File syslog-ng-3.2.2-systemd-integration.bnc656104.diff of Package syslog-ng

commit 3128ea4f2f0c2af9ff8ff2bd674c59657f42eb65
Author: Gergely Nagy <algernon@balabit.hu>
Date:   Tue Feb 1 14:09:28 2011 +0100

    gsockaddr: Make ->sa_funcs per-instance.
    
    Instead of initializing GSockAddr->sa_funcs to a static value, that
    points to an internal structure, make it per-instance, so one can
    override parts of it later on, without breaking the rest of the
    instances that share the address family.
    
    Signed-off-by: Gergely Nagy <algernon@balabit.hu>

commit 72acf3efef71400d7aacf5137c9727a698dbde19
Author: Gergely Nagy <algernon@balabit.hu>
Date:   Tue Feb 1 11:15:07 2011 +0100

    systemd: Code cleanup.
    
    Cleaned up inherit_systemd_activation(): removing unused code, turning
    gotos into returns and merging a few ifs together.
    
    Signed-off-by: Gergely Nagy <algernon@balabit.hu>

commit 7f8154cd014bb78dfb1365dae8114b59e488a591
Author: Gergely Nagy <algernon@balabit.hu>
Date:   Tue Feb 1 11:07:43 2011 +0100

    systemd: Added sd-daemon.c & sd-daemon.h.

commit 65e27c1855dc9601f1c67b0359c60ec60da3d4bf
Author: Marius Tomaschewski <mt@suse.de>
Date:   Tue Jan 18 14:03:29 2011 +0100

    Enabled systemd socket activation in forking mode

commit febacf0bb5740e3f6454fd524f8d0e9e76c20e31
Author: Marius Tomaschewski <mt@suse.de>
Date:   Mon Jan 17 17:23:09 2011 +0100

    Cleaned up systemd socket activation

commit e22582bf1a2ac49bd1550980b7a6d55ede450c60
Author: Marius Tomaschewski <mt@suse.de>
Date:   Fri Dec 10 18:39:57 2010 +0100

    First version of systemd socket activation support
    
    First version of systemd socket activation support for unix-dgram
    sockets (not only /dev/log) in foreground mode. The sd-daemon.[ch]
    files are available at
      http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.[ch]
diff --git a/lib/gprocess.c b/lib/gprocess.c
index 363d030..d9a2dfb 100644
--- a/lib/gprocess.c
+++ b/lib/gprocess.c
@@ -140,6 +140,56 @@ static struct
   .gid = -1
 };
 
+/**
+ * Inherits systemd socket activation from parent process updating the pid
+ * in LISTEN_PID to the pid of the child process.
+ *
+ * @return same as sd_listen_fds
+ *   r == 0: no socket activation or this process is not responsible
+ *   r >  0: success, number of sockets
+ *   r <  0: an error occured
+ */
+static int
+inherit_systemd_activation(void)
+{
+  const char *e;
+  char buf[24] = { '\0' };
+  char *p = NULL;
+  unsigned long l;
+
+  /* fetch listen pid */
+  if (!(e = getenv("LISTEN_PID")))
+    return 0;
+
+  errno = 0;
+  l = strtoul(e, &p, 10);
+  if (errno != 0 || !p || *p || l == 0)
+    return (errno) ? -errno : -EINVAL;
+
+  /* was it for our parent? */
+  if (getppid() != (pid_t)l)
+    return 0;
+
+  /* verify listen fds */
+  if (!(e = getenv("LISTEN_FDS")))
+    return 0;
+
+  errno = 0;
+  l = strtoul(e, &p, 10);
+  if (errno != 0 || !p || *p)
+    return (errno) ? -errno : -EINVAL;
+
+  /* update the listen pid to ours */
+  snprintf(buf, sizeof(buf), "%d", getpid());
+  if (errno != 0 || !*buf)
+    return (errno) ? -errno : -EINVAL;
+
+  if (setenv("LISTEN_PID", buf, 1) == 0)
+    return (int)l;
+
+  return -1;
+}
+
 #if ENABLE_LINUX_CAPS
 
 /**
@@ -1125,6 +1175,10 @@ g_process_perform_supervise(void)
           process_kind = G_PK_DAEMON;
           close(init_result_pipe[0]);
           init_result_pipe[0] = -1;
+
+          /* update systemd socket activation pid */
+          inherit_systemd_activation();
+
           memcpy(process_opts.argv_start, process_opts.argv_orig, process_opts.argv_env_len);
           return;
         }
@@ -1180,6 +1234,9 @@ g_process_start(void)
       /* shut down init_result_pipe read side */
       close(init_result_pipe[0]);
       init_result_pipe[0] = -1;
+
+      /* update systemd socket activation pid */
+      inherit_systemd_activation();
     }
   else if (process_opts.mode == G_PM_SAFE_BACKGROUND)
     {
@@ -1213,6 +1270,9 @@ g_process_start(void)
       close(startup_result_pipe[0]);
       startup_result_pipe[0] = -1;
       
