MK}/lib.mk

src/librc/librc-daemon.c

@@ -99,7 +99,7 @@ rc_find_pids(const char *exec, const char *const *argv, uid_t uid, pid_t pid)
 	pid_t p;
 	char buffer[PATH_MAX];
 	struct stat sb;
-	pid_t runscript_pid = 0;
+	pid_t openrc_pid = 0;
 	char *pp;
 	RC_PIDLIST *pids = NULL;
 	RC_PID *pi;
@@ -108,7 +108,7 @@ rc_find_pids(const char *exec, const char *const *argv, uid_t uid, pid_t pid)
 		return NULL;
 
 	/*
-	  We never match RC_RUNSCRIPT_PID if present so we avoid the below
+	  We never match RC_OPENRC_PID if present so we avoid the below
 	  scenario
 
 	  /etc/init.d/ntpd stop does
@@ -118,9 +118,9 @@ rc_find_pids(const char *exec, const char *const *argv, uid_t uid, pid_t pid)
 	  nasty
 	*/
 
-	if ((pp = getenv("RC_RUNSCRIPT_PID"))) {
-		if (sscanf(pp, "%d", &runscript_pid) != 1)
-			runscript_pid = 0;
+	if ((pp = getenv("RC_OPENRC_PID"))) {
+		if (sscanf(pp, "%d", &openrc_pid) != 1)
+			openrc_pid = 0;
 	}
 
 	/*
@@ -146,7 +146,7 @@ rc_find_pids(const char *exec, const char *const *argv, uid_t uid, pid_t pid)
 	while ((entry = readdir(procdir)) != NULL) {
 		if (sscanf(entry->d_name, "%d", &p) != 1)
 			continue;
-		if (runscript_pid != 0 && runscript_pid == p)
+		if (openrc_pid != 0 && openrc_pid == p)
 			continue;
 		if (pid != 0 && pid != p)
 			continue;
@@ -510,6 +510,8 @@ rc_service_daemons_crashed(const char *service)
 	RC_STRINGLIST *list = NULL;
 	RC_STRING *s;
 	size_t i;
+	char *ch_root;
+	char *spidfile;
 
 	path += snprintf(dirpath, sizeof(dirpath), RC_SVCDIR "/daemons/%s",
 	    basename_c(service));
@@ -554,8 +556,8 @@ rc_service_daemons_crashed(const char *service)
 		}
 		fclose(fp);
 
-		char *ch_root = rc_service_value_get(basename_c(service), "chroot");
-		char *spidfile = pidfile;
+		ch_root = rc_service_value_get(basename_c(service), "chroot");
+		spidfile = pidfile;
 		if (ch_root && pidfile) {
 			spidfile = xmalloc(strlen(ch_root) + strlen(pidfile) + 1);
 			strcpy(spidfile, ch_root);

src/librc/librc.c

@@ -101,7 +101,9 @@ ls_dir(const char *dir, int options)
 					continue;
 			}
 			if (options & LS_DIR) {
-				if (stat(d->d_name, &buf) == 0 &&
+				snprintf(file, sizeof(file), "%s/%s",
+				    dir, d->d_name);
+				if (stat(file, &buf) != 0 ||
 				    !S_ISDIR(buf.st_mode))
 					continue;
 			}
@@ -294,6 +296,8 @@ rc_sys_v1(void)
 		return RC_SYS_OPENVZ; /* old test */
 	else if (file_regex("/proc/1/environ", "container=lxc"))
 		return RC_SYS_LXC;
+	else if (file_regex("/proc/1/environ", "container=systemd-nspawn"))
+		return RC_SYS_SYSTEMD_NSPAWN;
 #endif
 
 	return NULL;

src/librc/rc.h.in

@@ -332,6 +332,7 @@ bool rc_service_daemons_crashed(const char *);
 #define RC_SYS_OPENVZ  "OPENVZ"
 #define RC_SYS_LXC     "LXC"
 #define RC_SYS_PREFIX  "PREFIX"
+#define RC_SYS_SYSTEMD_NSPAWN "SYSTEMD-NSPAWN"
 #define RC_SYS_UML     "UML"
 #define RC_SYS_VSERVER "VSERVER"
 #define RC_SYS_XEN0    "XEN0"

