Bump version.

The location of the ifconfig binary has changed in
net-tools-1.60_p20120127084908, and if we do not check both locations
for it, the user will get errors like:
_is_wireless: command not found
_exists: command not found

X-Gentoo-Bug: 407757
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=407757

Makefile

@@ -4,7 +4,7 @@
 
 include Makefile.inc
 
-SUBDIR=		conf.d doc etc init.d local.d man net scripts sh src
+SUBDIR=		conf.d doc etc init.d local.d sysctl.d man net scripts sh src
 
 # Build pkgconfig or not
 MKPKGCONFIG?=	yes

Makefile.inc

@@ -1,3 +1,3 @@
 NAME=		openrc
-VERSION=	0.9.7
+VERSION=	0.9.9.3
 PKG=		${NAME}-${VERSION}

README

@@ -12,7 +12,6 @@ LIBNAME=lib64
 DESTDIR=/tmp/openrc-image
 MKPAM=pam
 MKPKGCONFIG=no
-MKRCSYS=prefix
 MKSELINUX=yes
 MKSTATICLIBS=no
 MKTERMCAP=ncurses
@@ -34,20 +33,6 @@ LOCAL_PREFIX should be set when to where user maintained packages are.
 Only set LOCAL_PREFIX if different from PKG_PREFIX.
 PREFIX should be set when OpenRC is not installed to /.
 
-MKRCSYS should be set only if you need to specify a default system
-subtype. The subtype should be set to match the type of environment the
-file is installed into, not the virtualization the environment is
-capable of handling. Here is a list of subtypes and their meanings.
-
-jail	FreeBSD jail
-lxc	Linux container
-openvz	Linux OpenVZ
-prefix	Linux and *BSD prefix system
-uml	UsermodeLinux
-vserver	Linux vserver
-xen0 Linux and NetBSD xen0 Domain
-xenU Linux and NetBSD xenU Domain
-
 If any of the following files exist then we do not overwrite them
 /etc/devd.conf
 /etc/rc

TODO

@@ -5,3 +5,17 @@
 - oldnet[bridging]: Review setting of bridge configuration on dynamic interface add
 
 - Document rc-depend binary.
+
+- _ifindex is not a reliable means of calculating metrics:
+	_ifindex is used for calculating metrics for new devices but has a major
+	problem: Since it's only the nth entry in /proc/net/dev
+	And devices may be removed from that file, and reordered, you won't always
+	get the same result.
+	If you do:
+	- add eth0 - _ifindex (eth0=0)
+	- add vlan1 - _ifindex (eth0=0,vlan1=1)
+	- add vlan2 - _ifindex (eth0=0,vlan1=1,vlan2=2)
+	- rem vlan1 - _ifindex (eth0=0,vlan2=1)
+	- add vlan3 - _ifindex (eth0=0,vlan2=1,vlan3=2)
+	Now your routing table has entries for both vlan2 and vlan3 with a metric of 2.
+

conf.d/hwclock

@@ -4,18 +4,16 @@
 # you should set it to "local".
 clock="UTC"
 
-# If you want to set the Hardware Clock to the current System Time 
-# (software clock) during shutdown, then say "YES" here.
-# You normally don't need to do this if you run a ntp daemon.
-clock_systohc="NO"
+# If you want the hwclock script to set the system time (software clock)
+# to match the current hardware clock during bootup, leave this
+# commented out.
+# However, you can set this to "NO" ifyou are running a modern kernel
+# with CONFIG_RTC_HCTOSYS set to y and your hardware clock set to UTC.
+#clock_hctosys="YES"
 
-# If you want to set the system time to the current hardware clock
-# during bootup, then say "YES" here. You do not need this if you are
-# running a modern kernel with CONFIG_RTC_HCTOSYS set to y.
-# Also, be aware that if you set this to "NO", the system time will
-# never be saved to the hardware clock unless you set
-# clock_systohc="YES" above.
-clock_hctosys="YES"
+# If you do not want to set the hardware clock to the current system
+# time (software clock) during shutdown, set this to no.
+#clock_systohc="YES"
 
 # If you wish to pass any other arguments to hwclock during bootup,
 # you may do so here. Alpha users may wish to use --arc or --srm here.

doc/net.example.BSD.in

@@ -388,6 +388,17 @@
 #
 # ${IFACE} is set to the interface being brought up/down
 # ${IFVAR} is ${IFACE} converted to variable name bash allows
+#
+# For historical and compatibility reasons, preup is actually normally called
+# in the following sequence: up ; preup ; up.
+# The first up causes the kernel to initialize the device, so
+# that it is available for use in the preup function.  However, for some
+# hardware, e.g. CAN devices, some configuration is needed before trying to up
+# the interface will actually work. For such hardware, the
+# up_before_preup variables will allow skipping the first up call if set
+# to yes.
+#up_before_preup_IFVAR="NO"
+#up_before_preup="NO"
 
 #preup() {
 #	# Remember to return 0 on success

doc/net.example.Linux.in

@@ -68,6 +68,7 @@
 # NOTE: ifconfig creates an aliased device for each extra IPv4 address
 #       (eth0:1, eth0:2, etc)
 #       iproute2 does not do this as there is no need to
+# WARNING: You cannot mix multiple addresses on a line with other parameters!
 #config_eth0="192.168.0.2/24 192.168.0.3/24 192.168.0.4/24"
 # However, that only works with CIDR addresses, so you can't use netmask.
 
@@ -85,6 +86,14 @@
 # If you don't want ANY address (only useful when calling for advanced stuff)
 #config_eth0="null"
 
+# If you need to pass parameters to go with an address, you can do so on the
+# same line as the address. You should split multiple addresses with newlines.
+# WARNING: You cannot mix multiple addresses on a line with other parameters!
+#config_eth0="192.168.0.2/24 scope host"
+#config_eth0="4321:0:1:2:3:4:567:89ab/64 nodad home preferred_lft 0"
+#config_eth0="192.168.0.2/24 scope host
+#4321:0:1:2:3:4:567:89ab/64 nodad home preferred_lft 0"
+
 # Here's how to do routing if you need it
 # We add an IPv4 default route, IPv4 subnet route and an IPv6 unicast route
 #routes_eth0="default via 192.168.0.1
@@ -577,10 +586,15 @@
 #vlan_start_eth0="no"
 
 # If you do the above then you may want to depend on eth0 like so
-# rc_need_vlan1="net.eth0"
+# rc_net_vlan1_need="net.eth0"
 # NOTE: depend functions only work in /etc/conf.d/net
 # and not in profile configs such as /etc/conf.d/net.foo
 
+# Also, you might want to make eth0 not provide net in this case so that
+# dependent services will start when the vlan is active instead of the
+# physical interface.
+# rc_net_eth0_provide="!net"
+
 # MAC-VLAN support
 # The following configuration can be used to create a new interface 'macvlan0'
 # linked to 'eth0'
@@ -609,7 +623,7 @@
 
 # If any of the slaves require extra configuration - for example wireless or
 # ppp devices - we need to depend function on the bonded interfaces
-#rc_need_bond0="net.eth0 net.eth1"
+#rc_net_bond0_need="net.eth0 net.eth1"
 
 
 #-----------------------------------------------------------------------------
@@ -726,7 +740,7 @@
 # If the link require extra configuration - for example wireless or
 # RFC 268 bridge - we need to depend on the bridge so they get
 # configured correctly.
-#rc_need_ppp0="net.nas0"
+#rc_net_ppp0_need="net.nas0"
 
 #WARNING: if MTU of the PPP interface is less than 1500 and you use this
 #machine as a router, you should add the following rule to your firewall
@@ -790,7 +804,7 @@
 
 #-----------------------------------------------------------------------------
 # TUN/TAP
-# For TUN/TAP support emerge net-misc/openvpn or sys-apps/usermode-utilities
+# For TUN/TAP support install iproute2, openvpn or usermode-utilities
 #
 # You must specify if we're a tun or tap device. Then you can give it any
 # name you like - such as vpn
@@ -801,6 +815,9 @@
 #tuntap_tap0="tap"
 #config_tap0="192.168.0.1/24"
 
+# Use something like this to pass custom options to iproute2 during
+# tunnel creation. This sets the user and group ownership of the node.
+#iproute2_tun1="user foo group bar"
 # For passing custom options to tunctl use something like the following.  This
 # example sets the owner to adm
 #tunctl_tun1="-u adm"
@@ -835,7 +852,7 @@
 
 # If any of the ports require extra configuration - for example wireless or
 # ppp devices - we need to depend on them like so.
-#rc_need_br0="net.eth0 net.eth1"
+#rc_net_br0_need="net.eth0 net.eth1"
 
 # Below is an example of configuring the bridge
 # Consult "man brctl" for more details
@@ -886,7 +903,7 @@
 # link_6to4="eth0"		# Interface to base its addresses on
 # config_6to4="ip6to4"
 # You may want to depend on eth0 like so
-#rc_need_6to4="net.eth0"
+#rc_net_6to4_need="net.eth0"
 # To ensure that eth0 is configured before 6to4. Of course, the tunnel could be
 # any name and this also works for any configured interface.
 # NOTE: If you're not using iproute2 then your 6to4 tunnel has to be called
@@ -929,6 +946,8 @@
 # /etc/iproute2/rt_tables, an example follows:
 # 2 oob
 # 3 external
+#
+# IPv6 RPDB entries are to be found in the rules6_IFVAR variables:
 
 #rules_eth0="
 #from ZZZ.ZZZ.200.128/27 table oob priority 500
@@ -943,6 +962,11 @@
 #XXX.XXX.112.0/24 dev eth1 table external scope link
 #default via XXX.XXX.112.1 dev eth1"
 
+# IPv6 example:
+#rules6_eth0="
+#from 2001:0DB8:AAAA:BBBB::/64 table vpn priority 100
+#to 2001:0DB8:AAAA:BBBB::/64 table vpn priority 150"
+
 
 #-----------------------------------------------------------------------------
 # System
@@ -1092,6 +1116,17 @@
 #
 # ${IFACE} is set to the interface being brought up/down
 # ${IFVAR} is ${IFACE} converted to variable name bash allows
+#
+# For historical and compatibility reasons, preup is actually normally called
+# in the following sequence: up ; preup ; up.
+# The first up causes the kernel to initialize the device, so
+# that it is available for use in the preup function.  However, for some
+# hardware, e.g. CAN devices, some configuration is needed before trying to up
+# the interface will actually work. For such hardware, the
+# up_before_preup variables will allow skipping the first up call if set
+# to yes.
+#up_before_preup_IFVAR="NO"
+#up_before_preup="NO"
 
 #preup() {
 #	# Test for link on the interface prior to bringing it up.  This

etc/Makefile

@@ -24,14 +24,5 @@ SED_EXTRA=	${SED_EXTRA-${OS}}
 
 include ${MK}/scripts.mk
 
-# We can't use "ifndef" here because that treats set-but-empty
-# as not-set which is not what we want
-MKRCSYS ?= automagicplease
-ifeq (${MKRCSYS},automagicplease)
-# If the user isn't picking a default, then have the
-# config go with runtime automagic detection #357247
-rc.conf: SED_EXTRA += -e '/^rc_sys=""/s:^:\#:'
-MKRCSYS =
-endif
 rc.conf: rc.conf.in rc.conf.${OS}
 	${SED} ${SED_REPLACE} ${SED_EXTRA} $^ > $@

etc/rc.conf.FreeBSD

@@ -4,11 +4,9 @@
 # This is the subsystem type. Valid options on FreeBSD:
 # ""        - nothing special
 # "jail"    - FreeBSD jails
-# "prefix"  - Prefix
-# If this is commented out, automatic detection will be attempted.
-# Note that automatic detection does not work in a prefix environment.
+# If this is commented out, automatic detection will be used.
 #
 # This should be set to the value representing the environment this file is
 # PRESENTLY in, not the virtualization the environment is capable of.
-rc_sys="@RC_SYS_DEFAULT@"
+#rc_sys=""
 

etc/rc.conf.Linux

@@ -5,20 +5,16 @@
 # ""        - nothing special
 # "lxc"     - Linux Containers
 # "openvz"  - Linux OpenVZ
-# "prefix"  - Prefix
 # "uml"     - Usermode Linux
 # "vserver" - Linux vserver
 # "xen0"    - Xen0 Domain
 # "xenU"    - XenU Domain
-# If this is commented out, automatic detection will be attempted.
-# Note that autodetection will not work in a prefix environment or in a
-# linux container.
+# If this is commented out, automatic detection will be used.
 #
 # This should be set to the value representing the environment this file is
 # PRESENTLY in, not the virtualization the environment is capable of.
-rc_sys="@RC_SYS_DEFAULT@"
+#rc_sys=""
 
 # This is the number of tty's used in most of the rc-scripts (like
 # consolefont, numlock, etc ...)
 rc_tty_number=12
-

etc/rc.conf.NetBSD

@@ -3,13 +3,11 @@
 
 # This is the subsystem type. Valid options on NetBSD:
 # ""        - nothing special
-# "prefix"  - Prefix
 # "xen0"    - Xen0 Domain
 # "xenU"    - XenU Domain
-# If this is commented out, automatic detection will be attempted.
-# Note that automatic detection does not work in a prefix environment.
+# If this is commented out, automatic detection will be used.
 #
 # This should be set to the value representing the environment this file is
 # PRESENTLY in, not the virtualization the environment is capable of.
-rc_sys="@RC_SYS_DEFAULT@"
+#rc_sys=""
 

etc/rc.conf.in

@@ -1,8 +1,18 @@
 # Global OpenRC configuration settings
 
+# Set to "YES" if you want the rc system to try and start services
+# in parallel for a slight speed improvement. When running in parallel we
+# prefix the service output with its name as the output will get
+# jumbled up.
+# WARNING: whilst we have improved parallel, it can still potentially lock
+# the boot process. Don't file bugs about this unless you can supply
+# patches that fix it without breaking other things!
+#rc_parallel="NO"
+
 # Set rc_interactive to "YES" and you'll be able to press the I key during
 # boot so you can choose to start specific services. Set to "NO" to disable
-# this feature.
+# this feature. This feature is automatically disabled if rc_parallel is
+# set to YES.
 #rc_interactive="YES"
 
 # If we need to drop to a shell, you can specify it here.

init.d/.gitignore

@@ -11,6 +11,7 @@ network
 root
 savecache
 swap
+swapfiles
 sysctl
 urandom
 devfs

init.d/Makefile

@@ -1,7 +1,7 @@
 DIR=	${INITDIR}
 SRCS=	bootmisc.in fsck.in hostname.in local.in localmount.in netmount.in \
-	network.in root.in savecache.in staticroute.in swap.in swclock.in \
-	sysctl.in urandom.in ${SRCS-${OS}}
+	network.in root.in savecache.in staticroute.in swap.in swapfiles.in \
+	swclock.in sysctl.in urandom.in ${SRCS-${OS}}
 BIN=	${OBJS}
 
 INSTALLAFTER=	_installafter_net.lo

init.d/adjkerntz.in

@@ -22,7 +22,7 @@ depend()
 	   [ "$clock" != "UTC" -a ! -e /etc/wall_cmos_clock ]; then
 		need root
 	fi
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start()

init.d/bootmisc.in

@@ -7,12 +7,7 @@ depend()
 	need localmount
 	before logger
 	after clock sysctl
-	keyword -prefix -timeout
-}
-
-dir_writable()
-{
-	mkdir "$1"/.test.$$ 2>/dev/null && rmdir "$1"/.test.$$
+	keyword -timeout
 }
 
 : ${wipe_tmp:=${WIPE_TMP:-yes}}
@@ -25,7 +20,7 @@ cleanup_tmp_dir()
 	if ! [ -d "$dir" ]; then
 		mkdir -p "$dir" || return $?
 	fi
-	dir_writable "$dir" || return 1
+	checkpath -W "$dir" || return 1
 	chmod a+rwt "$dir" 2> /dev/null
 	cd "$dir" || return 1
 	if yesno $wipe_tmp; then
@@ -117,12 +112,12 @@ start()
 		fi
 	done
 