+      /* update systemd socket activation pid */
+      inherit_systemd_activation();
+
       process_kind = G_PK_SUPERVISOR;
       g_process_perform_supervise();
       /* we only return in the daamon process here */
diff --git a/lib/gsockaddr.c b/lib/gsockaddr.c
index dc1a093..ebee377 100644
--- a/lib/gsockaddr.c
+++ b/lib/gsockaddr.c
@@ -143,10 +143,13 @@ g_sockaddr_unref(GSockAddr *a)
       if (g_atomic_counter_dec_and_test(&a->refcnt))
         {
           if (!a->sa_funcs->freefn)
-            g_free(a);
-          else
-            a->sa_funcs->freefn(a);
-        }
+	    {
+	      g_free(a->sa_funcs);
+	      g_free(a);
+	    }
+	  else
+	    a->sa_funcs->freefn(a);
+	}
     }
 }
 
@@ -198,21 +201,18 @@ g_sockaddr_inet_format(GSockAddr *addr, gchar *text, gulong n, gint format)
 void
 g_sockaddr_inet_free(GSockAddr *addr)
 {
+  g_free(addr->sa_funcs);
   g_free(addr);
 }
 
-static GSockAddrFuncs inet_sockaddr_funcs = 
-{
-  g_sockaddr_inet_bind_prepare,
-  NULL,
-  g_sockaddr_inet_format,
-  g_sockaddr_inet_free
-};
-
 gboolean
 g_sockaddr_inet_check(GSockAddr *a)
 {
-  return a->sa_funcs == &inet_sockaddr_funcs;
+  return (a->sa_funcs &&
+	  a->sa_funcs->sa_bind_prepare == g_sockaddr_inet_bind_prepare &&
+	  a->sa_funcs->sa_bind == NULL &&
+	  a->sa_funcs->sa_format == g_sockaddr_inet_format &&
+	  a->sa_funcs->freefn == g_sockaddr_inet_free);
 }
 
 /*+
@@ -243,7 +243,10 @@ g_sockaddr_inet_new(gchar *ip, guint16 port)
       addr->sin.sin_family = AF_INET;
       addr->sin.sin_port = htons(port);
       addr->sin.sin_addr = ina;
-      addr->sa_funcs = &inet_sockaddr_funcs;
+      addr->sa_funcs = g_new0(GSockAddrFuncs, 1);
+      addr->sa_funcs->sa_bind_prepare = g_sockaddr_inet_bind_prepare;
+      addr->sa_funcs->sa_format = g_sockaddr_inet_format;
+      addr->sa_funcs->freefn = g_sockaddr_inet_free;
     }
   return (GSockAddr *) addr;
 }
@@ -269,7 +272,10 @@ g_sockaddr_inet_new2(struct sockaddr_in *sin)
   addr->flags = 0;
   addr->salen = sizeof(struct sockaddr_in);
   addr->sin = *sin;
-  addr->sa_funcs = &inet_sockaddr_funcs;
+  addr->sa_funcs = g_new0(GSockAddrFuncs, 1);
+  addr->sa_funcs->sa_bind_prepare = g_sockaddr_inet_bind_prepare;
+  addr->sa_funcs->sa_format = g_sockaddr_inet_format;
+  addr->sa_funcs->freefn = g_sockaddr_inet_free;
   
   return (GSockAddr *) addr;
 }
@@ -331,14 +337,6 @@ g_sockaddr_inet_range_bind(int sock, GSockAddr *a)
   return G_IO_STATUS_ERROR;
 }
 
-static GSockAddrFuncs inet_range_sockaddr_funcs = 
-{
-  NULL,
-  g_sockaddr_inet_range_bind,
-  g_sockaddr_inet_format,
-  g_sockaddr_inet_free,
-};
-
 GSockAddr *
 g_sockaddr_inet_range_new(gchar *ip, guint16 min_port, guint16 max_port)
 {
@@ -350,7 +348,13 @@ g_sockaddr_inet_range_new(gchar *ip, guint16 min_port, guint16 max_port)
   addr->sin.sin_family = AF_INET;
   inet_aton(ip, &addr->sin.sin_addr);
   addr->sin.sin_port = 0;
-  addr->sa_funcs = &inet_range_sockaddr_funcs;
+
+  addr->sa_funcs = g_new0(GSockAddrFuncs, 1);
+  addr->sa_funcs->sa_bind_prepare = NULL;
+  addr->sa_funcs->sa_bind = g_sockaddr_inet_range_bind;
+  addr->sa_funcs->sa_format = g_sockaddr_inet_format;
+  addr->sa_funcs->freefn = g_sockaddr_inet_free;
+
   if (max_port > min_port)
     {
       addr->last_port = (rand() % (max_port - min_port)) + min_port;
@@ -405,21 +409,18 @@ g_sockaddr_inet6_format(GSockAddr *addr, gchar *text, gulong n, gint format)
 static void
 g_sockaddr_inet6_free(GSockAddr *addr)
 {
+  g_free(addr->sa_funcs);
   g_free(addr);
 }
 