src/rc/Makefile

@@ -1,8 +1,8 @@
 PROG=		openrc
-SRCS=		checkpath.c fstabinfo.c mountinfo.c start-stop-daemon.c \
+SRCS=		checkpath.c fstabinfo.c mountinfo.c openrc-run.c \
 		rc-applets.c rc-depend.c rc-logger.c \
 		rc-misc.c rc-plugin.c rc-service.c rc-status.c rc-update.c \
-		runscript.c rc.c swclock.c
+		rc.c start-stop-daemon.c swclock.c
 
 ifeq (${MKSELINUX},yes)
 SRCS+=		rc-selinux.c
@@ -35,14 +35,14 @@ RC_SBINLINKS=	mark_service_starting mark_service_started \
 ALL_LINKS=	${BINLINKS} ${SBINLINKS} ${RC_BINLINKS} ${RC_SBINLINKS}
 CLEANFILES+=	${ALL_LINKS}
 
-CPPFLAGS+=	-I../includes -I../librc -I../libeinfo
-LDFLAGS+=	-L../librc -L../libeinfo
+LOCAL_CPPFLAGS=-I../includes -I../librc -I../libeinfo
+LOCAL_LDFLAGS=-L../librc -L../libeinfo
 LDADD+=		-lutil -lrc -leinfo
 
 include ../../Makefile.inc
 MK=		../../mk
 include ${MK}/prog.mk
-include ${MK}/git.mk
+include ${MK}/gitver.mk
 include ${MK}/cc.mk
 
 include ${MK}/termcap.mk

src/rc/checkpath.c

@@ -45,10 +45,7 @@
 #include "builtins.h"
 #include "einfo.h"
 #include "rc-misc.h"
-
-#ifdef HAVE_SELINUX
 #include "rc-selinux.h"
-#endif
 
 typedef enum {
 	inode_unknown = 0,
@@ -164,10 +161,8 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
 		}
 	}
 
-#ifdef HAVE_SELINUX
 	if (selinux_on)
 		selinux_util_label(path);
-#endif
 
 	return 0;
 }
@@ -296,10 +291,8 @@ int checkpath(int argc, char **argv)
 	if (gr)
 		gid = gr->gr_gid;
 
-#ifdef HAVE_SELINUX
 	if (selinux_util_open() == 1)
 		selinux_on = true;
-#endif
 
 	while (optind < argc) {
 		if (writable)
@@ -309,10 +302,8 @@ int checkpath(int argc, char **argv)
 		optind++;
 	}
 
-#ifdef HAVE_SELINUX
 	if (selinux_on)
 		selinux_util_close();
-#endif
 
 	return retval;
 }

src/rc/mountinfo.c

@@ -298,7 +298,7 @@ find_mounts(struct args *args)
 	int netdev;
 	RC_STRINGLIST *list;
 
-	if ((fp = fopen("/proc/mounts", "r")) == NULL)
+	if ((fp = fopen("/proc/self/mounts", "r")) == NULL)
 		eerrorx("getmntinfo: %s", strerror(errno));
 
 	list = rc_stringlist_new();
@@ -315,6 +315,8 @@ find_mounts(struct args *args)
 		if ((ent = getmntfile(to))) {
 			if (strstr(ent->mnt_opts, "_netdev"))
 				netdev = 0;
+			else
+				netdev = 1;
 		}
 
 		process_mount(list, args, from, to, fst, opts, netdev);
@@ -347,7 +349,7 @@ get_regex(const char *string)
 
 #include "_usage.h"
 #define extraopts "[mount1] [mount2] ..."
-#define getoptstring "f:F:n:N:o:O:p:P:ist" getoptstring_COMMON
+#define getoptstring "f:F:n:N:o:O:p:P:iste:E:" getoptstring_COMMON
 static const struct option longopts[] = {
 	{ "fstype-regex",        1, NULL, 'f'},
 	{ "skip-fstype-regex",   1, NULL, 'F'},

src/rc/openrc-run.c

@@ -1,5 +1,5 @@
 /*
- * runscript.c
+ * openrc-run.c
  * Handle launching of init scripts.
  */
 