-	if [ "$RC_UNAME" = Linux -a -d /run ]; then
+	if [ "$RC_UNAME" = Linux -a -d /run ] && false; then
 		migrate_to_run	/var/lock /run/lock
 		migrate_to_run	/var/run /run
 	fi
 
-	if dir_writable /var/run; then
+	if checkpath -W /var/run; then
 		ebegin "Creating user login records"
 		local xtra=
 		[ "$RC_UNAME" = NetBSD ] && xtra=x
@@ -164,7 +159,7 @@ start()
 		cleanup_tmp_dir "$tmp"
 	done
 
-	if dir_writable /tmp; then
+	if checkpath -W /tmp; then
 		# Make sure our X11 stuff have the correct permissions
 		# Omit the chown as bootmisc is run before network is up
 		# and users may be using lame LDAP auth #139411
@@ -177,7 +172,7 @@ start()
 	fi
 
 	if yesno $log_dmesg; then
-		if $logw || dir_writable /var/log; then
+		if $logw || checkpath -W /var/log; then
 			# Create an 'after-boot' dmesg log
 			if [ "$RC_SYS" != VSERVER -a "$RC_SYS" != OPENVZ ]; then
 				dmesg > /var/log/dmesg
@@ -186,7 +181,6 @@ start()
 		fi
 	fi
 
-	[ -w /etc/nologin ] && rm -f /etc/nologin
 	return 0
 }
 

init.d/consolefont.in

@@ -8,7 +8,7 @@ depend()
 {
 	need localmount termencoding
 	after hotplug bootmisc
-	keyword -openvz -prefix -uml -vserver -xenu -lxc
+	keyword -openvz -uml -vserver -xenu -lxc
 }
 
 start()
@@ -54,7 +54,7 @@ start()
 	eend $retval
 
 	# Store the last font so we can use it ASAP on boot
-	if [ $retval -eq 0 -a -w "$RC_LIBEXECDIR" ]; then
+	if [ $retval -eq 0 ] && checkpath -W "$RC_LIBEXECDIR"; then
 		mkdir -p "$RC_LIBEXECDIR"/console
 		for font in /usr/share/consolefonts/"$consolefont".*; do
 			:

init.d/devd.in

@@ -10,7 +10,7 @@ depend() {
 	need localmount
 	after bootmisc
 	before net.lo0
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start_pre() {

init.d/devfs.in

@@ -6,7 +6,7 @@ description="Mount system critical filesystems in /dev."
 
 depend() {
 	use dev
-	keyword -prefix -vserver
+	keyword -vserver
 }
 
 start() {

init.d/dumpon.in

@@ -6,7 +6,7 @@ description="Configures a specific kernel dump device."
 
 depend() {
 	need swap
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start() {

init.d/fsck.in

@@ -9,7 +9,7 @@ _IFS="
 depend()
 {
 	use dev clock modules
-	keyword -jail -openvz -prefix -timeout -vserver -lxc
+	keyword -jail -openvz -timeout -vserver -lxc
 }
 
 _abort() {

init.d/hostid.in

@@ -9,7 +9,7 @@ depend()
 {
 	use root
 	before devd net
-	keyword -jail -prefix
+	keyword -jail
 }
 
 _set()

init.d/hostname.in

@@ -5,7 +5,7 @@
 description="Sets the hostname of the machine."
 
 depend() {
-	keyword -prefix -lxc
+	keyword -lxc
 }
 
 start()

init.d/hwclock.in

@@ -28,7 +28,7 @@ depend()
 	else
 		before *
 	fi
-	keyword -openvz -prefix -uml -vserver -xenu -lxc
+	keyword -openvz -uml -vserver -xenu -lxc
 }
 
 setupopts()
@@ -94,7 +94,7 @@ start()
 		"$utc_cmd" != --utc -o \
 		-n "$clock_args" ];
 	then
-		if yesno $clock_hctosys; then
+		if yesno ${clock_hctosys:-YES}; then
 			_hwclock --hctosys $utc_cmd $clock_args
 		else
 			_hwclock --systz $utc_cmd $clock_args
@@ -111,7 +111,7 @@ stop()
 {
 	# Don't tweak the hardware clock on LiveCD halt.
 	[ -n "$CDBOOT" ] && return 0
-	yesno $clock_systohc || return 0
+	yesno ${clock_systohc:-YES} || return 0
 
 	local retval=0 errstr=""
 	setupopts

init.d/keymaps.in

@@ -8,7 +8,7 @@ depend()
 {
 	need localmount termencoding
 	after bootmisc
-	keyword -openvz -prefix -uml -vserver -xenu -lxc
+	keyword -openvz -uml -vserver -xenu -lxc
 }
 
 start()
@@ -63,7 +63,7 @@ start()
 	fi
 
 	# Save the keymapping for use immediately at boot
-	if [ -w "$RC_LIBEXECDIR" ]; then
+	if checkpath -W "$RC_LIBEXECDIR"; then
 		mkdir -p "$RC_LIBEXECDIR"/console
 		dumpkeys >"$RC_LIBEXECDIR"/console/keymap
 	fi

init.d/killprocs.in

@@ -4,11 +4,6 @@
 
 description="Kill all processes so we can unmount disks cleanly."
 
-depend()
-{
-	keyword -prefix
-}
-
 start()
 {
 	ebegin "Terminating remaining processes"

init.d/localmount.in

@@ -9,7 +9,7 @@ depend()
 	need fsck
 	use lvm modules mtab
 	after lvm modules
-	keyword -jail -openvz -prefix -vserver -lxc
+	keyword -jail -openvz -vserver -lxc
 }
 
 start()

init.d/mixer.in

@@ -7,7 +7,7 @@ extra_commands="restore"
 depend()
 {
 	need localmount
-	keyword -jail -prefix
+	keyword -jail
 }
 
 restore()

init.d/modules.in

@@ -7,7 +7,7 @@ description="Loads a user defined list of kernel modules."
 depend()
 {
 	use isapnp
-	keyword -openvz -prefix -vserver -lxc
+	keyword -openvz -vserver -lxc
 }
 
 start()

init.d/mount-ro.in

@@ -7,7 +7,7 @@ description="Re-mount filesytems read-only for a clean reboot."
 depend()
 {
 	need killprocs savecache
-	keyword -prefix -openvz -vserver -lxc
+	keyword -openvz -vserver -lxc
 }
 
 start()

init.d/moused.in

@@ -16,7 +16,7 @@ depend()
 {
 	need localmount
 	after bootmisc
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start()

init.d/mtab.in

@@ -7,7 +7,6 @@ description="Update /etc/mtab to match what the kernel knows about"
 depend()
 {
 	need root
-	keyword -prefix
 }
 
 start()

init.d/net.lo.in

@@ -20,12 +20,14 @@ depend()
 
 	need localmount
 	after bootmisc
-	provide net
-	keyword -jail -prefix -vserver
+	keyword -jail -vserver
 
 	case "${IFACE}" in
-		lo|lo0);;
-		*) after net.lo net.lo0;;
+		lo|lo0) provide lo;;
+		*)
+			after net.lo net.lo0 dbus
+			provide net
+			;;
 	esac
 
 	if [ "$(command -v "depend_${IFVAR}")" = "depend_${IFVAR}" ]; then
@@ -37,6 +39,8 @@ depend()
 		eval prov=\$rc_${dep}_${IFVAR}
 		if [ -n "${prov}" ]; then
 			${dep} ${prov}
+			ewarn "rc_${dep}_${IFVAR} is deprecated."
+			ewarn "Please use rc_net_${IFVAR}_${dep} instead."
 		fi
 	done
 }
@@ -169,6 +173,36 @@ _configure_variables()
 	done
 }
 
+_which()
+{
+	local i OIFS
+	# Empty
+	[ -z "$1" ] && return
+	# check paths
+	OIFS="$IFS"
+	IFS=:
+	for i in $PATH ; do
+		[ -x $i/$1 ] && echo $i/$1 && break
+	done
+	IFS=$OIFS
+}
+
+# Like _which, but also consider shell builtins, and multiple alternatives
+_program_available()
+{
+	[ -z "$1" ] && return 0
+	local x=
+	for x; do
+		case "${x}" in
+			/*) [ -x "${x}" ] && break;;
+			*) type "${x}" >/dev/null 2>&1 && break;;
+		esac
+		unset x
+	done
+	[ -n "${x}" ] && echo $x && return 0
+	return 1
+}
+
 _show_address()
 {
 	einfo "received address $(_get_inet_address "${IFACE}")"
@@ -311,11 +345,10 @@ _load_modules()
 
 		eval set -- \$module_${i}_program
 		if [ -n "$1" ]; then
-			x=
-			for x; do
-				[ -x "${x}" ] && break
-			done
-			[ -x "${x}" ] || continue
+			if ! _program_available "$@" >/dev/null; then
+				vewarn "Skipping module $mod due to missing program: $@"
+				continue
+			fi
 		fi
 		if ${starting}; then
 			eval set -- \$module_${i}_program_start
@@ -323,15 +356,10 @@ _load_modules()
 			eval set -- \$module_${i}_program_stop
 		fi
 		if [ -n "$1" ]; then
-			x=
-			for x; do
-				case "${x}" in
-					/*) [ -x "${x}" ] && break;;
-					*) type "${x}" >/dev/null 2>&1 && break;;
-				esac
-				unset x
-			done
-			[ -n "${x}" ] || continue
+			if ! _program_available "$@" >/dev/null; then
+				vewarn "Skipping module $mod due to missing program: $@"
+				continue
+			fi
 		fi
 
 		eval provides=\$module_${i}_provide
@@ -407,16 +435,18 @@ _load_config()
 	set -- ${config}
 
 	# We should support a space separated array for cidr configs
+	# But only as long as they do not contain other parameters for the address
 	if [ $# = 1 ]; then
 		unset IFS
 		set -- ${config}
 		# Of course, we may have a single address added old style.
-		case "$2" in
-			netmask|broadcast|brd|brd+|peer|pointopoint)
-				local IFS="$__IFS"
-				set -- ${config}
-				;;
-		esac
+		# If the NEXT argument is a v4 or v6 address, it's the next config.
+		# Otherwise, it's arguments to the first config...
+		if [ "${2#*.*}" = "${2}" -a "${2#*:*}" = "${2}" ]; then
+			# Not an IPv4/IPv6
+			local IFS="$__IFS"
+			set -- ${config}
+		fi
 	fi
 
 	# Ensure that loopback has the correct address
@@ -488,7 +518,9 @@ start()
 {
 	local IFACE=${RC_SVCNAME#*.} oneworked=false fallback=false module=
 	local IFVAR=$(shell_var "${IFACE}") cmd= our_metric=
-	local metric=0
+	local metric=0 _up_before_preup
+	eval _up_before_preup="\$up_before_preup_${IFVAR}"
+	[ -z "${_up_before_preup}" ] && _up_before_preup=$up_before_preup
 
 	einfo "Bringing up interface ${IFACE}"
 	eindent
@@ -502,7 +534,7 @@ start()
 	# available in preup and afterwards incase the user inadvertently
 	# brings it down
 	if [ "$(command -v preup)" = "preup" ]; then
-		_up 2>/dev/null
+		yesno "${_up_before_preup:-yes}" && _up 2>/dev/null
 		ebegin "Running preup"
 		eindent
 		preup || return 1

init.d/netmount.in

@@ -35,7 +35,7 @@ depend()
 	need net $pmap
 	use afc-client amd autofs openvpn
 	use dns nfs nfsmount portmap rpcbind rpc.statd rpc.lockd
-	keyword -jail -prefix -vserver
+	keyword -jail -vserver
 }
 
 start()

init.d/network.in

@@ -13,7 +13,7 @@ depend()
 	need localmount
 	after bootmisc
 	provide net
-	keyword -jail -prefix -vserver
+	keyword -jail -vserver
 }
 
 uniqify()

init.d/newsyslog.in

@@ -7,7 +7,6 @@ required_files="/etc/newsyslog.conf"
 depend()
 {
 	need localmount
-	keyword -prefix
 }
 
 start()

init.d/numlock.in

@@ -9,7 +9,7 @@ ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}}
 depend()
 {
 	need localmount
-	keyword -openvz -prefix -vserver -lxc
+	keyword -openvz -vserver -lxc
 }
 
 _setleds()

init.d/pf.in

@@ -11,7 +11,7 @@ extra_started_commands="reload"
 
 depend() {
 	need localmount
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start()

init.d/powerd.in

@@ -12,7 +12,7 @@ depend()
 	need localmount
 	use logger
 	after bootmisc
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start_pre()

init.d/procfs.in

@@ -8,7 +8,7 @@ depend()
 {
 	use modules devfs
 	need localmount
-	keyword -openvz -prefix -vserver -lxc
+	keyword -openvz -vserver -lxc
 }
 
 start()
@@ -20,6 +20,29 @@ start()
 
 	[ -e /proc/filesystems ] || return 0
 
+	# Setup Kernel Support for miscellaneous Binary Formats
+	if [ -d /proc/sys/fs/binfmt_misc -a ! -e /proc/sys/fs/binfmt_misc/register ]; then
+		if grep -qs binfmt_misc /proc/filesystems; then
+			ebegin "Mounting misc binary format filesystem"
+			mount -t binfmt_misc -o nodev,noexec,nosuid \
+				binfmt_misc /proc/sys/fs/binfmt_misc
+			if eend $? ; then
+				local fmts
+				ebegin "Loading custom binary format handlers"
+				fmts=$(grep -hsv -e '^[#;]' -e '^[[:space:]]*$' \
+					/run/binfmt.d/*.conf \
+					@SYSCONFDIR@/binfmt.d/*.conf \
+					""/usr/lib/binfmt.d/*.conf)
+				if [ -n "${fmts}" ]; then
+					echo "${fmts}" > /proc/sys/fs/binfmt_misc/register
+				fi
+				eend $?
+			fi
+		fi
+	fi
+
+	[ "$RC_SYS" == "OPENVZ" ] && return 0
+
 	# Check what USB fs the kernel support.  Currently
 	# 2.5+ kernels, and later 2.4 kernels have 'usbfs',
 	# while older kernels have 'usbdevfs'.
@@ -37,27 +60,6 @@ start()
 		fi
 	fi
 
-	# Setup Kernel Support for miscellaneous Binary Formats
-	if [ -d /proc/sys/fs/binfmt_misc -a ! -e /proc/sys/fs/binfmt_misc/register ]; then
-		if grep -qs binfmt_misc /proc/filesystems; then
-			ebegin "Mounting misc binary format filesystem"
-			mount -t binfmt_misc -o nodev,noexec,nosuid \
-				binfmt_misc /proc/sys/fs/binfmt_misc
-			if eend $? ; then
-				local fmts
-				ebegin "Loading custom binary format handlers"
-				fmts=$(grep -hsv -e '^[#;]' -e '^[[:space:]]*$' \
-					/run/binfmt.d/*.conf \
-					"/etc"/binfmt.d/*.conf \
-					""/usr/lib/binfmt.d/*.conf)
-				if [ -n "${fmts}" ]; then
-					echo "${fmts}" > /proc/sys/fs/binfmt_misc/register
-				fi
-				eend $?
-			fi
-		fi
-	fi
-
 	# Setup Kernel Support for SELinux
 	if [ -d /selinux ] && ! mountinfo -q /selinux; then
 		if grep -qs selinuxfs /proc/filesystems; then

init.d/rc-enabled.in

@@ -7,7 +7,6 @@ depend()
 	need localmount net
 	after *
 	before local
-	keyword -prefix
 }
 
 start()

init.d/root.in

@@ -7,26 +7,47 @@ description="Mount the root fs read/write"
 depend()
 {
 	need fsck
-	keyword -jail -openvz -prefix -vserver -lxc
+	keyword -jail -openvz -vserver -lxc
 }
 
 start()
 {
 	case ",$(fstabinfo -o /)," in
-	*,ro,*) return 0;;
+		*,ro,*)
+		;;
+		*)
+			# Check if the rootfs isn't already writable.
+			if checkpath -W /; then
+				rm -f /fastboot /forcefsck
+			else
+				ebegin "Remounting root filesystem read/write"
+				case "$RC_UNAME" in
+					Linux)
+						mount -n -o remount,rw /
+					;;
+					*)
+						mount -u -o rw /
+					;;
+				esac
+				eend $? "Root filesystem could not be mounted read/write"
+				if [ $?  -eq 0 ]; then
+					rm -f /fastboot /forcefsck
+				fi
+			fi
+		;;
 	esac
 