-static GSockAddrFuncs inet6_sockaddr_funcs = 
-{
-  g_sockaddr_inet_bind_prepare,
-  NULL,
-  g_sockaddr_inet6_format,
-  g_sockaddr_inet6_free
-};
-
 gboolean
 g_sockaddr_inet6_check(GSockAddr *a)
 {
-  return a->sa_funcs == &inet6_sockaddr_funcs;
+  return (a->sa_funcs &&
+	  a->sa_funcs->sa_bind_prepare == g_sockaddr_inet_bind_prepare &&
+	  a->sa_funcs->sa_bind == NULL &&
+	  a->sa_funcs->sa_format == g_sockaddr_inet6_format &&
+	  a->sa_funcs->freefn == g_sockaddr_inet6_free);
 }
 
 
@@ -446,7 +447,10 @@ g_sockaddr_inet6_new(gchar *ip, guint16 port)
   addr->sin6.sin6_family = AF_INET6;
   inet_pton(AF_INET6, ip, &addr->sin6.sin6_addr);
   addr->sin6.sin6_port = htons(port);
-  addr->sa_funcs = &inet6_sockaddr_funcs;
+  addr->sa_funcs = g_new0(GSockAddrFuncs, 1);
+  addr->sa_funcs->sa_bind_prepare = g_sockaddr_inet_bind_prepare;
+  addr->sa_funcs->sa_format = g_sockaddr_inet6_format;
+  addr->sa_funcs->freefn = g_sockaddr_inet6_free;
   
   return (GSockAddr *) addr;
 }
@@ -473,7 +477,10 @@ g_sockaddr_inet6_new2(struct sockaddr_in6 *sin6)
   addr->flags = 0;
   addr->salen = sizeof(struct sockaddr_in6);
   addr->sin6 = *sin6;
-  addr->sa_funcs = &inet6_sockaddr_funcs;
+  addr->sa_funcs = g_new0(GSockAddrFuncs, 1);
+  addr->sa_funcs->sa_bind_prepare = g_sockaddr_inet_bind_prepare;
+  addr->sa_funcs->sa_format = g_sockaddr_inet6_format;
+  addr->sa_funcs->freefn = g_sockaddr_inet6_free;
   
   return (GSockAddr *) addr;
 }
@@ -501,13 +508,6 @@ static GIOStatus g_sockaddr_unix_bind_prepare(int sock, GSockAddr *addr);
 static GIOStatus g_sockaddr_unix_bind(int sock, GSockAddr *addr);
 static gchar *g_sockaddr_unix_format(GSockAddr *addr, gchar *text, gulong n, gint format);
 
-static GSockAddrFuncs unix_sockaddr_funcs = 
-{
-  g_sockaddr_unix_bind_prepare,
-  g_sockaddr_unix_bind,
-  g_sockaddr_unix_format
-};
-
 /* anonymous if name == NULL */
 
 /*+
@@ -528,7 +528,10 @@ g_sockaddr_unix_new(const gchar *name)
   
   g_atomic_counter_set(&addr->refcnt, 1);
   addr->flags = 0;
-  addr->sa_funcs = &unix_sockaddr_funcs;
+  addr->sa_funcs = g_new0(GSockAddrFuncs, 1);
+  addr->sa_funcs->sa_bind_prepare = g_sockaddr_unix_bind_prepare;
+  addr->sa_funcs->sa_bind = g_sockaddr_unix_bind;
+  addr->sa_funcs->sa_format = g_sockaddr_unix_format;
   addr->saun.sun_family = AF_UNIX;
   if (name)
     {
@@ -564,7 +567,10 @@ g_sockaddr_unix_new2(struct sockaddr_un *saun, int sunlen)
   