@@ -66,10 +66,7 @@
 #include "rc.h"
 #include "rc-misc.h"
 #include "rc-plugin.h"
-
-#ifdef HAVE_SELINUX
 #include "rc-selinux.h"
-#endif
 
 #define PREFIX_LOCK	RC_SVCDIR "/prefix.lock"
 
@@ -88,8 +85,12 @@ static bool sighup, in_background, deps, dry_run;
 static pid_t service_pid;
 static int signal_pipe[2] = { -1, -1 };
 
-static RC_STRINGLIST *types_b, *types_n, *types_nu, *types_nua, *types_m;
-static RC_STRINGLIST *types_mua = NULL;
+static RC_STRINGLIST *deptypes_b;
+static RC_STRINGLIST *deptypes_n;
+static RC_STRINGLIST *deptypes_nu;
+static RC_STRINGLIST *deptypes_nua;
+static RC_STRINGLIST *deptypes_m;
+static RC_STRINGLIST *deptypes_mua;
 
 static void
 handle_signal(int sig)
@@ -234,12 +235,12 @@ cleanup(void)
 	rc_plugin_unload();
 
 #ifdef DEBUG_MEMORY
-	rc_stringlist_free(types_b);
-	rc_stringlist_free(types_n);
-	rc_stringlist_free(types_nu);
-	rc_stringlist_free(types_nua);
-	rc_stringlist_free(types_m);
-	rc_stringlist_free(types_mua);
+	rc_stringlist_free(deptypes_b);
+	rc_stringlist_free(deptypes_n);
+	rc_stringlist_free(deptypes_nu);
+	rc_stringlist_free(deptypes_nua);
+	rc_stringlist_free(deptypes_m);
+	rc_stringlist_free(deptypes_mua);
 	rc_deptree_free(deptree);
 	rc_stringlist_free(restart_services);
 	rc_stringlist_free(need_services);
@@ -373,18 +374,18 @@ svc_exec(const char *arg1, const char *arg2)
 			dup2(slave_tty, STDERR_FILENO);
 		}
 
-		if (exists(RC_SVCDIR "/runscript.sh")) {
-			execl(RC_SVCDIR "/runscript.sh",
-			    RC_SVCDIR "/runscript.sh",
+		if (exists(RC_SVCDIR "/openrc-run.sh")) {
+			execl(RC_SVCDIR "/openrc-run.sh",
+			    RC_SVCDIR "/openrc-run.sh",
 			    service, arg1, arg2, (char *) NULL);
-			eerror("%s: exec `" RC_SVCDIR "/runscript.sh': %s",
+			eerror("%s: exec `" RC_SVCDIR "/openrc-run.sh': %s",
 			    service, strerror(errno));
 			_exit(EXIT_FAILURE);
 		} else {
-			execl(RC_LIBEXECDIR "/sh/runscript.sh",
-			    RC_LIBEXECDIR "/sh/runscript.sh",
+			execl(RC_LIBEXECDIR "/sh/openrc-run.sh",
+			    RC_LIBEXECDIR "/sh/openrc-run.sh",
 			    service, arg1, arg2, (char *) NULL);
-			eerror("%s: exec `" RC_LIBEXECDIR "/sh/runscript.sh': %s",
+			eerror("%s: exec `" RC_LIBEXECDIR "/sh/openrc-run.sh': %s",
 			    service, strerror(errno));
 			_exit(EXIT_FAILURE);
 		}
@@ -521,30 +522,30 @@ get_started_services(void)
 }
 
 static void
-setup_types(void)
+setup_deptypes(void)
 {
-	types_b = rc_stringlist_new();
-	rc_stringlist_add(types_b, "broken");
+	deptypes_b = rc_stringlist_new();
+	rc_stringlist_add(deptypes_b, "broken");
 
-	types_n = rc_stringlist_new();
-	rc_stringlist_add(types_n, "ineed");
+	deptypes_n = rc_stringlist_new();
+	rc_stringlist_add(deptypes_n, "ineed");
 
-	types_nu = rc_stringlist_new();
-	rc_stringlist_add(types_nu, "ineed");
-	rc_stringlist_add(types_nu, "iuse");
+	deptypes_nu = rc_stringlist_new();
+	rc_stringlist_add(deptypes_nu, "ineed");
+	rc_stringlist_add(deptypes_nu, "iuse");
 