-	if echo 2>/dev/null >/.test.$$; then
-		rm -f /.test.$$ /fastboot /forcefsck
-		return 0
-	fi
-
-	ebegin "Remounting root filesystem read/write"
-	case "$RC_UNAME" in
-		Linux)	mount -n -o remount,rw /;;
-		*)	mount -u -o rw /;;
-	esac
-	if eend $? "Root filesystem could not be mounted read/write"; then
-		rm -f /fastboot /forcefsck
-	fi
+	ebegin "Remounting filesystems"
+	local mountpoint
+	for mountpoint in $(fstabinfo); do
+		case "${mountpoint}" in
+			/)
+			;;
+			/*)
+				mountinfo -q "${mountpoint}" && \
+					fstabinfo --remount "${mountpoint}"
+			;;
+		esac
+	done
+	eend 0
 }

init.d/savecore.in

@@ -7,7 +7,7 @@ description="Saves a kernel dump."
 depend()
 {
 	need localmount
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start()

init.d/staticroute.in

@@ -12,7 +12,7 @@ depend()
 {
 	provide net
 	use network
-	keyword -jail -prefix -vserver
+	keyword -jail -vserver
 }
 
 pre_flight_checks()

init.d/swap-blk.in

@@ -5,7 +5,7 @@
 depend()
 {
 	before fsck
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start()

init.d/swap.in

@@ -4,14 +4,15 @@
 
 depend()
 {
-	need localmount
-	keyword -jail -openvz -prefix -vserver -lxc
+	before localmount
+	keyword -jail -openvz -vserver -lxc
 }
 
 start()
 {
 	ebegin "Activating swap devices"
 	case "$RC_UNAME" in
+		Linux)		swapon -a -e >/dev/null;;
 		NetBSD|OpenBSD) swapctl -A -t noblk >/dev/null;;
 		*)		swapon -a >/dev/null;;
 	esac
@@ -23,7 +24,7 @@ stop()
 	ebegin "Deactivating swap devices"
 
 	# Try to unmount all tmpfs filesystems not in use, else a deadlock may
-	# occure. As $RC_SVCDIR may also be tmpfs we cd to it to lock it
+	# occur. As $RC_SVCDIR may also be tmpfs we cd to it to lock it
 	cd "$RC_SVCDIR"
 	umount -a -t tmpfs 2>/dev/null
 

init.d/swapfiles.in

@@ -0,0 +1,45 @@
+#!@PREFIX@/sbin/runscript
+# Copyright (c) 2007-2009 Roy Marples <roy@marples.name>
+# Released under the 2-clause BSD license.
+
+depend()
+{
+	need localmount
+	keyword -jail -openvz -prefix -vserver -lxc
+}
+
+start()
+{
+	ebegin "Activating additional swap space"
+	case "$RC_UNAME" in
+		NetBSD|OpenBSD) swapctl -A -t noblk >/dev/null;;
+		*)		swapon -a >/dev/null;;
+	esac
+	eend 0 # If swapon has nothing todo it errors, so always return 0
+}
+
+stop()
+{
+	ebegin "Deactivating additional swap space"
+
+	# Try to unmount all tmpfs filesystems not in use, else a deadlock may
+	# occur. As $RC_SVCDIR may also be tmpfs we cd to it to lock it
+	# fixme: Do we need this here since we are only unmounting swap files
+	# and loopback swap?
+	cd "$RC_SVCDIR"
+	umount -a -t tmpfs 2>/dev/null
+
+	case "$RC_UNAME" in
+		Linux)
+			while read filename type rest; do
+				case "$type" in
+					file) swapoff $filename >/dev/null;;
+				esac
+				case "$filename" in
+					/dev/loop*) swapoff $filename >/dev/null;;
+				esac
+			done < /proc/swaps
+			;;
+	esac
+	eend 0
+}

init.d/swclock.in

@@ -8,7 +8,7 @@ depend()
 {
 	before *
 	provide clock
-	keyword -openvz -prefix -uml -vserver -xenu -lxc
+	keyword -openvz -uml -vserver -xenu -lxc
 }
 
 # swclock is an OpenRC built in

init.d/syscons.in

@@ -4,7 +4,7 @@
 
 depend() {
 	need localmount
-	keyword -jail -prefix
+	keyword -jail
 }
 
 start() {

init.d/sysctl.BSD.in

@@ -5,7 +5,6 @@
 depend()
 {
 	before bootmisc logger
-	keyword -prefix
 }
 
 start()

init.d/sysctl.Linux.in

@@ -5,7 +5,7 @@
 depend()
 {
 	before bootmisc logger
-	keyword -prefix -vserver
+	keyword -vserver
 }
 
 start()

init.d/sysfs.in

@@ -6,7 +6,7 @@ description="Mount the sys filesystem."
 
 depend()
 {
-	keyword -prefix -vserver
+	keyword -vserver
 }
 
 mount_sys()
@@ -61,28 +61,38 @@ mount_misc()
 		fi
 	fi
 
-	# Setup Kernel Support for cgroup
-	if [ -d /sys/fs/cgroup ]; then
-		if grep -qs cgroup /proc/filesystems && \
-			! mountinfo -q /sys/fs/cgroup; then
+	# set up kernel support for cgroups
+	if [ -d /sys/fs/cgroup ] && ! mountinfo -q /sys/fs/cgroup; then
+		if grep -qs cgroup /proc/filesystems; then
 			ebegin "Mounting cgroup filesystem"
-			mount -n -t tmpfs -o  nodev,noexec,nosuid \
-				cgroup /sys/fs/cgroup
+			local opts="nodev,noexec,nosuid,mode=755,size=${rc_cgroupsize:-10m}"
+			mount -n -t tmpfs -o ${opts} cgroup_root /sys/fs/cgroup
 			eend $?
 		fi
-		if ! mountinfo -q /sys/fs/cgroup/openrc; then
-			ebegin "creating openrc control group"
-			mkdir /sys/fs/cgroup/openrc
-			mount -n -t cgroup -o  nodev,noexec,nosuid \
-				openrc /sys/fs/cgroup/openrc
-			echo 1 > /sys/fs/cgroup/openrc/notify_on_release
-			echo @LIBEXECDIR@/sh/cgroup-release-agent.sh \
-				> /sys/fs/cgroup/openrc/release_agent
-			eend
-		fi
 	fi
 }
 
+mount_cgroups()
+{
+	yesno ${rc_cgroups:-YES} && [ -e /proc/cgroups ] && \
+		mountinfo -q /sys/fs/cgroup || return 0
+
+	local agent="@LIBEXECDIR@/sh/cgroup-release-agent.sh"
+	mkdir /sys/fs/cgroup/openrc
+	mount -n -t cgroup \
+		-o none,nodev,noexec,nosuid,name=openrc,release_agent="$agent" \
+		openrc /sys/fs/cgroup/openrc
+	echo 1 > /sys/fs/cgroup/openrc/notify_on_release
+	while read name hier groups enabled rest; do
+		case "${enabled}" in
+			1)	mkdir /sys/fs/cgroup/${name}
+				mount -n -t cgroup -o nodev,noexec,nosuid,${name} \
+					${name} /sys/fs/cgroup/${name}
+				;;
+		esac
+	done < /proc/cgroups
+}
+
 start()
 {
 	local retval
@@ -90,6 +100,11 @@ start()
 	retval=$?
 	if [ $retval -eq 0 ]; then
 		mount_misc
+		retval=$?
+	fi
+	if [ $retval -eq 0 ]; then
+		mount_cgroups
+		retval=$?
 	fi
 	return $retval
 }

init.d/syslogd.in

@@ -16,5 +16,4 @@ depend()
 	use net newsyslog
 	need localmount
 	after bootmisc
-	keyword -prefix
 }

init.d/termencoding.in

@@ -9,8 +9,8 @@ ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}}
 
 depend()
 {
-	keyword -openvz -prefix -uml -vserver -xenu
-	need root
+	keyword -openvz -uml -vserver -xenu
+	use root
 	after bootmisc
 }
 
@@ -35,7 +35,7 @@ start()
 	done
 
 	# Save the encoding for use immediately at boot
-	if [ -w "$RC_LIBEXECDIR" ]; then
+	if checkpath -W "$RC_LIBEXECDIR"; then
 		mkdir -p "$RC_LIBEXECDIR"/console
 		if yesno ${unicode:-${UNICODE}}; then
 			echo "" > "$RC_LIBEXECDIR"/console/unicode

init.d/ttys.in

@@ -5,7 +5,6 @@
 depend()
 {
 	after fsck
-	keyword -prefix
 }
 
 start()

init.d/urandom.in

@@ -8,7 +8,7 @@ description="Initializes the random number generator."
 depend()
 {
 	need localmount
-	keyword -jail -openvz -prefix
+	keyword -jail -openvz
 }
 
 save_seed()

init.d/wscons.in

@@ -5,7 +5,6 @@
 depend()
 {
 	need localmount
-	keyword -prefix
 }
 
 start()

man/runscript.8

@@ -21,7 +21,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 4, 2009
+.Dd December 31, 2011
 .Dt RUNSCRIPT 8 SMM
 .Os OpenRC
 .Sh NAME
@@ -32,6 +32,7 @@
 .Op Fl D , -nodeps
 .Op Fl d , -debug
 .Op Fl s , -ifstarted
+.Op Fl S , -ifstopped
 .Op Fl Z , -dry-run
 .Op Ar command ...
 .Sh DESCRIPTION
@@ -76,6 +77,8 @@ Set xtrace on in the shell to assist in debugging.
 Ignore all dependency information the service supplies.
 .It Fl s , -ifstarted
 Only run the command if the service has been started.
+.It Fl S , -ifstopped
+Only run the command if the service has been stopped.
 .It Fl q , -quiet
 Turns off all informational output the service generates.
 Output from any non OpenRC commands is not affected.
@@ -89,7 +92,8 @@ or stopping them.
 The following variables affect the service script:
 .Bl -tag -width "RC_DEFAULTLEVEL"
 .It Ar extra_commands
-Space separated list of extra commands the service defines.
+Space separated list of extra commands the service defines. These should
+not depend on the service being stopped or started.
 .It Ar extra_started_commands
 Space separated list of extra commands the service defines. These only work if
 the service has already been started.
@@ -99,17 +103,27 @@ the service has already been stopped.
 .It Ar description
 String describing the service.
 .It Ar description_$command
-String describing the extra command the.
+String describing the extra command.
+.It Ar start_stop_daemon_args
+List of arguments passed to start-stop-daemon when starting the daemon.
 .It Ar command
 Daemon to start or stop via
 .Nm start-stop-daemon
 if no start or stop function is defined by the service.
 .It Ar command_args
 List of arguments to pass to the daemon when starting.
+.It Ar command_background
+Set this to "true", "yes" or "1" (case-insensitive) to force the daemon into
+the background. This implies the "--make-pidfile" and "--pidfile" option of
+.Xr start-stop-daemon 8
+so the pidfile variable must be set.
 .It Ar pidfile
 Pidfile to use for the above defined command.
 .It Ar name
 Display name used for the above defined command.
+.It Ar retry
+Retry schedule to use when stopping the daemon. It can either be a
+timeout in seconds or multiple signal/timeout pairs (like SIGTERM/5).
 .El
 .Sh DEPENDENCIES
 You should define a
@@ -142,7 +156,7 @@ Tags a service with a keyword. Here's the keywords we currently understand:-
 .Bl -tag -width indent
 .It Dv -shutdown
 Don't stop this service when shutting the system down.
-This normally quite safe as remaining daemons will be sent a SIGTERM just
+This is normally quite safe as remaining daemons will be sent a SIGTERM just
 before final shutdown.
 Network related services such as the network and dhcpcd init scripts normally
 have this keyword.
@@ -162,8 +176,6 @@ in
 Same as -jail, but for Linux Resource Containers (LXC).
 .It Dv -openvz
 Same as -jail, but for OpenVZ systems.
-.It Dv -prefix
-Same as -jail, but for Prefix systems.
 .It Dv -uml
 Same as -jail, but for UML systems.
 .It Dv -vserver
@@ -224,7 +236,7 @@ seconds until all files exist.
 Returns 0 if all files exist, otherwise non zero.
 If
 .Ar timeout
-is less then 1 then we wait indefinitely.
+is less than 1 then we wait indefinitely.
 .It Ic is_newer_than Ar file1 Ar file2 ...
 If
 .Ar file1
@@ -291,14 +303,22 @@ Mark the service as coldplugged.
 Mark the service as inactive.
 .It Xo
 .Ic checkpath
+.Op Fl D , -directory-truncate
 .Op Fl d , -directory
+.Op Fl F , -file-truncate
 .Op Fl f , -file
+.Op Fl p , -pipe
 .Op Fl m , -mode Ar mode
 .Op Fl o , owner Ar owner
 .Ar path ...
 .Xc
 Checks to see if the path exists, is of the right type, owned by the right
 people and has the correct access modes. If not, then it corrects the path.
+.It Ic checkpath
+.Op Fl W , -writable
+.Ar path
+.Xc
+checks to see if the path is writable.
 .It Ic yesno Ar value
 If
 .Ar value
@@ -311,7 +331,14 @@ sets the following environment variables for use in the service scripts:
 .It Va RC_SVCNAME
 Name of the service.
 .It Va RC_RUNLEVEL
-Current runlevel that rc is in.
+Current runlevel that rc is in. Note that, in OpenRC, the reboot
+runlevel is mapped to the shutdown runlevel. This was done because most
+services do not need to know if a system is shutting down or rebooting.
+If you are writing a service that does need to know this, see the
+RC_REBOOT variable.
+.It Va RC_REBOOT
+This variable contains YES if the system is rebooting. If your service
+needs to know the system is rebooting, you should test this variable.
 .It Va RC_BOOTLEVEL
 Boot runlevel chosen. Default is boot.
 .It Va RC_DEFAULTLEVEL
@@ -357,9 +384,8 @@ rc_provide_tap1="!net"
 # To put in in /etc/rc.conf you would do it like this
 rc_net_tap1_provide="!net"
 
-# It's also possible to negate keywords. This is mainly useful for prefix
-# users testing OpenRC.
-rc_keyword="!noprefix"
+# It's also possible to negate keywords.
+rc_keyword="-keyword"
 .Ed
 .Sh EXAMPLES
 .Pp
@@ -465,6 +491,12 @@ show()
 
 .Ed
 .Sh BUGS
+Because of the way we load our configuration files and the need to handle
+more than one service directory, you can only use symlinks in service
+directories to other services in the same directory.
+You cannot symlink to a service in a different directory even if it is
+another service directory.
+.Pp
 is_older_than should return 0 on success.
 Instead we return 1 to be compliant with Gentoo baselayout.
 Users are encouraged to use the is_newer_than function which returns correctly.

man/start-stop-daemon.8

@@ -162,9 +162,8 @@ but with the standard error output.
 These options are only used for stopping daemons:
 .Bl -tag -width indent
 .It Fl R , -retry Ar timeout | Ar signal Ns / Ns Ar timeout
-You can either specify a timeout in seconds or a multiple signal/timeout
-pairs as a stopping schedule.
-If not specified then a default value of SIGTERM/5 is assumed.
+The retry specification can be either a timeout in seconds or multiple
+signal/timeout pairs (like SIGTERM/5).
 .El
 .Sh ENVIRONMENT
 .Va SSD_NICELEVEL

mk/os-Linux.mk

@@ -4,5 +4,5 @@
 SFX=		.Linux.in
 PKG_PREFIX?=	/usr
 
-CPPFLAGS+=	-D_BSD_SOURCE -D_XOPEN_SOURCE=600
+CPPFLAGS+=	-D_BSD_SOURCE -D_XOPEN_SOURCE=700
 LIBDL=		-Wl,-Bdynamic -ldl

mk/scripts.mk

@@ -12,7 +12,7 @@ _PKG_SED:=		$(shell ${_PKG_SED_SH})
 _LCL_SED_SH=		if test "${PREFIX}" = "${LOCAL_PREFIX}"; then echo "-e 's:@LOCAL_PREFIX@::g'"; else echo "-e 's:@LOCAL_PREFIX@:${LOCAL_PREFIX}:g'"; fi
 _LCL_SED:=		$(shell ${_LCL_SED_SH})
 