   g_atomic_counter_set(&addr->refcnt, 1);
   addr->flags = 0;
-  addr->sa_funcs = &unix_sockaddr_funcs;
+  addr->sa_funcs = g_new0(GSockAddrFuncs, 1);
+  addr->sa_funcs->sa_bind_prepare = g_sockaddr_unix_bind_prepare;
+  addr->sa_funcs->sa_bind = g_sockaddr_unix_bind;
+  addr->sa_funcs->sa_format = g_sockaddr_unix_format;
   addr->salen = sunlen;
   addr->saun = *saun;
   return (GSockAddr *) addr;
diff --git a/modules/afsocket/Makefile.am b/modules/afsocket/Makefile.am
index 40d9dd8..fdd2ee6 100644
--- a/modules/afsocket/Makefile.am
+++ b/modules/afsocket/Makefile.am
@@ -7,7 +7,8 @@ noinst_DATA = libafsocket.la
 libafsocket_notls_la_SOURCES = \
 	afsocket.c afsocket.h afunix.c afunix.h afinet.c afinet.h \
 	tlscontext.c tlscontext.h tlstransport.c tlstransport.h \
-	afsocket-grammar.y afsocket-parser.c afsocket-parser.h afsocket-plugin.c
+	afsocket-grammar.y afsocket-parser.c afsocket-parser.h afsocket-plugin.c \
+	sd-daemon.c sd-daemon.h
 libafsocket_notls_la_CPPFLAGS = $(AM_CPPFLAGS)
 libafsocket_notls_la_LIBADD = ../../lib/libsyslog-ng.la $(LIBNET_LIBS) $(LIBWRAP_LIBS)
 libafsocket_notls_la_LDFLAGS = -avoid-version -module -no-undefined
@@ -17,7 +18,8 @@ module_LTLIBRARIES += libafsocket-tls.la
 libafsocket_tls_la_SOURCES = \
 	afsocket.c afsocket.h afunix.c afunix.h afinet.c afinet.h \
 	tlscontext.c tlscontext.h tlstransport.c tlstransport.h \
-	afsocket-grammar.y afsocket-parser.c afsocket-parser.h afsocket-plugin.c
+	afsocket-grammar.y afsocket-parser.c afsocket-parser.h afsocket-plugin.c \
+	sd-daemon.c sd-daemon.h
 libafsocket_tls_la_CPPFLAGS = $(AM_CPPFLAGS) -DENABLE_SSL=1
 libafsocket_tls_la_LIBADD = ../../lib/libsyslog-ng.la $(OPENSSL_LIBS) $(ZLIB_LIBS) $(LIBNET_LIBS) $(LIBWRAP_LIBS)
 libafsocket_tls_la_LDFLAGS = -avoid-version -module -no-undefined
diff --git a/modules/afsocket/afsocket.c b/modules/afsocket/afsocket.c
index 499cfb1..67f9499 100644
--- a/modules/afsocket/afsocket.c
+++ b/modules/afsocket/afsocket.c
@@ -529,6 +529,16 @@ afsocket_sd_init(LogPipe *s)
   gboolean res = FALSE;
   GlobalConfig *cfg = log_pipe_get_config(s);
 
+  if (self->systemd_sock != -1)
+    {
+      /* TODO: another socket types */
+      if ((self->bind_addr->sa.sa_family != AF_UNIX) || !(self->flags & AFSOCKET_DGRAM))
+        {
+          msg_error("Systemd activation implemented for unix datagram sockets only", NULL);
+          return FALSE;
+        }
+    }
+
 #if ENABLE_SSL
   if (self->flags & AFSOCKET_REQUIRE_TLS && !self->tls_context)
     {
@@ -604,14 +614,22 @@ afsocket_sd_init(LogPipe *s)
     {
       if (!self->connections)
         {
-          if (!afsocket_open_socket(self->bind_addr, !!(self->flags & AFSOCKET_STREAM), &sock))
+          if (self->systemd_sock != -1)
+            {
+	      sock = self->systemd_sock;
+              g_fd_set_nonblock(sock, TRUE);
+              self->bind_addr->sa_funcs->sa_bind = NULL;
+              self->bind_addr->sa_funcs->sa_bind_prepare = NULL;
+            }
+          else if (!afsocket_open_socket(self->bind_addr, !!(self->flags & AFSOCKET_STREAM), &sock))
             return self->super.optional;
         }
       self->fd = -1;
 
       if (!self->setup_socket(self, sock))
         {
-          close(sock);
+          if (self->systemd_sock == -1)
+            close(sock);
           return FALSE;
         }
 