-	types_nua = rc_stringlist_new();
-	rc_stringlist_add(types_nua, "ineed");
-	rc_stringlist_add(types_nua, "iuse");
-	rc_stringlist_add(types_nua, "iafter");
+	deptypes_nua = rc_stringlist_new();
+	rc_stringlist_add(deptypes_nua, "ineed");
+	rc_stringlist_add(deptypes_nua, "iuse");
+	rc_stringlist_add(deptypes_nua, "iafter");
 
-	types_m = rc_stringlist_new();
-	rc_stringlist_add(types_m, "needsme");
+	deptypes_m = rc_stringlist_new();
+	rc_stringlist_add(deptypes_m, "needsme");
 
-	types_mua = rc_stringlist_new();
-	rc_stringlist_add(types_mua, "needsme");
-	rc_stringlist_add(types_mua, "usesme");
-	rc_stringlist_add(types_mua, "beforeme");
+	deptypes_mua = rc_stringlist_new();
+	rc_stringlist_add(deptypes_mua, "needsme");
+	rc_stringlist_add(deptypes_mua, "usesme");
+	rc_stringlist_add(deptypes_mua, "beforeme");
 }
 
 static void
@@ -607,10 +608,10 @@ svc_start_deps(void)
 
 	if (!deptree && ((deptree = _rc_deptree_load(0, NULL)) == NULL))
 		eerrorx("failed to load deptree");
-	if (!types_b)
-		setup_types();
+	if (!deptypes_b)
+		setup_deptypes();
 
-	services = rc_deptree_depends(deptree, types_b, applet_list,
+	services = rc_deptree_depends(deptree, deptypes_b, applet_list,
 	    runlevel, 0);
 	if (TAILQ_FIRST(services)) {
 		eerrorn("ERROR: %s needs service(s) ", applet);
@@ -628,9 +629,9 @@ svc_start_deps(void)
 	rc_stringlist_free(services);
 	services = NULL;
 
-	need_services = rc_deptree_depends(deptree, types_n,
+	need_services = rc_deptree_depends(deptree, deptypes_n,
 	    applet_list, runlevel, depoptions);
-	use_services = rc_deptree_depends(deptree, types_nu,
+	use_services = rc_deptree_depends(deptree, deptypes_nu,
 	    applet_list, runlevel, depoptions);
 
 	if (!rc_runlevel_starting()) {
@@ -658,7 +659,7 @@ svc_start_deps(void)
 		return;
 
 	/* Now wait for them to start */
-	services = rc_deptree_depends(deptree, types_nua, applet_list,
+	services = rc_deptree_depends(deptree, deptypes_nua, applet_list,
 	    runlevel, depoptions);
 	/* We use tmplist to hold our scheduled by list */
 	tmplist = rc_stringlist_new();
@@ -863,10 +864,10 @@ svc_stop_deps(RC_SERVICE state)
 	if (!deptree && ((deptree = _rc_deptree_load(0, NULL)) == NULL))
 		eerrorx("failed to load deptree");
 
-	if (!types_m)
-		setup_types();
+	if (!deptypes_m)
+		setup_deptypes();
 
-	services = rc_deptree_depends(deptree, types_m, applet_list,
+	services = rc_deptree_depends(deptree, deptypes_m, applet_list,
 	    runlevel, depoptions);
 	tmplist = rc_stringlist_new();
 	TAILQ_FOREACH_REVERSE(svc, services, rc_stringlist, entries) {
@@ -926,7 +927,7 @@ svc_stop_deps(RC_SERVICE state)
 
 	/* We now wait for other services that may use us and are
 	 * stopping. This is important when a runlevel stops */
-	services = rc_deptree_depends(deptree, types_mua, applet_list,
+	services = rc_deptree_depends(deptree, deptypes_mua, applet_list,
 	    runlevel, depoptions);
 	TAILQ_FOREACH(svc, services, entries) {
 		if (rc_service_state(svc->value) & RC_SERVICE_STOPPED)
@@ -1165,6 +1166,11 @@ openrc_run(int argc, char **argv)
 	   subshells the init script may create so that our mark_service_*
 	   functions can always instruct us of this change */
 	snprintf(pidstr, sizeof(pidstr), "%d", (int) getpid());
+	setenv("RC_OPENRC_PID", pidstr, 1);
+	/*
+	 * RC_RUNSCRIPT_PID is deprecated, but we will keep it for a while
+	 * for safety.
+	 */
 	setenv("RC_RUNSCRIPT_PID", pidstr, 1);
 