-SED_REPLACE=		-e 's:@SHELL@:${SH}:g' -e 's:@LIB@:${LIBNAME}:g' -e 's:@SYSCONFDIR@:${SYSCONFDIR}:g' -e 's:@LIBEXECDIR@:${LIBEXECDIR}:g' -e 's:@PREFIX@:${PREFIX}:g' -e 's:@RC_SYS_DEFAULT@:${MKRCSYS}:g' ${_PKG_SED} ${_LCL_SED}
+SED_REPLACE=		-e 's:@SHELL@:${SH}:g' -e 's:@LIB@:${LIBNAME}:g' -e 's:@SYSCONFDIR@:${SYSCONFDIR}:g' -e 's:@LIBEXECDIR@:${LIBEXECDIR}:g' -e 's:@PREFIX@:${PREFIX}:g' ${_PKG_SED} ${_LCL_SED}
 
 # Tweak our shell scripts
 %.sh: %.sh.in

mk/sys.mk

@@ -22,6 +22,7 @@ SYSCONFDIR?=		${PREFIX}/etc
 INITDIR?=		${SYSCONFDIR}/init.d
 CONFDIR?=		${SYSCONFDIR}/conf.d
 LOCALDIR?=		${SYSCONFDIR}/local.d
+SYSCTLDIR?=		${SYSCONFDIR}/sysctl.d
 
 BINDIR?=		${PREFIX}/sbin
 BINMODE?=		0755

net/bonding.sh

@@ -95,16 +95,28 @@ bonding_pre_start()
 	_up
 
 	# finally add in slaves
+	# things needed in the process, and if they are done by ifenslave, openrc, and/or the kernel.
+	# down new slave interface: ifenslave, openrc
+	# set mtu: ifenslave, kernel
+	# set slave MAC: ifenslave, kernel
 	eoutdent
 	if [ -d /sys/class/net ]; then
 		sys_bonding_path=/sys/class/net/"${IFACE}"/bonding
+		local oiface
+		oiface=$IFACE
 		if [ -n "${primary}" ]; then
+			IFACE=$primary
+			_down
+			IFACE=$oiface
 			echo "+${primary}" >$sys_bonding_path/slaves
 			echo "${primary}" >$sys_bonding_path/primary
 		fi
 		for s in ${slaves}; do
 			[ "${s}" = "${primary}" ] && continue
 			if ! grep -q ${s} $sys_bonding_path/slaves; then
+				IFACE=$s
+				_down
+				IFACE=$oiface
 				echo "+${s}" >$sys_bonding_path/slaves
 			fi
 		done

net/br2684ctl.sh

@@ -1,19 +1,10 @@
 # Copyright (c) 2007-2008 Roy Marples <roy@marples.name>
 # Released under the 2-clause BSD license.
 
-_br2684ctl()
-{
-	if [ -x /usr/sbin/br2684ctl ]; then
-		echo /usr/sbin/br2684ctl
-	else
-		echo /sbin/br2684ctl
-	fi
-}
-
 br2684ctl_depend()
 {
 	before ppp
-	program start $(_br2684ctl)
+	program start br2684ctl
 }
 
 _config_vars="$_config_vars bridge bridge_add brctl"
@@ -42,7 +33,7 @@ br2684ctl_pre_start()
 	esac
 
 	einfo "Starting RFC 2684 Bridge control on ${IFACE}"
-	start-stop-daemon --start --exec $(_br2684ctl) --background \
+	start-stop-daemon --start --exec $(_which br2684ctl) --background \
 		--make-pidfile --pidfile "/var/run/br2684ctl-${IFACE}.pid" \
 		-- -c "${IFACE#nas*}" ${opts}
 	eend $?

net/bridge.sh

@@ -4,7 +4,7 @@
 bridge_depend()
 {
 	before interface macnet
-	program /sbin/brctl
+	program brctl
 }
 
 _config_vars="$_config_vars bridge bridge_add brctl"

net/ethtool.sh

@@ -1,13 +1,9 @@
 # Copyright (c) 2011 by Gentoo Foundation
 # Released under the 2-clause BSD license.
 
-_ethtool() {
-	echo /usr/sbin/ethtool
-}
-
 ethtool_depend()
 {
-	program $(_ethtool)
+	program ethtool
 	before interface
 }
 
@@ -43,7 +39,7 @@ ethtool_pre_start() {
 			args_pretty="--${opt} $IFACE ${args_pretty}"
 			args="--${opt} $IFACE ${args}"
 			ebegin "ethtool ${args_pretty}"
-			$(_ethtool) ${args}
+			ethtool ${args}
 			rc=$?
 			eend $rc "ethtool exit code $rc"
 			# TODO: ethtool has MANY different exit codes, with no

net/ifconfig.sh.BSD.in

@@ -242,3 +242,23 @@ ifconfig_post_start()
 		eend 0
 	fi
 }
+
+# Is the interface administratively/operationally up?
+# The 'UP' status in ifconfig is the administrative status
+# Operational state does not seem to be available in BSD?
+# 0: up
+# 1: down
+# 2: invalid arguments
+is_admin_up()
+{
+	local iface="$1"
+	[ -z "$iface" ] && iface="$IFACE"
+	ifconfig "${iface}" | \
+	sed -n '1,1{ /flags=.*[<,]UP[,>]/{ q 0 }}; q 1; '
+}
+
+is_oper_up()
+{
+	eerror "TODO: is_oper_up not available on BSD"
+	return 2
+}

net/ifconfig.sh.Linux.in

@@ -3,7 +3,7 @@
 
 ifconfig_depend()
 {
-	program /sbin/ifconfig
+	program /sbin/ifconfig /bin/ifconfig
 	provide interface
 }
 
@@ -19,7 +19,7 @@ _down()
 
 _exists()
 {
-	grep -Eq "^[[:space:]]*${IFACE}:" /proc/net/dev
+	[ -e /sys/class/net/"$IFACE" ]
 }
 
 _ifindex()
@@ -188,6 +188,12 @@ _add_route()
 	if [ "$1" = "-A" -o "$1" = "-f" -o "$1" = "-family" ]; then
 		family="-A $2"
 		shift; shift
+	elif [ "$1" = "-4" ]; then
+	    family="-A inet"
+		shift
+	elif [ "$1" = "-6" ]; then
+	    family="-A inet6"
+		shift
 	fi
 
 	if [ -n "${metric}" ]; then
@@ -297,3 +303,26 @@ ifconfig_post_stop()
 	iptunnel del "${IFACE}"
 	eend $?
 }
+
+# Is the interface administratively/operationally up?
+# The 'UP' status in ifconfig/iproute2 is the administrative status
+# Operational state is available in iproute2 output as 'state UP', or the
+# operstate sysfs variable.
+# 0: up
+# 1: down
+# 2: invalid arguments
+is_admin_up()
+{
+	local iface="$1"
+	[ -z "$iface" ] && iface="$IFACE"
+	ifconfig "${iface}" | \
+	sed -n '1,1{ /flags=.*[<,]UP[,>]/{ q 0 }}; q 1; '
+}
+
+is_oper_up()
+{
+	local iface="$1"
+	[ -z "$iface" ] && iface="$IFACE"
+	read state </sys/class/net/"${iface}"/operstate
+	[ "x$state" = "up" ]
+}

net/ip6rd.sh

@@ -0,0 +1,168 @@
+# Copyright (c) 2011 by Gentoo Foundation
+# Released under the 2-clause BSD license.
+
+_config_vars="$_config_vars link prefix suffix ipv4mask relay"
+
+ip6rd_depend()
+{
+	program ip
+	after interface
+}
+
+ip6rd_pre_start()
+{
+	# ALL interfaces run pre_start blocks, not just those with something
+	# assigned, so we must check if we need to run on this interface before we
+	# do so.
+	local config
+	eval config=\$config_${IFVAR}
+	[ "$config" = "ip6rd" ] || return 0
+
+	case "${MODULES}" in
+		*" ifconfig "*)
+			eerror "ifconfig is not supported for 6rd"
+			eerror "Please emerge sys-apps/iproute2"
+			return 1
+			;;
+	esac
+
+	local host= suffix= relay= addr= iface=${IFACE} config_ip6rd= localip= ipv4mask=
+	eval host=\$link_${IFVAR}
+	if [ -z "${host}" ]; then
+		eerror "link_${IFVAR} not set"
+		return 1
+	fi
+
+	eval host=\${link_${IFVAR}}
+	eval ipv4mask=\${ipv4mask_${IFVAR}:-0}
+	eval suffix=\${suffix_${IFVAR}:-1}
+	eval relay=\${relay_${IFVAR}}
+	eval prefix=\${prefix_${IFVAR}}
+
+	IFACE=${host}
+	addrs=$(_get_inet_addresses)
+	IFACE=${iface}
+	if [ -z "${addrs}" ]; then
+		eerror "${host} is not configured with an IPv4 address"
+		return 1
+	fi
+	# TODO: Get this settings from DHCP (Option 212)
+	if [ -z "${prefix}" ]; then
+		eerror "prefix_${IFVAR} not set"
+		return 1
+	fi
+	if [ -z "${relay}" ]; then
+		eerror "relay_${IFVAR} not set"
+		return 1
+	fi
+	for addr in ${addrs}; do
+		# Strip the subnet
+		local ip="${addr%/*}" subnet="${addr#*/}"
+		# We don't work on private IPv4 addresses
+		if _ip6rd_inet_is_private_network "${ip}"
+		then
+			continue
+		fi
+
+		local ip6= ip6_prefix="${prefix%::/*}" ip6_subnet="${prefix#*/}"
+		ip6_subnet=$((ip6_subnet + (32-ipv4mask)))
+		eval ip6="$(printf "${ip6_prefix}:%s::%s" \
+		$(_ip6rd_prefix_shave_bits  ${ip} ${ipv4mask}) ${suffix})"
+		veinfo "Derived IPv6 address: ${ip6}"
+
+		# Now apply our IPv6 address to our config
+		config_ip6rd="${config_ip6rd}${config_ip6rd:+ }${ip6}/${ip6_subnet}"
+
+		if [ -n "${localip}" ]; then
+			localip="any"
+		else
+			localip="${ip}"
+		fi
+	done
+
+	if [ -z "${config_ip6rd}" ]; then
+		eerror "No global IPv4 addresses found on interface ${host}"
+		return 1
+	fi
+
+	ebegin "Creating 6rd tunnel ${IFACE}"
+	if [ "${IFACE}" != "sit0" ]; then
+		_tunnel add "${IFACE}" mode sit ttl 255 remote any local "${localip}"
+	fi
+	_tunnel 6rd dev "${IFACE}" 6rd-prefix "${prefix}"
+	eend $? || return 1
+	_up
+
+	routes_ip6rd="2003::/3 via ::${relay} metric 2147483647"
+	service_set_value "config_ip6rd_$IFVAR" "$config_ip6rd"
+	service_set_value "routes_ip6rd_$IFVAR" "$routes_ip6rd"
+}
+
+ip6rd_start()
+{
+	local config_ip6rd=$(service_get_value "config_ip6rd_$IFVAR")
+	local routes_ip6rd=$(service_get_value "routes_ip6rd_$IFVAR")
+
+	# Now apply our config
+	eval config_${config_index}=\'"${config_ip6rd}"\'
+	: $(( config_index -= 1 ))
+
+	# Add a route for us, ensuring we don't delete anything else
+	local routes="$(_get_array "routes_${IFVAR}")
+$routes_ip6rd"
+	eval routes_${IFVAR}=\$routes
+}
+
+_ip6rd_inet_atoi()
+{
+	local IFS="${IFS}." ipi=0 j=3
+	for i in $1 ; do
+	       ipi=$(( ipi | i << 8*j-- ))
+	done
+	echo ${ipi}
+}
+
+_ip6rd_inet_itoa()
+{
+	local ipi=$1
+	for i in 0 1 2 3; do
+		if [ $i != 3 ] ; then
+			printf "%d." $(( (ipi & ~((1<<24)-1)) >> 24 ))
+			ipi=$(( (ipi & ((1<<24)-1)) << 8))
+		else
+			printf "%d\n" $(( (ipi & ~((1<<24)-1)) >> 24 ))
+		fi
+	done
+}
+
+_ip6rd_inet_get_network()
+{
+	echo $(_ip6rd_inet_itoa $(( ($(_ip6rd_inet_atoi $1) & ((1<<$2)-1) << (32-$2) ) )) )
+}
+
+_ip6rd_inet_is_private_network()
+{
+	if [ "$(_ip6rd_inet_get_network $1 16)" = "192.168.0.0" ]\
+	  || [ "$(_ip6rd_inet_get_network $1 8)" = "10.0.0.0" ]\
+	  || [ "$(_ip6rd_inet_get_network $1 12)" = "172.16.0.0" ]\
+	  || [ "$(_ip6rd_inet_get_network $1 16)" = "169.254.0.0" ]
+	then
+		return 0;
+	fi
+	return 1;
+}
+
+_ip6rd_prefix_shave_bits()
+{
+	local ipi=
+	ipi=$((  ($(_ip6rd_inet_atoi $1) & (1<<(32-$2))-1) << $2))
+	if [ $2 -le 16 ]
+	then
+		printf "%04x:%0$(( (16-$2>>2)+(($2%4)?1:0) ))x" \
+		$((ipi >> 16)) $((ipi & (1<<(16-$2))-1))
+	elif [ $2 -lt 32 ]
+	then
+		printf "%0$(( (32-$2>>2)+(($2%4)?1:0) ))x" \
+		$((ipi >> 16))
+	fi
+}

net/ip6to4.sh

@@ -6,10 +6,18 @@ _config_vars="$_config_vars link suffix relay"
 ip6to4_depend()
 {
 	after interface
+	program ip
 }
 
-ip6to4_start()
+ip6to4_pre_start()
 {
+	# ALL interfaces run pre_start blocks, not just those with something
+	# assigned, so we must check if we need to run on this interface before we
+	# do so.
+	local config
+	eval config=\$config_${IFVAR}
+	[ "$config" = "ip6to4" ] || return 0
+
 	case " ${MODULES} " in
 		*" ifconfig "*)
 			if [ "${IFACE}" != "sit0" ]; then
@@ -19,7 +27,7 @@ ip6to4_start()
 			fi
 	esac
 
-	local host= suffix= relay= addr= iface=${IFACE} new= localip=
+	local host= suffix= relay= addr= iface=${IFACE} config_ip6to4= localip=
 	eval host=\$link_${IFVAR}
 	if [ -z "${host}" ]; then
 		eerror "link_${IFVAR} not set"
@@ -67,7 +75,7 @@ ip6to4_start()
 		veinfo "Derived IPv6 address: ${ip6}"
 
 		# Now apply our IPv6 address to our config
-		new="${new}${new:+ }${ip6}/16"
+		config_ip6to4="${config_ip6to4}${config_ip6to4:+ }${ip6}/48"
 
 		if [ -n "${localip}" ]; then
 			localip="any"
@@ -76,7 +84,7 @@ ip6to4_start()
 		fi
 	done
 
-	if [ -z "${new}" ]; then
+	if [ -z "${config_ip6to4}" ]; then
 		eerror "No global IPv4 addresses found on interface ${host}"
 		return 1
 	fi
@@ -87,13 +95,22 @@ ip6to4_start()
 		eend $? || return 1
 		_up
 	fi
+	routes_ip6to4="2003::/3 via ::${relay} metric 2147483647"
+	service_set_value "config_ip6to4_$IFVAR" "$config_ip6to4"
+	service_set_value "routes_ip6to4_$IFVAR" "$routes_ip6to4"
+}
+
+ip6to4_start()
+{
+	local config_ip6to4=$(service_get_value "config_ip6to4_$IFVAR")
+	local routes_ip6to4=$(service_get_value "routes_ip6to4_$IFVAR")
 
 	# Now apply our config
-	eval config_${config_index}=\'"${new}"\'
+	eval config_${config_index}=\'"${config_ip6to4}"\'
 	: $(( config_index -= 1 ))
 
 	# Add a route for us, ensuring we don't delete anything else
 	local routes="$(_get_array "routes_${IFVAR}")
-2003::/3 via ::${relay} metric 2147483647"
+$routes_ip6to4"
 	eval routes_${IFVAR}=\$routes
 }

net/iproute2.sh

@@ -1,18 +1,9 @@
 # Copyright (c) 2007-2008 Roy Marples <roy@marples.name>
 # Released under the 2-clause BSD license.
 