@@ -738,6 +756,7 @@ afsocket_sd_init_instance(AFSocketSourceDriver *self, SocketOptions *sock_option
   self->setup_socket = afsocket_sd_setup_socket;
   self->max_connections = 10;
   self->listen_backlog = 255;
+  self->systemd_sock = -1;
   self->flags = flags | AFSOCKET_KEEP_ALIVE;
   log_reader_options_defaults(&self->reader_options);
 
diff --git a/modules/afsocket/afsocket.h b/modules/afsocket/afsocket.h
index bf1c74f..f172db8 100644
--- a/modules/afsocket/afsocket.h
+++ b/modules/afsocket/afsocket.h
@@ -77,6 +77,7 @@ struct _AFSocketSourceDriver
   GList *connections;
   SocketOptions *sock_options_ptr;
   gboolean (*setup_socket)(AFSocketSourceDriver *s, gint fd);
+  gint systemd_sock;
 };
 
 void afsocket_sd_set_keep_alive(LogDriver *self, gint enable);
diff --git a/modules/afsocket/afunix.c b/modules/afsocket/afunix.c
index b486b6b..4d45c60 100644
--- a/modules/afsocket/afunix.c
+++ b/modules/afsocket/afunix.c
@@ -25,12 +25,14 @@
 #include "misc.h"
 #include "messages.h"
 #include "gprocess.h"
+#include "sd-daemon.h"
 
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <stdlib.h>
 
 void
 afunix_sd_set_uid(LogDriver *s, gchar *owner)
@@ -67,6 +69,34 @@ afunix_sd_init(LogPipe *s)
 {
   AFUnixSourceDriver *self = (AFUnixSourceDriver *) s;
   cap_t saved_caps;
+  int fds, fd, t, r;
+
+  fd  = -1;
+  fds = sd_listen_fds(0);
+  msg_debug( "Systemd socket activation",
+              evt_tag_int("systemd-sockets", fds),
+              evt_tag_str("systemd-listen-pid", getenv("LISTEN_PID")),
+              evt_tag_str("systemd-listen-fds", getenv("LISTEN_FDS")),
+	       NULL);
+  if (fds < 0)
+    {
+      msg_error("Failed to acquire systemd sockets", NULL);
+      return FALSE;
+    }
+  else if (fds > 0)
+    {
+      for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fds; fd++)
+        {
+          t = (self->super.flags & AFSOCKET_STREAM) ? SOCK_STREAM : SOCK_DGRAM;
+          r = sd_is_socket_unix(fd, t, -1, self->filename, 0);
+          if (r == 1)
+            {
+              /* OK, remember this systemd socket */
+              self->super.systemd_sock = fd;
+              break;
+            }
+        }
+    }
 
   if (afsocket_sd_init(s))
     {
@@ -83,9 +113,27 @@ afunix_sd_init(LogPipe *s)
       if (self->perm >= 0)
         chmod(self->filename, (mode_t) self->perm);
       g_process_cap_restore(saved_caps);
+
+      if (self->super.systemd_sock != -1)
+        {
+          msg_verbose("Acquired systemd socket",
+                      evt_tag_int("systemd-sock-fd", self->super.systemd_sock),
+                      evt_tag_str("systemd-sock-name", self->filename),
+                      NULL);
+        }
       return TRUE;
     }
-  return FALSE;
+  else
+    {
+      if (self->super.systemd_sock != -1)
+        {
+          msg_error("Failed to acquire systemd socket",
+                    evt_tag_int("systemd-sock-fd", self->super.systemd_sock),
+                    evt_tag_str("systemd-sock-name", self->filename),
+                    NULL);
+        }
+      return FALSE;
+    }
 }
 