 	/* eprefix is kinda klunky, but it works for our purposes */
@@ -1191,10 +1197,8 @@ openrc_run(int argc, char **argv)
 		eprefix(prefix);
 	}
 
-#ifdef HAVE_SELINUX
 	/* Ok, we are ready to go, so setup selinux if applicable */
-	selinux_setup(argc, argv);
-#endif
+	selinux_setup(argv);
 
 	deps = true;
 

src/rc/rc-applets.c

@@ -329,7 +329,7 @@ do_mark_service(int argc, char **argv)
 	bool ok = false;
 	char *svcname = getenv("RC_SVCNAME");
 	char *service = NULL;
-	char *runscript_pid;
+	char *openrc_pid;
 	/* char *mtime; */
 	pid_t pid;
 	RC_SERVICE bit;
@@ -350,7 +350,7 @@ do_mark_service(int argc, char **argv)
 		eerrorx("%s: unknown applet", applet);
 
 	/* If we're marking ourselves then we need to inform our parent
-	   runscript process so they do not mark us based on our exit code */
+	   openrc-run process so they do not mark us based on our exit code */
 	/*
 	 * FIXME: svcname and service are almost always equal except called from a
 	 * shell with just argv[1] - So that doesn't seem to do what Roy initially
@@ -359,8 +359,8 @@ do_mark_service(int argc, char **argv)
 	 * openrc@gentoo.org).
 	 */
 	if (ok && svcname && strcmp(svcname, service) == 0) {
-		runscript_pid = getenv("RC_RUNSCRIPT_PID");
-		if (runscript_pid && sscanf(runscript_pid, "%d", &pid) == 1)
+		openrc_pid = getenv("RC_OPENRC_PID");
+		if (openrc_pid && sscanf(openrc_pid, "%d", &pid) == 1)
 			if (kill(pid, SIGHUP) != 0)
 				eerror("%s: failed to signal parent %d: %s",
 				    applet, pid, strerror(errno));
@@ -369,10 +369,10 @@ do_mark_service(int argc, char **argv)
 		   in control as well */
 		/*
 		l = strlen(RC_SVCDIR "/exclusive") + strlen(svcname) +
-		    strlen(runscript_pid) + 4;
+		    strlen(openrc_pid) + 4;
 		mtime = xmalloc(l);
 		snprintf(mtime, l, RC_SVCDIR "/exclusive/%s.%s",
-		    svcname, runscript_pid);
+		    svcname, openrc_pid);
 		if (exists(mtime) && unlink(mtime) != 0)
 			eerror("%s: unlink: %s", applet, strerror(errno));
 		free(mtime);

src/rc/rc-misc.c

@@ -66,6 +66,7 @@ static const char *const env_whitelist[] = {
 	"LC_MONETARY", "LC_MESSAGES", "LC_PAPER", "LC_NAME", "LC_ADDRESS",
 	"LC_TELEPHONE", "LC_MEASUREMENT", "LC_IDENTIFICATION", "LC_ALL",
 	"IN_HOTPLUG", "IN_BACKGROUND", "RC_INTERFACE_KEEP_CONFIG",
+	"EERROR_QUIET", "EINFO_QUIET",
 	NULL
 };
 

src/rc/rc-selinux.c

@@ -1,7 +1,7 @@
 /*
-  rc-selinux.c
-  SELinux helpers to get and set contexts.
-*/
+ * rc-selinux.c
+ * SELinux helpers to get and set contexts.
+ */
 
 /*
  * Copyright (c) 2014 Jason Zaman <jason@perfinion.com>
@@ -31,11 +31,18 @@
 #include <stddef.h>
 #include <errno.h>
 #include <dlfcn.h>
-
-#include <sys/stat.h>
+#include <ctype.h>
+#include <limits.h>
+#include <pwd.h>
+#include <unistd.h>
 