-_ip()
-{
-	if [ -x /bin/ip ]; then
-		echo /bin/ip
-	else
-		echo /sbin/ip
-	fi
-}
-
 iproute2_depend()
 {
-	program $(_ip)
+	program ip
 	provide interface
 	after ifconfig
 }
@@ -29,7 +20,7 @@ _down()
 
 _exists()
 {
-	grep -Eq "^[[:space:]]*${IFACE}:" /proc/net/dev
+	[ -e /sys/class/net/"$IFACE" ]
 }
 
 _ifindex()
@@ -110,31 +101,54 @@ _add_address()
 		ip addr add "$@" dev "${IFACE}" 2>/dev/null
 		return 0
 	fi
-
+	local x
 	local address netmask broadcast peer anycast label scope
 	local valid_lft preferred_lft home nodad
+	local confflaglist
 	address="$1" ; shift
 	while [ -n "$*" ]; do
-		case "$1" in
-			netmask)
-				netmask="/$(_netmask2cidr "$2")" ; shift ; shift ;;
-			broadcast|brd)
-				broadcast="broadcast $2" ; shift ; shift ;;
-			pointopoint|pointtopoint|peer)
-				peer="peer $2" ; shift ; shift ;;
-			anycast|label|scope|valid_lft|preferred_lft)
-				eval "$1=$2" ; shift ; shift ;;
-			home|nodad)
-				eval "$1=$1" ; shift ;;
+		x=$1 ; shift
+		case "$x" in
+			netmask|ne*)
+				netmask="/$(_netmask2cidr "$1")" ; shift ;;
+			broadcast|brd|br*)
+				broadcast="$1" ; shift ;;
+			pointopoint|pointtopoint|peer|po*|pe*)
+				peer="$1" ; shift ;;
+			anycast|label|scope|valid_lft|preferred_lft|a*|l*|s*|v*|pr*)
+				case $x in
+					a*) x=anycast ;;
+					l*) x=label ;;
+					s*) x=scope ;;
+					v*) x=valid_lft ;;
+					pr*) x=preferred_lft ;;
+				esac
+				eval "$x=$1" ; shift ;;
+			home|nodad|h*|no*)
+				case $x in h*) x=home ;; n*) x=nodad ;; esac
+				# FIXME: If we need to reorder these, this will take more code
+				confflaglist="${confflaglist} $x" ; ;;
+			*)
+				ewarn "Unknown argument to config_$IFACE: $x"
 		esac
 	done
 
 	# Always scope lo addresses as host unless specified otherwise
 	if [ "${IFACE}" = "lo" ]; then
-		[ -z "$scope" ] && scope="scope host"
+		[ -z "$scope" ] && scope="host"
 	fi
 
-	set -- "${address}${netmask}" $peer $broadcast $anycast $label $scope dev "${IFACE}" $valid_lft $preferred_lft $home $nodad
+	# figure out the broadcast address if it is not specified
+	# This must NOT be set for IPv6 addresses
+	if [ "${address#*:}" = "${address}" ]; then
+		[ -z "$broadcast" ] && broadcast="+"
+	elif [ -n "$broadcast" ]; then
+		eerror "Broadcast keywords are not valid with IPv6 addresses"
+		return 1
+	fi
+
+	# This must appear on a single line, continuations cannot be used
+	set -- "${address}${netmask}" ${peer:+peer} ${peer} ${broadcast:+broadcast} ${broadcast} ${anycast:+anycast} ${anycast} ${label:+label} ${label} ${scope:+scope} ${scope} dev "${IFACE}" ${valid_lft:+valid_lft} $valid_lft ${preferred_lft:+preferred_lft} $preferred_lft $confflaglist
 	veinfo ip addr add "$@"
 	ip addr add "$@"
 }
@@ -146,6 +160,12 @@ _add_route()
 	if [ "$1" = "-A" -o "$1" = "-f" -o "$1" = "-family" ]; then
 		family="-f $2"
 		shift; shift
+	elif [ "$1" = "-4" ]; then
+	    family="-f inet"
+		shift
+	elif [ "$1" = "-6" ]; then
+	    family="-f inet6"
+		shift
 	fi
 
 	if [ $# -eq 3 ]; then
@@ -208,7 +228,13 @@ _trim() {
 # This is our interface to Routing Policy Database RPDB
 # This allows for advanced routing tricks
 _ip_rule_runner() {
-	local cmd rules OIFS="${IFS}"
+	local cmd rules OIFS="${IFS}" family
+	if [ "$1" = "-4" -o "$1" = "-6" ]; then
+		family="$1"
+		shift
+	else
+		family="-4"
+	fi
 	cmd="$1"
 	rules="$2"
 	veindent
@@ -218,7 +244,7 @@ _ip_rule_runner() {
 		ruN="$(_trim "${ru}")"
 		[ -z "${ruN}" ] && continue
 		vebegin "${cmd} ${ruN}"
-		ip rule ${cmd} ${ru}
+		ip $family rule ${cmd} ${ru}
 		veend $?
 		local IFS="$__IFS"
 	done
@@ -274,15 +300,30 @@ iproute2_post_start()
 	if [ -e /proc/net/route ]; then
 		local rules="$(_get_array "rules_${IFVAR}")"
 		if [ -n "${rules}" ]; then
-			if ! ip rule list | grep -q "^"; then
+			if ! ip -4 rule list | grep -q "^"; then
 				eerror "IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES) needed for ip rule"
 			else
 				service_set_value "ip_rule" "${rules}"
-				einfo "Adding RPDB rules"
-				_ip_rule_runner add "${rules}"
+				einfo "Adding IPv4 RPDB rules"
+				_ip_rule_runner -4 add "${rules}"
 			fi
 		fi
-		ip route flush table cache dev "${IFACE}"
+		ip -4 route flush table cache dev "${IFACE}"
+	fi
+
+	# Kernel may not have IPv6 built in
+	if [ -e /proc/net/ipv6_route ]; then
+		local rules="$(_get_array "rules6_${IFVAR}")"
+		if [ -n "${rules}" ]; then
+			if ! ip -6 rule list | grep -q "^"; then
+				eerror "IPv6 Policy Routing (CONFIG_IPV6_MULTIPLE_TABLES) needed for ip rule"
+			else
+				service_set_value "ip6_rule" "${rules}"
+				einfo "Adding IPv6 RPDB rules"
+				_ip_rule_runner -6 add "${rules}"
+			fi
+		fi
+		ip -6 route flush table cache dev "${IFACE}"
 	fi
 
 	if _iproute2_ipv6_tentative; then
@@ -305,13 +346,27 @@ iproute2_post_stop()
 	if [ -e /proc/net/route ]; then
 		local rules="$(service_get_value "ip_rule")"
 		if [ -n "${rules}" ]; then
-			einfo "Removing RPDB rules"
-			_ip_rule_runner del "${rules}"
+			einfo "Removing IPv4 RPDB rules"
+			_ip_rule_runner -4 del "${rules}"
 		fi
 
 		# Only do something if the interface actually exist
 		if _exists; then
-			ip route flush table cache dev "${IFACE}"
+			ip -4 route flush table cache dev "${IFACE}"
+		fi
+	fi
+
+	# Kernel may not have IPv6 built in
+	if [ -e /proc/net/ipv6_route ]; then
+		local rules="$(service_get_value "ip6_rule")"
+		if [ -n "${rules}" ]; then
+			einfo "Removing IPv6 RPDB rules"
+			_ip_rule_runner -6 del "${rules}"
+		fi
+
+		# Only do something if the interface actually exist
+		if _exists; then
+			ip -6 route flush table cache dev "${IFACE}"
 		fi
 	fi
 
@@ -324,3 +379,26 @@ iproute2_post_stop()
 		fi
 	fi
 }
+
+# Is the interface administratively/operationally up?
+# The 'UP' status in ifconfig/iproute2 is the administrative status
+# Operational state is available in iproute2 output as 'state UP', or the
+# operstate sysfs variable.
+# 0: up
+# 1: down
+# 2: invalid arguments
+is_admin_up()
+{
+	local iface="$1"
+	[ -z "$iface" ] && iface="$IFACE"
+	ip link show dev $iface | \
+	sed -n '1,1{ /[<,]UP[,>]/{ q 0 }}; q 1; '
+}
+
+is_oper_up()
+{
+	local iface="$1"
+	[ -z "$iface" ] && iface="$IFACE"
+	read state </sys/class/net/"${iface}"/operstate
+	[ "x$state" = "up" ]
+}

net/macchanger.sh

@@ -4,6 +4,7 @@
 macchanger_depend()
 {
 	before macnet
+	# no program 'macchanger', as we have partial functionality without it
 }
 
 _config_vars="$_config_vars mac"

net/macvlan.sh

@@ -3,18 +3,9 @@
 # Copyright (c) 2007-2008 Roy Marples <roy@marples.name>
 # All rights reserved. Released under the 2-clause BSD license.
 
-_ip()
-{
-	if [ -x /bin/ip ]; then
-		echo /bin/ip
-	else
-		echo /sbin/ip
-	fi
-}
-
 macvlan_depend()
 {
-	program $(_ip)
+	program ip
 	after interface
 	before dhcp macchanger
 }
@@ -24,17 +15,6 @@ _is_macvlan()
 	[ -n "$(export RC_SVCNAME="net.${IFACE}"; service_get_value macvlan)" ]
 }
 
-_check_macvlan()
-{
-	if [ ! -d /sys/module/macvlan ]; then
-		modprobe macvlan
-		if [ ! -d /sys/module/macvlan ]; then
-			eerror "MAC-VLAN support is not present in this kernel"
-			return 1
-		fi
-	fi
-}
-
 macvlan_pre_start()
 {
 	# MAC-VLAN needs an existing interface to link to
@@ -42,7 +22,11 @@ macvlan_pre_start()
 	eval macvlan=\$macvlan_${IFVAR}
 	[ -z "${macvlan}" ] && return 0
 
-	_check_macvlan || return 1
+	case " ${MODULES} " in
+		*" ifconfig "*)
+				eerror "sys-apps/iproute2 is required to configure MACVLANs"
+				return 1 ;;
+	esac
 
 	# optional mode, default to "private"
 	local mode=
@@ -54,7 +38,7 @@ macvlan_pre_start()
 	if [ -n "${e}" ]; then
 		eend 1 "${e}"
 	else
-		eend 0 && service_set_value macvlan "${macvlan}"
+		eend 0 && _up && service_set_value macvlan "${macvlan}"
 	fi
 }
 

net/tuntap.sh

@@ -4,9 +4,10 @@
 tuntap_depend()
 {
 	before bridge interface macchanger
+	program ip openvpn tunctl
 }
 
-_config_vars="$_config_vars tunctl"
+_config_vars="$_config_vars iproute2 openvpn tunctl"
 
 _is_tuntap()
 {
@@ -16,6 +17,7 @@ _is_tuntap()
 tuntap_pre_start()
 {
 	local tuntap=
+	local rc=
 	eval tuntap=\$tuntap_${IFVAR}
 
 	[ -z "${tuntap}" ] && return 0
@@ -44,30 +46,42 @@ tuntap_pre_start()
 	# Set the base metric to 1000
 	metric=1000
 
-	local o_opts= t_opts= do_openvpn=false do_tunctl=false
+	local i_opts= o_opts= t_opts=
+	local do_iproute2=false do_openvpn=false do_tunctl=false
+	eval i_opts=\$iproute2_${IFVAR}
 	eval o_opts=\$openvpn_${IFVAR}
 	eval t_opts=\$tunctl_${IFVAR}
 
-	if [ -n "${o_opts}" ] && type openvpn >/dev/null 2>&1; then
+	if [ -n "${i_opts}" ] && type ip >/dev/null 2>&1; then
+		do_iproute2=true
+	elif [ -n "${o_opts}" ] && type openvpn >/dev/null 2>&1; then
 		do_openvpn=true
 	elif [ -n "${t_opts}" ] && type tunctl >/dev/null 2>&1; then
 		do_tunctl=true
+	elif type ip >/dev/null 2>&1; then
+		do_iproute2=true
 	elif type openvpn >/dev/null 2>&1; then
 		do_openvpn=true
 	elif type tunctl >/dev/null 2>&1; then
 		do_tunctl=true
 	fi
 
-	if ${do_openvpn}; then
+	if ${do_iproute2}; then
+		ip tuntap add dev "${IFACE}" mode "${tuntap}" ${i_opts}
+		rc=$?
+	elif ${do_openvpn}; then
 		openvpn --mktun --dev-type "${tuntap}" --dev "${IFACE}" \
 			${o_opts} >/dev/null
+		rc=$?
 	elif ${do_tunctl}; then
 		tunctl ${t_opts} -t "${IFACE}" >/dev/null
+		rc=$?
 	else
-		eerror "Neither openvpn nor tunctl has been found, please install"
-		eerror "either \"openvpn\" or \"usermode-utilities\"."
+		eerror "Neither iproute2, openvpn nor tunctl has been found, please install"
+		eerror "either \"iproute2\" \"openvpn\" or \"usermode-utilities\"."
+		rc=1
 	fi
-	eend $? && _up && service_set_value tuntap "${tuntap}"
+	eend $rc && _up && service_set_value tuntap "${tuntap}"
 }
 
 tuntap_post_stop()
@@ -75,7 +89,9 @@ tuntap_post_stop()
 	_is_tuntap || return 0
 
 	ebegin "Destroying Tun/Tap interface ${IFACE}"
-	if type tunctl >/dev/null 2>&1; then
+	if type ip > /dev/null 2>&1; then
+		ip tuntap del dev ${IFACE} mode $(service_get_value tuntap)
+	elif type tunctl >/dev/null 2>&1; then
 		tunctl -d "${IFACE}" >/dev/null
 	else
 		openvpn --rmtun \

net/vlan.sh

@@ -1,18 +1,9 @@
 # Copyright (c) 2007-2008 Roy Marples <roy@marples.name>
 # Released under the 2-clause BSD license.
 