 static void
diff --git a/modules/afsocket/sd-daemon.c b/modules/afsocket/sd-daemon.c
new file mode 100644
index 0000000..6d1eebf
--- /dev/null
+++ b/modules/afsocket/sd-daemon.c
@@ -0,0 +1,436 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+  Copyright 2010 Lennart Poettering
+
+  Permission is hereby granted, free of charge, to any person
+  obtaining a copy of this software and associated documentation files
+  (the "Software"), to deal in the Software without restriction,
+  including without limitation the rights to use, copy, modify, merge,
+  publish, distribute, sublicense, and/or sell copies of the Software,
+  and to permit persons to whom the Software is furnished to do so,
+  subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be
+  included in all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+  BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+  ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+  SOFTWARE.
+***/
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/fcntl.h>
+#include <netinet/in.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stddef.h>
+
+#include "sd-daemon.h"
+
+int sd_listen_fds(int unset_environment) {
+
+#if defined(DISABLE_SYSTEMD) || !defined(__linux__)
+        return 0;
+#else
+        int r, fd;
+        const char *e;
+        char *p = NULL;
+        unsigned long l;
+
+        if (!(e = getenv("LISTEN_PID"))) {
+                r = 0;
+                goto finish;
+        }
+
+        errno = 0;
+        l = strtoul(e, &p, 10);
+
+        if (errno != 0) {
+                r = -errno;
+                goto finish;
+        }
+
+        if (!p || *p || l <= 0) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        /* Is this for us? */
+        if (getpid() != (pid_t) l) {
+                r = 0;
+                goto finish;
+        }
+
+        if (!(e = getenv("LISTEN_FDS"))) {
+                r = 0;
+                goto finish;
+        }
+
+        errno = 0;
+        l = strtoul(e, &p, 10);
+
+        if (errno != 0) {
+                r = -errno;
+                goto finish;
+        }
+
+        if (!p || *p) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) {
+                int flags;
+
+                if ((flags = fcntl(fd, F_GETFD)) < 0) {
+                        r = -errno;
+                        goto finish;
+                }
+
+                if (flags & FD_CLOEXEC)
+                        continue;
+
+                if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) {
+                        r = -errno;
+                        goto finish;
+                }
+        }
+
+        r = (int) l;
+
+finish:
+        if (unset_environment) {
+                unsetenv("LISTEN_PID");
+                unsetenv("LISTEN_FDS");
+        }
+
+        return r;
+#endif
+}
+
+int sd_is_fifo(int fd, const char *path) {
+        struct stat st_fd;
+
+        if (fd < 0)
+                return -EINVAL;
+
+        memset(&st_fd, 0, sizeof(st_fd));
+        if (fstat(fd, &st_fd) < 0)
+                return -errno;
+
+        if (!S_ISFIFO(st_fd.st_mode))
+                return 0;
+
+        if (path) {
+                struct stat st_path;
+
+                memset(&st_path, 0, sizeof(st_path));
+                if (stat(path, &st_path) < 0) {
+
+                        if (errno == ENOENT || errno == ENOTDIR)
+                                return 0;
+
+                        return -errno;
+                }
+
+                return
+                        st_path.st_dev == st_fd.st_dev &&
+                        st_path.st_ino == st_fd.st_ino;
+        }
+
+        return 1;
+}
+
+static int sd_is_socket_internal(int fd, int type, int listening) {
+        struct stat st_fd;
+
+        if (fd < 0 || type < 0)
+                return -EINVAL;
+
+        if (fstat(fd, &st_fd) < 0)
+                return -errno;
+
+        if (!S_ISSOCK(st_fd.st_mode))
+                return 0;
+
+        if (type != 0) {
+                int other_type = 0;
+                socklen_t l = sizeof(other_type);
+
+                if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0)
+                        return -errno;
+
+                if (l != sizeof(other_type))
+                        return -EINVAL;
+
+                if (other_type != type)
+                        return 0;
+        }
+
+        if (listening >= 0) {
+                int accepting = 0;
+                socklen_t l = sizeof(accepting);
+
+                if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0)
+                        return -errno;
+
+                if (l != sizeof(accepting))
+                        return -EINVAL;
+
+                if (!accepting != !listening)
+                        return 0;
+        }
+
+        return 1;
+}
+
+union sockaddr_union {
+        struct sockaddr sa;
+        struct sockaddr_in in4;
+        struct sockaddr_in6 in6;
+        struct sockaddr_un un;
+        struct sockaddr_storage storage;
+};
+
+int sd_is_socket(int fd, int family, int type, int listening) {
+        int r;
+
+        if (family < 0)
+                return -EINVAL;
+
+        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
+                return r;
+
+        if (family > 0) {
+                union sockaddr_union sockaddr;
+                socklen_t l;
+
+                memset(&sockaddr, 0, sizeof(sockaddr));
+                l = sizeof(sockaddr);
+
+                if (getsockname(fd, &sockaddr.sa, &l) < 0)
+                        return -errno;
+
+                if (l < sizeof(sa_family_t))
+                        return -EINVAL;
+
+                return sockaddr.sa.sa_family == family;
+        }
+