 #include <selinux/selinux.h>
 #include <selinux/label.h>
+#include <selinux/get_default_type.h>
+#include <selinux/context.h>
+
+#include <sys/stat.h>
+#include <sys/types.h>
 
 #include "einfo.h"
 #include "queue.h"
@@ -44,11 +51,28 @@
 #include "rc-plugin.h"
 #include "rc-selinux.h"
 
-#define SELINUX_LIB     RC_LIBDIR "/runscript_selinux.so"
+/* the context files for selinux */
+#define RUN_INIT_FILE "run_init_type"
+#define INITRC_FILE "initrc_context"
 
-static void (*selinux_run_init_old) (void);
-static void (*selinux_run_init_new) (int argc, char **argv);
+#ifdef HAVE_AUDIT
+#include <libaudit.h>
+#endif
 
+/* PAM or shadow for authentication */
+#ifdef HAVE_PAM
+#    define PAM_SERVICE_NAME "run_init" /* the name of this program for PAM */
+#    include <security/pam_appl.h>
+#    include <security/pam_misc.h>
+#else
+#    define PASSWORD_PROMPT "Password:"
+#    include <crypt.h>
+#    include <shadow.h>
+#    include <string.h>
+#endif
+
+
+/* The handle for the fcontext lookups */
 static struct selabel_handle *hnd = NULL;
 
 int selinux_util_label(const char *path)
@@ -133,33 +157,243 @@ int selinux_util_close(void)
 	return 0;
 }
 
-void selinux_setup(int argc, char **argv)
+/*
+ * This will check the users password and return 0 on success or -1 on fail
+ *
+ * We ask for the password to make sure it is intended vs run by malicious software.
+ * Actual authorization is covered by the policy itself.
+ */
+static int check_password(char *username)
 {
-	void *lib_handle = NULL;
+	int ret = 1;
+#ifdef HAVE_PAM
+	pam_handle_t *pamh;
+	int pam_err = 0;
+	const struct pam_conv pconv = {
+		misc_conv,
+		NULL
+	};
 
-	if (!exists(SELINUX_LIB))
-		return;
+	pam_err = pam_start(PAM_SERVICE_NAME, username, &pconv, &pamh);
+	if (pam_err != PAM_SUCCESS) {
+		ret = -1;
+		goto outpam;
+	}
 