-_ip()
-{
-	if [ -x /bin/ip ]; then
-		echo /bin/ip
-	else
-		echo /sbin/ip
-	fi
-}
-
 vlan_depend()
 {
-	program $(_ip)
+	program ip
 	after interface
 	before dhcp
 }
@@ -51,6 +42,14 @@ vlan_pre_start()
 		eerror "You must convert your vconfig_ VLAN entries to vlan${N} entries."
 		return 1
 	fi
+	local vlans=
+	eval vlans=\$vlans_${IFVAR}
+	[ -z "$vlans" ] && return 0
+	case " ${MODULES} " in
+		*" ifconfig "*)
+				eerror "sys-apps/iproute2 is required to configure VLANs"
+				return 1 ;;
+	esac
 }
 
 vlan_post_start()
@@ -85,7 +84,7 @@ vlan_post_start()
 		eval broadcast=\$broadcast_vlan${vlan}
 		local mtu=
 		eval mtu=\$mtu_vlan${vlan}
-		local opts="${txqueuelen:+txqueuelen} ${txqueuelen} ${mac:+address} ${mac} ${broadcast:+broadcast} ${broadcast} ${mtu+:mtu} ${mtu}"
+		local opts="${txqueuelen:+txqueuelen} ${txqueuelen} ${mac:+address} ${mac} ${broadcast:+broadcast} ${broadcast} ${mtu:+mtu} ${mtu}"
 
 		e="$(ip link add link "${IFACE}" name "${vname}" ${opts} type vlan id "${vlan}" ${vflags} ${vingress} ${vegress} 2>&1 1>/dev/null)"
 		if [ -n "${e}" ]; then
@@ -115,7 +114,7 @@ vlan_pre_stop()
 {
 	local vlan=
 
-	_exists || return 1
+	_exists || return 0
 
 	for vlan in $(_get_vlans); do
 		einfo "Removing VLAN ${vlan##*.} from ${IFACE}"

runlevels/Makefile

@@ -1,5 +1,5 @@
 BOOT=		bootmisc fsck hostname localmount \
-		root swap sysctl urandom ${BOOT-${OS}}
+		root swap swapfiles sysctl urandom ${BOOT-${OS}}
 DEFAULT=	local netmount
 SHUTDOWN=	savecache ${SHUTDOWN-${OS}}
 SYSINIT=	${SYSINIT-${OS}}
@@ -41,34 +41,24 @@ install:
 	if ! test -d "${SYSINITDIR}"; then \
 		${INSTALL} -d ${SYSINITDIR} || exit $$?; \
 		for x in ${SYSINIT}; do \
-			if test -n "${PREFIX}"; then \
-				grep -q "keyword .*noprefix" ${INITDIR}/"$$x" && continue; \
-			fi; \
-			ln -snf ${PREFIX}/etc/init.d/"$$x" ${SYSINITDIR}/"$$x" || exit $$?; done \
+			ln -snf ${PREFIX}/etc/init.d/"$$x" ${SYSINITDIR}/"$$x" || exit $$?; \
+		done \
 	fi
 	if ! test -d "${BOOTDIR}"; then \
 		${INSTALL} -d ${BOOTDIR} || exit $$?; \
 		for x in ${BOOT}; do \
-			if test -n "${PREFIX}"; then \
-				grep -q "keyword .*noprefix" ${INITDIR}/"$$x" && continue; \
-			fi; \
 			ln -snf ${PREFIX}/etc/init.d/"$$x" ${BOOTDIR}/"$$x" || exit $$?; \
 		done \
 	fi
 	if ! test -d "${DEFAULTDIR}"; then \
 		${INSTALL} -d ${DEFAULTDIR} || exit $$?; \
 		for x in ${DEFAULT}; do \
-			if test -n "${PREFIX}"; then \
-				grep -q "keyword .*noprefix" ${INITDIR}/"$$x" && continue; \
-			fi; \
-			ln -snf ${PREFIX}/etc/init.d/"$$x" ${DEFAULTDIR}/"$$x" || exit $$?; done \
+			ln -snf ${PREFIX}/etc/init.d/"$$x" ${DEFAULTDIR}/"$$x" || exit $$?; \
+		done \
 	fi
 	if ! test -d "${SHUTDOWNDIR}"; then \
 		${INSTALL} -d ${SHUTDOWNDIR} || exit $$?; \
 		for x in ${SHUTDOWN}; do \
-			if test -n "${PREFIX}"; then \
-				grep -q "keyword .*noprefix" ${INITDIR}/"$$x" && continue; \
-			fi; \
 			ln -snf ${PREFIX}/etc/init.d/"$$x" ${SHUTDOWNDIR}/"$$x" || exit $$?; done \
 	fi
 

sh/.gitignore

@@ -3,6 +3,7 @@ gendepends.sh
 init-common-post.sh
 rc-functions.sh
 runscript.sh
+cgroup-release-agent.sh
 init.sh
 init-early.sh
 ifwatchd-carrier.sh

sh/init-early.sh.Linux.in

@@ -5,6 +5,19 @@
 : ${CONSOLE:=/dev/console}
 : ${RC_LIBEXECDIR:=@LIBEXECDIR@}
 
+service_present()
+{
+	local p="/etc/runlevels/$1/$2"
+	# fail if the file doesn't exist
+	[ ! -e "$p" ] && return 1
+	# succeed if $RC_SYS empty, can't check further, assume script will run
+	[ -z "$RC_SYS" ] && return 0
+	# fail if file contains "-$RC_SYS", because then it won't run
+	egrep -qi "^[[:space:]]*keyword[[:space:]].*-$RC_SYS\>" "$p" && return 1
+	# succeed otherwise
+	return 0
+}
+
 if [ -e "$RC_LIBEXECDIR"/console/unicode ]; then
 	termencoding="%G"
 	kmode="-u"
@@ -14,8 +27,8 @@ else
 fi
 
 # Try and set a font and as early as we can
-if [ -e /etc/runlevels/"$RC_DEFAULTLEVEL"/consolefont \
-	 -o -e /etc/runlevels/"$RC_BOOTLEVEL"/consolefont ]; then
+if service_present "$RC_DEFAULTLEVEL" consolefont ||
+   service_present "$RC_BOOTLEVEL" consolefont; then
 	printf "\033%s" "$termencoding" >"$CONSOLE" 2>/dev/null
 	if [ -r "$RC_LIBEXECDIR"/console/font -a -x /usr/bin/setfont ]; then
 		font="$(cat "$RC_LIBEXECDIR"/console/font)"
@@ -25,8 +38,8 @@ if [ -e /etc/runlevels/"$RC_DEFAULTLEVEL"/consolefont \
 fi
 
 # Try and set a keyboard map as early as possible
-if [ -e /etc/runlevels/"$RC_DEFAULTLEVEL"/keymaps \
-	 -o -e /etc/runlevels/"$RC_BOOTLEVEL"/keymaps ]; then
+if service_present "$RC_DEFAULTLEVEL" keymaps ||
+   service_present "$RC_BOOTLEVEL" keymaps; then
 	kbd_mode $kmode -C "$CONSOLE" 2>/dev/null
 	if [ -r "$RC_LIBEXECDIR"/console/keymap ]; then
 		loadkeys -q "$RC_LIBEXECDIR"/console/keymap 2>/dev/null

sh/runscript.sh.in

@@ -4,6 +4,22 @@
 # Copyright (c) 2007-2009 Roy Marples <roy@marples.name>
 # Released under the 2-clause BSD license.
 
+verify_boot()
+{
+	if [ ! -e ${RC_SVCDIR}/softlevel ]; then
+		eerror "You are attempting to run an openrc service on a"
+		eerror "system which openrc did not boot."
+		eerror "You may be inside a chroot or you may have used"
+		eerror "another initialization system to boot this system."
+		eerror "In this situation, you will get unpredictable results!"
+		eerror
+		eerror "If you really want to do this, issue the following command:"
+		eerror "touch ${RC_SVCDIR}/softlevel"
+		exit 1
+	fi
+	return 0
+}
+
 sourcex()
 {
 	if [ "$1" = "-e" ]; then
@@ -16,23 +32,6 @@ sourcex()
 	fi
 }
 
-loadconfig()
-{
-	# If we're net.eth0 or openvpn.work then load net or openvpn config
-	_c=${RC_SVCNAME%%.*}
-	if [ -n "$_c" -a "$_c" != "$RC_SVCNAME" ]; then
-		if ! sourcex -e "$1/$_c.$RC_RUNLEVEL"; then
-			sourcex -e "$1/$_c"
-		fi
-	fi
-	unset _c
-
-	# Overlay with our specific config
-	if ! sourcex -e "$1/$RC_SVCNAME.$RC_RUNLEVEL"; then
-		sourcex -e "$1/$RC_SVCNAME"
-	fi
-}
-
 sourcex "@SYSCONFDIR@/init.d/functions.sh"
 sourcex "@LIBEXECDIR@/sh/rc-functions.sh"
 
@@ -41,18 +40,6 @@ if sourcex -e "/sbin/livecd-functions.sh"; then
 	livecd_read_commandline
 fi
 
-if [ ! -e ${RC_SVCDIR}/softlevel ]; then
-	eerror "You are attempting to run an openrc service on a"
-	eerror "system which openrc did not boot."
-	eerror "You may be inside a chroot or you may have used"
-	eerror "another initialization system to boot this system."
-	eerror "In this situation, you will get unpredictable results!"
-	eerror
-	eerror "If you really want to do this, issue the following command:"
-	eerror "touch ${RC_SVCDIR}/softlevel"
-	exit 1
-fi
-
 if [ -z "$1" -o -z "$2" ]; then
 	eerror "$RC_SVCNAME: not enough arguments"
 	exit 1
@@ -141,26 +128,17 @@ start()
 	local _background=
 	ebegin "Starting ${name:-$RC_SVCNAME}"
 	if yesno "${command_background}"; then
-		_background="--background --pidfile"
+		if [ -z "${pidfile}" ]; then
+			eend 1 "command_background option used but no pidfile specified"
+			return 1
+		fi
+		_background="--background --make-pidfile"
 	fi
 	if yesno "$start_inactive"; then
 		local _inactive=false
 		service_inactive && _inactive=true
 		mark_service_inactive
 	fi
-	if [ "$RC_UNAME" = Linux ]; then
-		local cgroup=/sys/fs/cgroup/openrc
-		local svc_cgroup=${cgroup}/${RC_SVCNAME}
-		if mountinfo -q ${cgroup}; then
-			mkdir ${svc_cgroup}
-			for f in cpuset.cpus cpuset.mems; do
-					if [ -f ${cgroup}/${f} ]; then
-							cp ${cgroup}/${f} ${svc_cgroup}
-						fi
-					done
-			echo $$ > ${svc_cgroup}/tasks
-		fi
-	fi
 	eval start-stop-daemon --start \
 		--exec $command \
 		${procname:+--name} $procname \
@@ -181,6 +159,7 @@ stop()
 	[ -n "$command" -o -n "$procname" -o -n "$pidfile" ] || return 0
 	ebegin "Stopping ${name:-$RC_SVCNAME}"
 	start-stop-daemon --stop \
+		${retry:+--retry} $retry \
 		${command:+--exec} $command \
 		${procname:+--name} $procname \
 		${pidfile:+--pidfile} $pidfile \
@@ -195,13 +174,33 @@ status()
 
 yesno $RC_DEBUG && set -x
 
-if ! loadconfig "${RC_SERVICE%/*}/../conf.d"; then
-		loadconfig "@SYSCONFDIR@/conf.d"
+_conf_d=${RC_SERVICE%/*}/../conf.d
+# If we're net.eth0 or openvpn.work then load net or openvpn config
+_c=${RC_SVCNAME%%.*}
+if [ -n "$_c" -a "$_c" != "$RC_SVCNAME" ]; then
+	if ! sourcex -e "$_conf_d/$_c.$RC_RUNLEVEL"; then
+		sourcex -e "$_conf_d/$_c"
+	fi
 fi
+unset _c
+
+# Overlay with our specific config
+if ! sourcex -e "$_conf_d/$RC_SVCNAME.$RC_RUNLEVEL"; then
+	sourcex -e "$_conf_d/$RC_SVCNAME"
+fi
+unset _conf_d
 
 # Load any system overrides
 sourcex -e "@SYSCONFDIR@/rc.conf"
 
+if [ "$RC_UNAME" = "Linux" -a "$1" = "start" ]; then
+	if [ -d /sys/fs/cgroup/openrc ]; then
+		mkdir -p /sys/fs/cgroup/openrc/${RC_SVCNAME}
+		echo $$ > /sys/fs/cgroup/openrc/${RC_SVCNAME}/tasks
+	fi
+	#todo: add processes to cgroups based on settings in conf.d
+fi
+
 # Apply any ulimit defined
 [ -n "${rc_ulimit:-$RC_ULIMIT}" ] && ulimit ${rc_ulimit:-$RC_ULIMIT}
 
@@ -261,7 +260,7 @@ while [ -n "$1" ]; do
 				# we can run this command
 				for _cmd in $extra_started_commands; do
 					if [ "$_cmd" = "$1" ]; then
-						if ! service_started; then
+						if verify_boot && ! service_started; then
 							eerror "$RC_SVCNAME: cannot \`$1' as it has not been started"
 							exit 1
 						fi
@@ -271,13 +270,16 @@ while [ -n "$1" ]; do
 				# we can run this command
 				for _cmd in $extra_stopped_commands; do
 					if [ "$_cmd" = "$1" ]; then
-						if ! service_stopped; then
+						if verify_boot && ! service_stopped; then
 							eerror "$RC_SVCNAME: cannot \`$1' as it has not been stopped"
 							exit 1
 						fi
 					fi
 				done
 				unset _cmd
+				case $1 in
+						start|stop|status) verify_boot;;
+				esac
 				if [ "$(command -v "$1_pre")" = "$1_pre" ]
 				then
 					"$1"_pre || exit $?

src/includes/rc-misc.h

@@ -36,6 +36,7 @@
 #include <stdbool.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #define RC_LEVEL_BOOT           "boot"
 #define RC_LEVEL_DEFAULT        "default"
@@ -166,6 +167,12 @@ int svc_lock(const char *);
 int svc_unlock(const char *, int);
 pid_t exec_service(const char *, const char *);
 
+/*
+ * Check whether path is writable or not,
+ * this also works properly with read-only filesystems
+ */
+int is_writable(const char *);
+
 #define service_start(service) exec_service(service, "start");
 #define service_stop(service)  exec_service(service, "stop");
 

src/librc/librc-misc.c

@@ -29,6 +29,7 @@
  */
 
 #include "librc.h"
+#include "einfo.h"
 
 bool
 rc_yesno(const char *value)
@@ -127,6 +128,55 @@ rc_getline(char **line, size_t *len, FILE *fp)
 }
 librc_hidden_def(rc_getline)
 
+char *
+rc_proc_getent(const char *ent)
+{
+#ifdef __linux__
+	FILE *fp;
+	char *proc, *p, *value = NULL;
+	size_t i, len;
+
+	if (!exists("/proc/cmdline"))
+		return NULL;
+
+	if (!(fp = fopen("/proc/cmdline", "r"))) {
+		eerror("failed to open `/proc/cmdline': %s", strerror(errno));
+		return NULL;
+	}
+
+	proc = NULL;
+	i = 0;
+	if (rc_getline(&proc, &i, fp) == -1 || proc == NULL)
+		eerror("rc_getline: %s", strerror(errno));
+
+	if (proc != NULL) {
+		len = strlen(ent);
+
+		while ((p = strsep(&proc, " "))) {
+			if (strncmp(ent, p, len) == 0 && (p[len] == '\0' || p[len] == ' ' || p[len] == '=')) {
+				p += len;
+
+				if (*p == '=')
+					p++;
+
+				value = xstrdup(p);
+			}
+		}
+	}
+
+	if (!value)
+		errno = ENOENT;
+
+	fclose(fp);
+	free(proc);
+
+	return value;
+#else
+	return NULL;
+#endif
+}
+librc_hidden_def(rc_proc_getent)
+
 RC_STRINGLIST *
 rc_config_list(const char *file)
 {
@@ -166,6 +216,64 @@ rc_config_list(const char *file)
 }
 librc_hidden_def(rc_config_list)
 
+/*
+ * Override some specific rc.conf options on the kernel command line
+ */
+#ifdef __linux__
+static RC_STRINGLIST *rc_config_override(RC_STRINGLIST *config)
+{
+	RC_STRINGLIST *overrides;
+	RC_STRING *cline, *override, *config_np;
+	char *tmp = NULL;
+	char *value = NULL;
+	size_t varlen = 0;
+	size_t len = 0;
+
+	overrides = rc_stringlist_new();
+
+	/* A list of variables which may be overridden on the kernel command line */
+	rc_stringlist_add(overrides, "rc_parallel");
+
+	TAILQ_FOREACH(override, overrides, entries) {
+		varlen = strlen(override->value);
+		value = rc_proc_getent(override->value);
+
+		/* No need to continue if there's nothing to override */
+		if (!value) {
+			free(value);
+			continue;
+		}
+
+		if (value != NULL) {
+			len = varlen + strlen(value) + 2;
+			tmp = xmalloc(sizeof(char) * len);
+			snprintf(tmp, len, "%s=%s", override->value, value);
+		}
+
+		/*
+		 * Whenever necessary remove the old config entry first to prevent
+		 * duplicates
+		 */
+		TAILQ_FOREACH_SAFE(cline, config, entries, config_np) {
+			if (strncmp(override->value, cline->value, varlen) == 0
+				&& cline->value[varlen] == '=') {
+				rc_stringlist_delete(config, cline->value);
+				break;
+			}
+		}
+
+		/* Add the option (var/value) to the current config */
+		rc_stringlist_add(config, tmp);
+
+		free(tmp);
+		free(value);
+	}
+
+	rc_stringlist_free(overrides);
+	return config;
+}
+#endif
+
 RC_STRINGLIST *
 rc_config_load(const char *file)
 {
@@ -239,6 +347,13 @@ rc_config_load(const char *file)
 	}
 	rc_stringlist_free(list);
 