+        return 1;
+}
+
+int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) {
+        union sockaddr_union sockaddr;
+        socklen_t l;
+        int r;
+
+        if (family != 0 && family != AF_INET && family != AF_INET6)
+                return -EINVAL;
+
+        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
+                return r;
+
+        memset(&sockaddr, 0, sizeof(sockaddr));
+        l = sizeof(sockaddr);
+
+        if (getsockname(fd, &sockaddr.sa, &l) < 0)
+                return -errno;
+
+        if (l < sizeof(sa_family_t))
+                return -EINVAL;
+
+        if (sockaddr.sa.sa_family != AF_INET &&
+            sockaddr.sa.sa_family != AF_INET6)
+                return 0;
+
+        if (family > 0)
+                if (sockaddr.sa.sa_family != family)
+                        return 0;
+
+        if (port > 0) {
+                if (sockaddr.sa.sa_family == AF_INET) {
+                        if (l < sizeof(struct sockaddr_in))
+                                return -EINVAL;
+
+                        return htons(port) == sockaddr.in4.sin_port;
+                } else {
+                        if (l < sizeof(struct sockaddr_in6))
+                                return -EINVAL;
+
+                        return htons(port) == sockaddr.in6.sin6_port;
+                }
+        }
+
+        return 1;
+}
+
+int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) {
+        union sockaddr_union sockaddr;
+        socklen_t l;
+        int r;
+
+        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
+                return r;
+
+        memset(&sockaddr, 0, sizeof(sockaddr));
+        l = sizeof(sockaddr);
+
+        if (getsockname(fd, &sockaddr.sa, &l) < 0)
+                return -errno;
+
+        if (l < sizeof(sa_family_t))
+                return -EINVAL;
+
+        if (sockaddr.sa.sa_family != AF_UNIX)
+                return 0;
+
+        if (path) {
+                if (length <= 0)
+                        length = strlen(path);
+
+                if (length <= 0)
+                        /* Unnamed socket */
+                        return l == offsetof(struct sockaddr_un, sun_path);
+
+                if (path[0])
+                        /* Normal path socket */
+                        return
+                                (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) &&
+                                memcmp(path, sockaddr.un.sun_path, length+1) == 0;
+                else
+                        /* Abstract namespace socket */
+                        return
+                                (l == offsetof(struct sockaddr_un, sun_path) + length) &&
+                                memcmp(path, sockaddr.un.sun_path, length) == 0;
+        }
+
+        return 1;
+}
+
+int sd_notify(int unset_environment, const char *state) {
+#if defined(DISABLE_SYSTEMD) || !defined(__linux__) || !defined(SOCK_CLOEXEC)
+        return 0;
+#else
+        int fd = -1, r;
+        struct msghdr msghdr;
+        struct iovec iovec;
+        union sockaddr_union sockaddr;
+        const char *e;
+
+        if (!state) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        if (!(e = getenv("NOTIFY_SOCKET")))
+                return 0;
+
+        /* Must be an abstract socket, or an absolute path */
+        if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        if ((fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) {
+                r = -errno;
+                goto finish;
+        }
+
+        memset(&sockaddr, 0, sizeof(sockaddr));
+        sockaddr.sa.sa_family = AF_UNIX;
+        strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path));
+
+        if (sockaddr.un.sun_path[0] == '@')
+                sockaddr.un.sun_path[0] = 0;
+
+        memset(&iovec, 0, sizeof(iovec));
+        iovec.iov_base = (char*) state;
+        iovec.iov_len = strlen(state);
+
+        memset(&msghdr, 0, sizeof(msghdr));
+        msghdr.msg_name = &sockaddr;
+        msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e);
+
+        if (msghdr.msg_namelen > sizeof(struct sockaddr_un))
+                msghdr.msg_namelen = sizeof(struct sockaddr_un);
+
+        msghdr.msg_iov = &iovec;
+        msghdr.msg_iovlen = 1;
+
+        if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) {
+                r = -errno;
+                goto finish;
+        }
+
+        r = 1;
+
+finish:
+        if (unset_environment)
+                unsetenv("NOTIFY_SOCKET");
+
+        if (fd >= 0)
+                close(fd);
+
+        return r;
+#endif
+}
+
+int sd_notifyf(int unset_environment, const char *format, ...) {
+#if defined(DISABLE_SYSTEMD) || !defined(__linux__)
+        return 0;
+#else
+        va_list ap;
+        char *p = NULL;
+        int r;
+
+        va_start(ap, format);
+        r = vasprintf(&p, format, ap);
+        va_end(ap);
+
+        if (r < 0 || !p)
+                return -ENOMEM;
+
+        r = sd_notify(unset_environment, p);
+        free(p);
+
+        return r;
+#endif
+}
+
+int sd_booted(void) {
+#if defined(DISABLE_SYSTEMD) || !defined(__linux__)
+        return 0;
+#else
+
+        struct stat a, b;
+
+        /* We simply test whether the systemd cgroup hierarchy is
+         * mounted */
+
+        if (lstat("/sys/fs/cgroup", &a) < 0)
+                return 0;
+
+        if (lstat("/sys/fs/cgroup/systemd", &b) < 0)
+                return 0;
+
+        return a.st_dev != b.st_dev;
+#endif
+}
diff --git a/modules/afsocket/sd-daemon.h b/modules/afsocket/sd-daemon.h
new file mode 100644
index 0000000..d0a0a94
--- /dev/null
+++ b/modules/afsocket/sd-daemon.h
@@ -0,0 +1,265 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+#ifndef foosddaemonhfoo