-	lib_handle = dlopen(SELINUX_LIB, RTLD_NOW | RTLD_GLOBAL);
-	if (!lib_handle) {
-		eerror("dlopen: %s", dlerror());
+	pam_err = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK);
+	if (pam_err != PAM_SUCCESS) {
+		ret = -1;
+		goto outpam;
+	}
+
+	ret = 0;
+outpam:
+	pam_end(pamh, pam_err);
+	pamh = NULL;
+
+#else /* authenticating via /etc/shadow instead */
+	struct spwd *spw;
+	char *password;
+	char *attempt;
+
+	spw = getspnam(username);
+	if (!spw) {
+		eerror("Failed to read shadow entry");
+		ret = -1;
+		goto outshadow;
+	}
+
+	attempt = getpass(PASSWORD_PROMPT);
+	if (!attempt) {
+		ret = -1;
+		goto outshadow;
+	}
+
+	if (*spw->sp_pwdp == '\0' && *attempt == '\0') {
+		ret = -1;
+		goto outshadow;
+	}
+
+	/* salt must be at least two characters long */
+	if (!(spw->sp_pwdp[0] && spw->sp_pwdp[1])) {
+		ret = -1;
+		goto outshadow;
+	}
+
+	/* encrypt the password attempt */
+	password = crypt(attempt, spw->sp_pwdp);
+
+	if (password && strcmp(password, spw->sp_pwdp) == 0)
+		ret = 0;
+	else
+		ret = -1;
+outshadow:
+#endif
+	return ret;
+}
+
+/* Authenticates the user, returns 0 on success, 1 on fail */
+static int check_auth()
+{
+	struct passwd *pw;
+	uid_t uid;
+
+#ifdef HAVE_AUDIT
+	uid = audit_getloginuid();
+	if (uid == (uid_t) -1)
+		uid = getuid();
+#else
+	uid = getuid();
+#endif
+
+	pw = getpwuid(uid);
+	if (!pw) {
+		eerror("cannot find your entry in the passwd file.");
+		return (-1);
+	}
+
+	printf("Authenticating %s.\n", pw->pw_name);
+
+	/* do the actual check */
+	if (check_password(pw->pw_name) == 0) {
+		return 0;
+	}
+
+	eerrorx("Authentication failed for %s", pw->pw_name);
+	return 1;
+}
+
+/*
+ * Read the context from the given context file. context must be free'd by the user.
+ */
+static int read_context_file(const char *filename, char **context)
+{
+	int ret = -1;
+	FILE *fp;
+	char filepath[PATH_MAX];
+	char *line = NULL;
+	char *p;
+	char *p2;
+	size_t len = 0;
+	ssize_t read;
+
+	memset(filepath, '\0', PATH_MAX);
+	snprintf(filepath, PATH_MAX - 1, "%s/%s", selinux_contexts_path(), filename);
+
+	fp = fopen(filepath, "r");
+	if (fp == NULL) {
+		eerror("Failed to open context file: %s", filename);
+		return -1;
+	}
+
+	while ((read = getline(&line, &len, fp)) != -1) {
+		/* cut off spaces before the string */
+		p = line;
+		while (isspace(*p) && *p != '\0')
+			p++;
+
+		/* empty string, skip */
+		if (*p == '\0')
+			continue;
+
+		/* cut off spaces after the string */
+		p2 = p;
+		while (!isspace(*p2) && *p2 != '\0')
+			p2++;
+		*p2 = '\0';
+
+		*context = xstrdup(p);
+		ret = 0;
+		break;
+	}
+
+	free(line);
+	fclose(fp);
+	return ret;
+}
+
+void selinux_setup(char **argv)
+{
+	char *new_context = NULL;
+	char *curr_context = NULL;
+	context_t curr_con;
+	char *curr_t = NULL;
+	char *run_init_t = NULL;
+
+	/* Return, if selinux is disabled. */
+	if (is_selinux_enabled() < 1) {
 		return;
 	}
 
-	selinux_run_init_old = (void (*)(void))
-	    dlfunc(lib_handle, "selinux_runscript");
-	selinux_run_init_new = (void (*)(int, char **))
-	    dlfunc(lib_handle, "selinux_runscript2");
+	if (read_context_file(RUN_INIT_FILE, &run_init_t) != 0) {
+		/* assume a reasonable default, rather than bailing out */
+		run_init_t = xstrdup("run_init_t");
+		ewarn("Assuming SELinux run_init type is %s", run_init_t);
+	}
 
-	/* Use new run_init if it exists, else fall back to old */
-	if (selinux_run_init_new)
-		selinux_run_init_new(argc, argv);
-	else if (selinux_run_init_old)
-		selinux_run_init_old();
-	else
-		/* This shouldnt happen... probably corrupt lib */
-		eerrorx
-		    ("run_init is missing from runscript_selinux.so!");
+	/* Get our current context. */
+	if (getcon(&curr_context) < 0) {
+		if (errno == ENOENT) {
+			/* should only hit this if proc is not mounted.  this
+			 * happens on Gentoo right after init starts, when
+			 * the init script processing starts.
+			 */
+			goto out;
+		} else {
+			perror("getcon");
+			exit(1);
+		}
+	}
 