+#ifdef __linux__
+	/* Only override rc.conf settings */
+	if (strcmp(file, RC_CONF) == 0) {
+		config = rc_config_override(config);
+	}
+#endif
+
 	return config;
 }
 librc_hidden_def(rc_config_load)
@@ -279,10 +394,13 @@ rc_conf_value(const char *setting)
 		atexit(_free_rc_conf);
 #endif
 
-		/* Support old configs */
+		/* Support old configs, but complain about it. */
 		if (exists(RC_CONF_OLD)) {
 			old = rc_config_load(RC_CONF_OLD);
 			TAILQ_CONCAT(rc_conf, old, entries);
+			ewarn("Your system still has %s", RC_CONF_OLD);
+			ewarn("Please migrate to the appropriate settings in %s", RC_CONF);
+			ewarn("and delete %s.", RC_CONF_OLD);
 #ifdef DEBUG_MEMORY
 			free(old);
 #endif

src/librc/librc.c

@@ -216,7 +216,6 @@ rc_sys_v2(void)
 		}
 		/* Now do detection */
 		__STRING_SWITCH(systype)
-		__STRING_CASE(RC_SYS_PREFIX)	{ return RC_SYS_PREFIX; }
 #ifdef __FreeBSD__
 		__STRING_CASE(RC_SYS_JAIL) { return RC_SYS_JAIL; }
 #endif /* __FreeBSD__ */
@@ -246,10 +245,6 @@ librc_hidden_def(rc_sys_v2)
 const char *
 rc_sys_v1(void)
 {
-#ifdef PREFIX
-	return RC_SYS_PREFIX;
-#else
-
 #ifdef __FreeBSD__
 	int jailed = 0;
 	size_t len = sizeof(jailed);
@@ -286,7 +281,6 @@ rc_sys_v1(void)
 #endif
 
 	return NULL;
-#endif /* PREFIX */
 }
 librc_hidden_def(rc_sys_v1)
 
@@ -492,7 +486,7 @@ rc_service_exists(const char *service)
 {
 	char *file;
 	bool retval = false;
-	int len;
+	size_t len;
 	struct stat buf;
 
 	if (!service) {

src/librc/librc.h

@@ -87,6 +87,7 @@ librc_hidden_proto(rc_find_pids)
 librc_hidden_proto(rc_getfile)
 librc_hidden_proto(rc_getline)
 librc_hidden_proto(rc_newer_than)
+librc_hidden_proto(rc_proc_getent)
 librc_hidden_proto(rc_older_than)
 librc_hidden_proto(rc_runlevel_exists)
 librc_hidden_proto(rc_runlevel_get)

src/librc/rc.h.in

@@ -276,7 +276,6 @@ bool rc_service_daemons_crashed(const char *);
 #define RC_SYS_JAIL    "JAIL"
 #define RC_SYS_OPENVZ  "OPENVZ"
 #define RC_SYS_LXC     "LXC"
-#define RC_SYS_PREFIX  "PREFIX"
 #define RC_SYS_UML     "UML"
 #define RC_SYS_VSERVER "VSERVER"
 #define RC_SYS_XEN0    "XEN0"
@@ -361,6 +360,11 @@ bool rc_newer_than(const char *, const char *, time_t *, char *);
  * @return true if source is older than target, otherwise false */
 bool rc_older_than(const char *, const char *, time_t *, char *);
 
+/*! Read variables/values from /proc/cmdline
+ * @param value
+ * @return pointer to the value, otherwise NULL */
+char *rc_proc_getent(const char *);
+
 /*! Update the cached dependency tree if it's older than any init script,
  * its configuration file or an external configuration file the init script
  * has specified.

src/librc/rc.map

@@ -18,6 +18,7 @@ global:
 	rc_getline;
 	rc_newer_than;
 	rc_older_than;
+	rc_proc_getent;
 	rc_runlevel_exists;
 	rc_runlevel_get;
 	rc_runlevel_list;

src/rc/checkpath.c

@@ -46,44 +46,87 @@
 #include "einfo.h"
 #include "rc-misc.h"
 
+typedef enum {
+	inode_unknown = 0,
+	inode_file = 1,
+	inode_dir = 2,
+	inode_fifo = 3,
+} inode_t;
+
 extern const char *applet;
 
+/* TODO: SELinux
+ * This needs a LOT of SELinux loving
+ * See systemd's src/label.c:label_mkdir
+ */
 static int
-do_check(char *path, uid_t uid, gid_t gid, mode_t mode, int file)
+do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc)
 {
 	struct stat st;
-	int fd;
+	int fd, flags;
+	int r;
+	int u;
 
-	if (stat(path, &st)) {
-		if (file) {
+	if (stat(path, &st) || trunc) {
+		if (type == inode_file) {
 			einfo("%s: creating file", path);
-			if (!mode)
-				mode = S_IRUSR | S_IWUSR | S_IRGRP |
-				    S_IWGRP | S_IROTH;
-			if ((fd = open(path, O_CREAT, mode)) == -1) {
+			if (!mode) /* 664 */
+				mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
+			flags = O_CREAT|O_NDELAY|O_WRONLY|O_NOCTTY;
+#ifdef O_CLOEXEC
+			flags |= O_CLOEXEC;
+#endif
+#ifdef O_NOFOLLOW
+			flags |= O_NOFOLLOW;
+#endif
+			if (trunc)
+				flags |= O_TRUNC;
+			u = umask(0);
+			fd = open(path, flags, mode);
+			umask(u);
+			if (fd == -1) {
 				eerror("%s: open: %s", applet, strerror(errno));
 				return -1;
 			}
 			close (fd);
-		} else {
+		} else if (type == inode_dir) {
 			einfo("%s: creating directory", path);
-			if (!mode)
+			if (!mode) /* 775 */
 				mode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
-			if (mkdir(path, mode)) {
+			u = umask(0);
+			/* We do not recursively create parents */
+			r = mkdir(path, mode);
+			umask(u);
+			if (r == -1 && errno != EEXIST) {
 				eerror("%s: mkdir: %s", applet,
 				    strerror (errno));
 				return -1;
 			}
 			mode = 0;
+		} else if (type == inode_fifo) {
+			einfo("%s: creating fifo", path);
+			if (!mode) /* 600 */
+				mode = S_IRUSR | S_IWUSR;
+			u = umask(0);
+			r = mkfifo(path, mode);
+			umask(u);
+			if (r == -1 && errno != EEXIST) {
+				eerror("%s: mkfifo: %s", applet,
+				    strerror (errno));
+				return -1;
+			}
 		}
 	} else {
-		if ((file && S_ISDIR(st.st_mode)) ||
-		    (!file && !S_ISDIR(st.st_mode)))
-		{
-			if (file)
-				eerror("%s: is a directory", path);
-			else
-				eerror("%s: is a file", path);
+		if (type != inode_dir && S_ISDIR(st.st_mode)) {
+			eerror("%s: is a directory", path);
+			return 1;
+		}
+		if (type != inode_file && S_ISREG(st.st_mode)) {
+			eerror("%s: is a file", path);
+			return 1;
+		}
+		if (type != inode_fifo && S_ISFIFO(st.st_mode)) {
+			eerror("%s: is a fifo", path);
 			return -1;
 		}
 	}
@@ -142,20 +185,28 @@ parse_owner(struct passwd **user, struct group **group, const char *owner)
 }
 
 #include "_usage.h"
-#define extraopts "path1 path2 ..."
-#define getoptstring "dfm:o:" getoptstring_COMMON
+#define extraopts "path1 [path2] [...]"
+#define getoptstring "dDfFpm:o:W:" getoptstring_COMMON
 static const struct option longopts[] = {
-	{ "directory",      0, NULL, 'd'},
-	{ "file",           0, NULL, 'f'},
-	{ "mode",           1, NULL, 'm'},
-	{ "owner",          1, NULL, 'o'},
+	{ "directory",          0, NULL, 'd'},
+	{ "directory-truncate", 0, NULL, 'D'},
+	{ "file",               0, NULL, 'f'},
+	{ "file-truncate",      0, NULL, 'F'},
+	{ "pipe",               0, NULL, 'p'},
+	{ "mode",               1, NULL, 'm'},
+	{ "owner",              1, NULL, 'o'},
+	{ "writable",           1, NULL, 'W'},
 	longopts_COMMON
 };
 static const char * const longopts_help[] = {
-	"Check if a directory",
-	"Check if a file",
+	"Create a directory if not exists",
+	"Create/empty directory",
+	"Create a file if not exists",
+	"Truncate file",
+	"Create a named pipe (FIFO) if not exists",
 	"Mode to check",
 	"Owner to check (user:group)",
+	"Check whether the path is writable or not",
 	longopts_help_COMMON
 };
 #include "_usage.c"
@@ -169,18 +220,26 @@ checkpath(int argc, char **argv)
 	mode_t mode = 0;
 	struct passwd *pw = NULL;
 	struct group *gr = NULL;
-	bool file = 0;
+	inode_t type = inode_unknown;
 	int retval = EXIT_SUCCESS;
+	bool trunc = 0;
 
 	while ((opt = getopt_long(argc, argv, getoptstring,
 		    longopts, (int *) 0)) != -1)
 	{
 		switch (opt) {
+		case 'D':
+			trunc = 1;
 		case 'd':
-			file = 0;
+			type = inode_dir;
 			break;
+		case 'F':
+			trunc = 1;
 		case 'f':
-			file = 1;
+			type = inode_file;
+			break;
+		case 'p':
+			type = inode_fifo;
 			break;
 		case 'm':
 			if (parse_mode(&mode, optarg) != 0)
@@ -192,6 +251,11 @@ checkpath(int argc, char **argv)
 				eerrorx("%s: owner `%s' not found",
 				    applet, optarg);
 			break;
+		case 'W':
+			if (argv[optind] != NULL)
+				ewarn("-W/--writable takes only one path, everything else will be ignored");
+			exit(!is_writable(optarg));
+			break;
 
 		case_RC_COMMON_GETOPT
 		}
@@ -208,7 +272,7 @@ checkpath(int argc, char **argv)
 		gid = gr->gr_gid;
 
 	while (optind < argc) {
-		if (do_check(argv[optind], uid, gid, mode, file))
+		if (do_check(argv[optind], uid, gid, mode, type, trunc))
 			retval = EXIT_FAILURE;
 		optind++;
 	}

src/rc/fstabinfo.c

@@ -93,9 +93,9 @@ getmntfile(const char *file)
 extern const char *applet;
 
 static int
-do_mount(struct ENT *ent)
+do_mount(struct ENT *ent, bool remount)
 {
-	char *argv[8];
+	char *argv[10];
 	pid_t pid;
 	int status;
 
@@ -104,9 +104,24 @@ do_mount(struct ENT *ent)
 	argv[2] = ENT_OPTS(*ent);
 	argv[3] = UNCONST("-t");
 	argv[4] = ENT_TYPE(*ent);
-	argv[5] = ENT_BLOCKDEVICE(*ent);
-	argv[6] = ENT_FILE(*ent);
-	argv[7] = NULL;
+	if (!remount) {
+		argv[5] = ENT_BLOCKDEVICE(*ent);
+		argv[6] = ENT_FILE(*ent);
+		argv[7] = NULL;
+	} else {
+#ifdef __linux__
+		argv[5] = UNCONST("-o");
+		argv[6] = UNCONST("remount");
+		argv[7] = ENT_BLOCKDEVICE(*ent);
+		argv[8] = ENT_FILE(*ent);
+		argv[9] = NULL;
+#else
+		argv[5] = UNCONST("-u");
+		argv[6] = ENT_BLOCKDEVICE(*ent);
+		argv[7] = ENT_FILE(*ent);
+		argv[8] = NULL;
+#endif
+	}
 	switch (pid = vfork()) {
 	case -1:
 		eerrorx("%s: vfork: %s", applet, strerror(errno));
@@ -127,9 +142,10 @@ do_mount(struct ENT *ent)
 }
 
 #include "_usage.h"
-#define getoptstring "Mbmop:t:" getoptstring_COMMON
+#define getoptstring "MRbmop:t:" getoptstring_COMMON
 static const struct option longopts[] = {
 	{ "mount",          0, NULL, 'M' },
+	{ "remount",        0, NULL, 'R' },
 	{ "blockdevice",    0, NULL, 'b' },
 	{ "mountargs",      0, NULL, 'm' },
 	{ "options",        0, NULL, 'o' },
@@ -139,6 +155,7 @@ static const struct option longopts[] = {
 };
 static const char * const longopts_help[] = {
 	"Mounts the filesytem from the mountpoint",
+	"Remounts the filesystem based on the information in fstab",
 	"Extract the block device",
 	"Show arguments needed to mount the entry",
 	"Extract the options field",
@@ -154,6 +171,7 @@ static const char * const longopts_help[] = {
 #define OUTPUT_PASSNO    (1 << 4)
 #define OUTPUT_BLOCKDEV  (1 << 5)
 #define OUTPUT_MOUNT     (1 << 6)
+#define OUTPUT_REMOUNT   (1 << 7)
 
 int
 fstabinfo(int argc, char **argv)
@@ -182,6 +200,9 @@ fstabinfo(int argc, char **argv)
 		case 'M':
 			output = OUTPUT_MOUNT;
 			break;
+		case 'R':
+			output = OUTPUT_REMOUNT;
+			break;
 		case 'b':
 			output = OUTPUT_BLOCKDEV;
 			break;
@@ -287,7 +308,11 @@ fstabinfo(int argc, char **argv)
 			break;
 
 		case OUTPUT_MOUNT:
-			result += do_mount(ent);
+			result += do_mount(ent, false);
+			break;
+
+		case OUTPUT_REMOUNT:
+			result += do_mount(ent, true);
 			break;
 
 		case OUTPUT_MOUNTARGS:

src/rc/rc-logger.c

@@ -276,14 +276,21 @@ rc_logger_open(const char *level)
 			fclose(log);
 			fclose(plog);
 		} else {
-			log_error = 1;
-			eerror("Error: fopen(%s) failed: %s", logfile, strerror(errno));
+			/*
+			 * logfile or its basedir may be read-only during sysinit and
+			 * shutdown so skip the error in this case
+			 */
+			if (errno != EROFS && ((strcmp(level, RC_LEVEL_SHUTDOWN) != 0) && (strcmp(level, RC_LEVEL_SYSINIT) != 0))) {
+				log_error = 1;
+				eerror("Error: fopen(%s) failed: %s", logfile, strerror(errno));
+			}
 		}
 