-	dlclose(lib_handle);
+	/* extract the type from the context */
+	curr_con = context_new(curr_context);
+	curr_t = xstrdup(context_type_get(curr_con));
+	/* dont need them anymore so free() now */
+	context_free(curr_con);
+	free(curr_context);
+
+	/* if we are not in the run_init domain, we should not do anything */
+	if (strncmp(run_init_t, curr_t, strlen(run_init_t)) != 0) {
+		goto out;
+	}
+
+	free(curr_t);
+	free(run_init_t);
+
+	if (check_auth() != 0) {
+		eerrorx("Authentication failed.");
+	}
+
+	/* Get the context for the script to be run in. */
+	if (read_context_file(INITRC_FILE, &new_context) != 0) {
+		/* assume a reasonable default, rather than bailing out */
+		new_context = xstrdup("system_u:system_r:initrc_t");
+		ewarn("Assuming SELinux initrc context is %s", new_context);
+	}
+
+	/* Set the new context */
+	if (setexeccon(new_context) < 0) {
+		eerrorx("Could not set SELinux exec context to %s.", new_context);
+	}
+
+	free(new_context);
+
+	/*
+	 * exec will recycle ptys so try and use open_init_pty if it exists
+	 * which will open the pty with initrc_devpts_t, if it doesnt exist,
+	 * fall back to plain exec
+	 */
+	if (access("/usr/sbin/open_init_pty", X_OK)) {
+		if (execvp("/usr/sbin/open_init_pty", argv)) {
+			perror("execvp");
+			exit(-1);
+		}
+	} else if (execvp(argv[1], argv + 1)) {
+		perror("execvp");
+		exit(-1);
+	}
+
+out:
+	free(run_init_t);
+	free(curr_t);
 }

src/rc/rc-selinux.h

@@ -26,10 +26,24 @@
 #ifndef RC_SELINUX_UTIL_H
 #define RC_SELINUX_UTIL_H
 
+#ifdef HAVE_SELINUX
+
 int selinux_util_open(void);
 int selinux_util_label(const char *path);
 int selinux_util_close(void);
 
-void selinux_setup(int argc, char **argv);
+void selinux_setup(char **argv);
+
+#else
+
+/* always return false for selinux_util_open() */
+#define selinux_util_open() (0)
+#define selinux_util_label(x) do { } while(0)
+#define selinux_util_close() do { } while(0)
+
+#define selinux_setup(x) do { } while(0)
+
+#endif
+
 
 #endif

src/rc/rc.c

@@ -519,7 +519,7 @@ runlevel_config(const char *service, const char *level)
 }
 
 static void
-do_stop_services(const RC_STRINGLIST *types_n, const RC_STRINGLIST *start_services,
+do_stop_services(RC_STRINGLIST *types_n, RC_STRINGLIST *start_services,
 				 const RC_STRINGLIST *stop_services, const RC_DEPTREE *deptree,
 				 const char *newlevel, bool parallel, bool going_down)
 {

src/rc/start-stop-daemon.c

@@ -678,6 +678,7 @@ start_stop_daemon(int argc, char **argv)
 	int tid = 0;
 	char *redirect_stderr = NULL;
 	char *redirect_stdout = NULL;
+	int stdin_fd;
 	int stdout_fd;
 	int stderr_fd;
 	pid_t pid, spid;
@@ -919,10 +920,13 @@ start_stop_daemon(int argc, char **argv)
 			exec = name;
 		if (name && start)
 			*argv = name;
-	} else if (name)
+	} else if (name) {
 		*--argv = name;
-	else if (exec)
+		++argc;
+    } else if (exec) {
 		*--argv = exec;
+		++argc;
+	};
 
 	if (stop || sig != -1) {
 		if (sig == -1)
@@ -1075,7 +1079,7 @@ start_stop_daemon(int argc, char **argv)
 			exit (EXIT_SUCCESS);
 
 		einfon("Would start");
-		while (argc-- >= 0)
+		while (argc-- > 0)
 			printf(" %s", *argv++);
 		printf("\n");
 		eindent();
@@ -1244,6 +1248,7 @@ start_stop_daemon(int argc, char **argv)
 			setenv("PATH", newpath, 1);
 		}
 
+		stdin_fd = devnull_fd;
 		stdout_fd = devnull_fd;
 		stderr_fd = devnull_fd;
 		if (redirect_stdout) {
@@ -1263,7 +1268,8 @@ start_stop_daemon(int argc, char **argv)
 				    applet, redirect_stderr, strerror(errno));
 		}
 
-		/* We don't redirect stdin as some daemons may need it */
+		if (background)
+			dup2(stdin_fd, STDIN_FILENO);
 		if (background || redirect_stdout || rc_yesno(getenv("EINFO_QUIET")))
 			dup2(stdout_fd, STDOUT_FILENO);
 		if (background || redirect_stderr || rc_yesno(getenv("EINFO_QUIET")))