 		/* Try to keep the temporary log in case of errors */
 		if (!log_error) {
-			if (unlink(TMPLOG) == -1)
-				eerror("Error: unlink(%s) failed: %s", TMPLOG, strerror(errno));
+			if (errno != EROFS && ((strcmp(level, RC_LEVEL_SHUTDOWN) != 0) && (strcmp(level, RC_LEVEL_SYSINIT) != 0)))
+				if (unlink(TMPLOG) == -1)
+					eerror("Error: unlink(%s) failed: %s", TMPLOG, strerror(errno));
 		} else if (exists(TMPLOG))
 			eerrorx("Warning: temporary logfile left behind: %s", TMPLOG);
 

src/rc/rc-misc.c

@@ -331,3 +331,12 @@ parse_mode(mode_t *mode, char *text)
 	errno = EINVAL;
 	return -1;
 }
+
+int
+is_writable(const char *path)
+{
+	if (access(path, W_OK) == 0)
+		return 1;
+
+	return 0;
+}

src/rc/rc.c

@@ -167,43 +167,6 @@ cleanup(void)
 #endif
 }
 
-#ifdef __linux__
-static char *
-proc_getent(const char *ent)
-{
-	FILE *fp;
-	char *proc, *p, *value = NULL;
-	size_t i;
-
-	if (!exists("/proc/cmdline"))
-		return NULL;
-
-	if (!(fp = fopen("/proc/cmdline", "r"))) {
-		eerror("failed to open `/proc/cmdline': %s", strerror(errno));
-		return NULL;
-	}
-
-	proc = NULL;
-	i = 0;
-	if (rc_getline(&proc, &i, fp) == -1 || proc == NULL)
-		eerror("rc_getline: %s", strerror(errno));
-	if (*proc && (p = strstr(proc, ent))) {
-		i = p - proc;
-		if (i == '\0' || proc[i - 1] == ' ') {
-			p += strlen(ent);
-			if (*p == '=')
-				p++;
-			value = xstrdup(strsep(&p, " "));
-		}
-	} else
-		errno = ENOENT;
-	fclose(fp);
-	free(proc);
-
-	return value;
-}
-#endif
-
 static char
 read_key(bool block)
 {
@@ -343,15 +306,6 @@ open_shell(void)
 	run_program(shell);
 }
 
-_dead static void
-single_user(void)
-{
-	rc_logger_close();
-	execl(SHUTDOWN, SHUTDOWN, "now", (char *) NULL);
-	eerrorx("%s: unable to exec `" SHUTDOWN "': %s",
-	    applet, strerror(errno));
-}
-
 static bool
 set_krunlevel(const char *level)
 {
@@ -379,11 +333,11 @@ set_krunlevel(const char *level)
 	return true;
 }
 
-static int
+static size_t
 get_krunlevel(char *buffer, int buffer_len)
 {
 	FILE *fp;
-	int i = 0;
+	size_t i = 0;
 
 	if (!exists(RC_KRUNLEVEL))
 		return 0;
@@ -704,6 +658,7 @@ do_start_services(bool parallel)
 			interactive = want_interactive();
 
 		if (interactive) {
+			parallel = false;
 	interactive_retry:
 			printf("\n");
 			einfo("About to start the service %s",
@@ -871,16 +826,9 @@ main(int argc, char **argv)
 			eerrorx("%s: %s", applet, strerror(errno));
 			/* NOTREACHED */
 		case 'S':
-			if (rc_conf_value("rc_sys")) {
-				bootlevel = rc_sys_v2();
-				if (bootlevel)
-					printf("%s\n", bootlevel);
-			} else {
-				ewarn("WARNING: rc_sys not defined in rc.conf. Falling back to automatic detection");
-				bootlevel = rc_sys_v1();
-				if (bootlevel)
-					printf("%s\n", bootlevel);
-			}
+			bootlevel = rc_sys();
+			if (bootlevel)
+				printf("%s\n", bootlevel);
 			exit(EXIT_SUCCESS);
 			/* NOTREACHED */
 		case_RC_COMMON_GETOPT
@@ -960,9 +908,9 @@ main(int argc, char **argv)
 #ifdef __linux__
 			if (strcmp(newlevel, RC_LEVEL_SYSINIT) == 0) {
 				/* If we requested a runlevel, save it now */
-				p = proc_getent("rc_runlevel");
+				p = rc_proc_getent("rc_runlevel");
 				if (p == NULL)
-					p = proc_getent("softlevel");
+					p = rc_proc_getent("softlevel");
 				if (p != NULL) {
 					set_krunlevel(p);
 					free(p);
@@ -1114,7 +1062,7 @@ main(int argc, char **argv)
 
 #ifdef __linux__
 	/* mark any services skipped as started */
-	proc = p = proc_getent("noinit");
+	proc = p = rc_proc_getent("noinit");
 	if (proc) {
 		while ((token = strsep(&p, ",")))
 			rc_service_mark(token, RC_SERVICE_STARTED);
@@ -1135,7 +1083,7 @@ main(int argc, char **argv)
 
 #ifdef __linux__
 	/* mark any services skipped as stopped */
-	proc = p = proc_getent("noinit");
+	proc = p = rc_proc_getent("noinit");
 	if (proc) {
 		while ((token = strsep(&p, ",")))
 			rc_service_mark(token, RC_SERVICE_STOPPED);

src/rc/runscript.c

@@ -75,7 +75,7 @@
 #define WARN_TIMEOUT	10		/* warn about this every N seconds */
 
 static const char *applet;
-static char *service, *runlevel, *ibsave, *prefix;;
+static char *service, *runlevel, *ibsave, *prefix;
 static RC_DEPTREE *deptree;
 static RC_STRINGLIST *applet_list, *services, *tmplist;
 static RC_STRINGLIST *restart_services, *need_services, *use_services;
@@ -288,6 +288,13 @@ cleanup(void)
 #endif
 }
 
+/* Buffer and lock all output messages so that we get readable content */
+/* FIXME: Use a dynamic lock file that contains the tty/pts as well.
+ * For example openrc-pts8.lock or openrc-tty1.lock.
+ * Using a static lock file makes no sense, esp. in multi-user environments.
+ * Why don't we use (f)printf, as it is thread-safe through POSIX already?
+ * Bug: 360013
+ */
 static int
 write_prefix(const char *buffer, size_t bytes, bool *prefixed)
 {
@@ -297,14 +304,20 @@ write_prefix(const char *buffer, size_t bytes, bool *prefixed)
 	ssize_t ret = 0;
 	int fd = fileno(stdout), lock_fd = -1;
 
-	/* Spin until we lock the prefix */
-	for (;;) {
-		lock_fd = open(PREFIX_LOCK, O_WRONLY | O_CREAT, 0664);
-		if (lock_fd != -1)
-			if (flock(lock_fd, LOCK_EX) == 0)
-				break;
-		close(lock_fd);
+	/*
+	 * Lock the prefix.
+	 * open() may fail here when running as user, as RC_SVCDIR may not be writable.
+	 */
+	lock_fd = open(PREFIX_LOCK, O_WRONLY | O_CREAT, 0664);
+
+	if (lock_fd != -1) {
+		if (flock(lock_fd, LOCK_EX) != 0)
+			eerror("flock() failed: %s", strerror(errno));
 	}
+#ifdef RC_DEBUG
+	else
+		ewarn("Couldn't open the prefix lock, please make sure you have enough permissions");
+#endif
 
 	for (i = 0; i < bytes; i++) {
 		/* We don't prefix eend calls (cursor up) */
@@ -332,6 +345,7 @@ write_prefix(const char *buffer, size_t bytes, bool *prefixed)
 
 	/* Release the lock */
 	close(lock_fd);
+
 	return ret;
 }
 
@@ -821,7 +835,7 @@ svc_start(void)
 		svc_start_real();
 }
 
-static void
+static int
 svc_stop_check(RC_SERVICE *state)
 {
 	*state = rc_service_state(service);
@@ -848,7 +862,7 @@ svc_stop_check(RC_SERVICE *state)
 
 	if (*state & RC_SERVICE_STOPPED) {
 		ewarn("WARNING: %s is already stopped", applet);
-		exit(EXIT_SUCCESS);
+		return 1;
 	}
 
 	rc_service_mark(service, RC_SERVICE_STOPPING);
@@ -861,6 +875,8 @@ svc_stop_check(RC_SERVICE *state)
 		else if (rc_service_in_runlevel(service, RC_LEVEL_BOOT))
 			ewarn("WARNING: you are stopping a boot service");
 	}
+
+	return 0;
 }
 
 static void
@@ -986,7 +1002,7 @@ svc_stop_real(void)
 	rc_plugin_run(RC_HOOK_SERVICE_STOP_OUT, applet);
 }
 
-static void
+static int
 svc_stop(void)
 {
 	RC_SERVICE state;
@@ -995,13 +1011,16 @@ svc_stop(void)
 	if (dry_run)
 		einfon("stop:");
 	else
-		svc_stop_check(&state);
+		if (svc_stop_check(&state) == 1)
+			return 1; /* Service has been stopped already */
 	if (deps)
 		svc_stop_deps(state);
 	if (dry_run)
 		printf(" %s\n", applet);
 	else
 		svc_stop_real();
+
+	return 0;
 }
 
 static void
@@ -1074,12 +1093,13 @@ service_plugable(void)
 }
 
 #include "_usage.h"
-#define getoptstring "dDsvl:Z" getoptstring_COMMON
+#define getoptstring "dDsSvl:Z" getoptstring_COMMON
 #define extraopts "stop | start | restart | describe | zap"
 static const struct option longopts[] = {
 	{ "debug",      0, NULL, 'd'},
 	{ "dry-run",    0, NULL, 'Z'},
 	{ "ifstarted",  0, NULL, 's'},
+	{ "ifstopped",  0, NULL, 'S'},
 	{ "nodeps",     0, NULL, 'D'},
 	{ "lockfd",     1, NULL, 'l'},
 	longopts_COMMON
@@ -1088,6 +1108,7 @@ static const char *const longopts_help[] = {
 	"set xtrace when running the script",
 	"show what would be done",
 	"only run commands when started",
+	"only run commands when stopped",
 	"ignore dependencies",
 	"fd of the exclusive lock from rc",
 	longopts_help_COMMON
@@ -1100,9 +1121,11 @@ runscript(int argc, char **argv)
 	bool doneone = false;
 	int retval, opt, depoptions = RC_DEP_TRACE;
 	RC_STRING *svc;
-	char *save = NULL;
+	char path[PATH_MAX], lnk[PATH_MAX];
+	char *dir, *save = NULL, *saveLnk = NULL;
 	char pidstr[10];
 	size_t l = 0, ll;
+ 	const char *file;
 	struct stat stbuf;
 
 	/* Show help if insufficient args */
@@ -1119,7 +1142,40 @@ runscript(int argc, char **argv)
 
 	atexit(cleanup);
 
-	service = xstrdup(argv[1]);
+	/* We need to work out the real full path to our service.
+	 * This works fine, provided that we ONLY allow multiplexed services
+	 * to exist in the same directory as the master link.
+	 * Also, the master link as to be a real file in the init dir. */
+	if (!realpath(argv[1], path)) {
+		fprintf(stderr, "realpath: %s\n", strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+	memset(lnk, 0, sizeof(lnk));
+	if (readlink(argv[1], lnk, sizeof(lnk)-1)) {
+		dir = dirname(path);
+		if (strchr(lnk, '/')) {
+			save = xstrdup(dir);
+			saveLnk = xstrdup(lnk);
+			dir = dirname(saveLnk);
+			if (strcmp(dir, save) == 0)
+				file = basename_c(argv[1]);
+			else
+				file = basename_c(lnk);
+			dir = save;
+		} else
+			file = basename_c(argv[1]);
+		ll = strlen(dir) + strlen(file) + 2;
+		service = xmalloc(ll);
+		snprintf(service, ll, "%s/%s", dir, file);
+		if (stat(service, &stbuf) != 0) {
+			free(service);
+			service = xstrdup(lnk);
+		}
+		free(save);
+		free(saveLnk);
+	}
+	if (!service)
+		service = xstrdup(path);
 	applet = basename_c(service);
 
 	if (argc < 3)
@@ -1195,6 +1251,10 @@ runscript(int argc, char **argv)
 			if (!(rc_service_state(service) & RC_SERVICE_STARTED))
 				exit(EXIT_FAILURE);
 			break;
+		case 'S':
+			if (!(rc_service_state(service) & RC_SERVICE_STOPPED))
+				exit(EXIT_FAILURE);
+			break;
 		case 'D':
 			deps = false;
 			break;
@@ -1316,7 +1376,8 @@ runscript(int argc, char **argv)
 				}
 				if (deps && in_background)
 					get_started_services();
-				svc_stop();
+				if (svc_stop() == 1)
+					continue; /* Service has been stopped already */
 				if (deps) {
 					if (!in_background &&
 					    !rc_runlevel_stopping() &&

src/rc/start-stop-daemon.c

@@ -1178,20 +1178,18 @@ start_stop_daemon(int argc, char **argv)
 		}
 
 #ifdef HAVE_PAM
-		if (changeuser != NULL)
+		if (changeuser != NULL) {
 			pamr = pam_start("start-stop-daemon",
 			    changeuser, &conv, &pamh);
-		else
-			pamr = pam_start("start-stop-daemon",
-			    "nobody", &conv, &pamh);
 
-		if (pamr == PAM_SUCCESS)
-			pamr = pam_acct_mgmt(pamh, PAM_SILENT);
-		if (pamr == PAM_SUCCESS)
-			pamr = pam_open_session(pamh, PAM_SILENT);
-		if (pamr != PAM_SUCCESS)
-			eerrorx("%s: pam error: %s",
-			    applet, pam_strerror(pamh, pamr));
+			if (pamr == PAM_SUCCESS)
+				pamr = pam_acct_mgmt(pamh, PAM_SILENT);
+			if (pamr == PAM_SUCCESS)
+				pamr = pam_open_session(pamh, PAM_SILENT);
+			if (pamr != PAM_SUCCESS)
+				eerrorx("%s: pam error: %s",
+					applet, pam_strerror(pamh, pamr));
+		}
 #endif
 
 		if (gid && setgid(gid))
@@ -1219,15 +1217,17 @@ start_stop_daemon(int argc, char **argv)
 			rc_stringlist_add(env_list, environ[i++]);
 
 #ifdef HAVE_PAM
-		pamenv = (const char *const *)pam_getenvlist(pamh);
-		if (pamenv) {
-			while (*pamenv) {
-				/* Don't add strings unless they set a var */
-				if (strchr(*pamenv, '='))
-					putenv(xstrdup(*pamenv));
-				else
-					unsetenv(*pamenv);
-				pamenv++;
+		if (changeuser != NULL) {
+			pamenv = (const char *const *)pam_getenvlist(pamh);
+			if (pamenv) {
+				while (*pamenv) {
+					/* Don't add strings unless they set a var */
+					if (strchr(*pamenv, '='))
+						putenv(xstrdup(*pamenv));
+					else
+						unsetenv(*pamenv);
+					pamenv++;
+				}
 			}
 		}
 #endif
@@ -1304,7 +1304,7 @@ start_stop_daemon(int argc, char **argv)
 		setsid();
 		execvp(exec, argv);
 #ifdef HAVE_PAM
-		if (pamr == PAM_SUCCESS)
+		if (changeuser != NULL && pamr == PAM_SUCCESS)
 			pam_close_session(pamh, PAM_SILENT);
 #endif
 		eerrorx("%s: failed to exec `%s': %s",

src/test/rc.funcs.list

@@ -32,6 +32,8 @@ rc_newer_than
 rc_newer_than@@RC_1.0
 rc_older_than
 rc_older_than@@RC_1.0
+rc_proc_getent
+rc_proc_getent@@RC_1.0
 rc_runlevel_exists
 rc_runlevel_exists@@RC_1.0
 rc_runlevel_get

sysctl.d/Makefile

@@ -0,0 +1,6 @@
+DIR=	${SYSCTLDIR}
+CONF=	README
+
+MK=		../mk
+include ${MK}/os.mk
+include ${MK}/scripts.mk

sysctl.d/README

@@ -0,0 +1,13 @@
+Kernel system variables configuration files
+
+Files found under the /etc/sysctl.d directory that end with .conf are
+parsed within sysctl(8) at boot time.  If you want to set kernel variables
+you can either edit /etc/sysctl.conf or make a new file.
+
+The filename isn't important, but don't make it a package name as it may clash
+with something the package builder needs later. The file name must end
+with .conf, or it will not be read.
+
+The recommended location for local system settings is /etc/sysctl.d/local.conf
+but as long as you follow the rules for the name of the file, anything will
+work. see the sysctl.conf(5) man page for details of the format.