+#define foosddaemonhfoo
+
+/***
+  Copyright 2010 Lennart Poettering
+
+  Permission is hereby granted, free of charge, to any person
+  obtaining a copy of this software and associated documentation files
+  (the "Software"), to deal in the Software without restriction,
+  including without limitation the rights to use, copy, modify, merge,
+  publish, distribute, sublicense, and/or sell copies of the Software,
+  and to permit persons to whom the Software is furnished to do so,
+  subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be
+  included in all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+  BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+  ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+  SOFTWARE.
+***/
+
+#include <sys/types.h>
+#include <inttypes.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+  Reference implementation of a few systemd related interfaces for
+  writing daemons. These interfaces are trivial to implement. To
+  simplify porting we provide this reference implementation.
+  Applications are welcome to reimplement the algorithms described
+  here if they do not want to include these two source files.
+
+  The following functionality is provided:
+
+  - Support for logging with log levels on stderr
+  - File descriptor passing for socket-based activation
+  - Daemon startup and status notification
+  - Detection of systemd boots
+
+  You may compile this with -DDISABLE_SYSTEMD to disable systemd
+  support. This makes all those calls NOPs that are directly related to
+  systemd (i.e. only sd_is_xxx() will stay useful).
+
+  Since this is drop-in code we don't want any of our symbols to be
+  exported in any case. Hence we declare hidden visibility for all of
+  them.
+
+  You may find an up-to-date version of these source files online:
+
+  http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h
+  http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c
+
+  This should compile on non-Linux systems, too, but with the
+  exception of the sd_is_xxx() calls all functions will become NOPs.
+
+  See sd-daemon(7) for more information.
+*/
+
+#ifndef _sd_printf_attr_
+#if __GNUC__ >= 4
+#define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b)))
+#else
+#define _sd_printf_attr_(a,b)
+#endif
+#endif
+
+#ifndef _sd_hidden_
+#if (__GNUC__ >= 4) && !defined(SD_EXPORT_SYMBOLS)
+#define _sd_hidden_ __attribute__ ((visibility("hidden")))
+#else
+#define _sd_hidden_
+#endif
+#endif
+
+/*
+  Log levels for usage on stderr:
+
+          fprintf(stderr, SD_NOTICE "Hello World!\n");
+
+  This is similar to printk() usage in the kernel.
+*/
+#define SD_EMERG   "<0>"  /* system is unusable */
+#define SD_ALERT   "<1>"  /* action must be taken immediately */
+#define SD_CRIT    "<2>"  /* critical conditions */
+#define SD_ERR     "<3>"  /* error conditions */
+#define SD_WARNING "<4>"  /* warning conditions */
+#define SD_NOTICE  "<5>"  /* normal but significant condition */
+#define SD_INFO    "<6>"  /* informational */
+#define SD_DEBUG   "<7>"  /* debug-level messages */
+
+/* The first passed file descriptor is fd 3 */
+#define SD_LISTEN_FDS_START 3
+
+/*
+  Returns how many file descriptors have been passed, or a negative
+  errno code on failure. Optionally, removes the $LISTEN_FDS and
+  $LISTEN_PID file descriptors from the environment (recommended, but
+  problematic in threaded environments). If r is the return value of
+  this function you'll find the file descriptors passed as fds
+  SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative
+  errno style error code on failure. This function call ensures that
+  the FD_CLOEXEC flag is set for the passed file descriptors, to make
+  sure they are not passed on to child processes. If FD_CLOEXEC shall
+  not be set, the caller needs to unset it after this call for all file
+  descriptors that are used.
+
+  See sd_listen_fds(3) for more information.
+*/
+int sd_listen_fds(int unset_environment) _sd_hidden_;
+
+/*
+  Helper call for identifying a passed file descriptor. Returns 1 if
+  the file descriptor is a FIFO in the file system stored under the
+  specified path, 0 otherwise. If path is NULL a path name check will
+  not be done and the call only verifies if the file descriptor
+  refers to a FIFO. Returns a negative errno style error code on
+  failure.
+
+  See sd_is_fifo(3) for more information.
+*/
+int sd_is_fifo(int fd, const char *path) _sd_hidden_;
+
+/*
+  Helper call for identifying a passed file descriptor. Returns 1 if
+  the file descriptor is a socket of the specified family (AF_INET,
+  ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If
+  family is 0 a socket family check will not be done. If type is 0 a
+  socket type check will not be done and the call only verifies if
+  the file descriptor refers to a socket. If listening is > 0 it is
+  verified that the socket is in listening mode. (i.e. listen() has
+  been called) If listening is == 0 it is verified that the socket is
+  not in listening mode. If listening is < 0 no listening mode check
+  is done. Returns a negative errno style error code on failure.
+
+  See sd_is_socket(3) for more information.
+*/
+int sd_is_socket(int fd, int family, int type, int listening) _sd_hidden_;
+
+/*
+  Helper call for identifying a passed file descriptor. Returns 1 if
+  the file descriptor is an Internet socket, of the specified family
+  (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM,
+  SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version
+  check is not done. If type is 0 a socket type check will not be
+  done. If port is 0 a socket port check will not be done. The
+  listening flag is used the same way as in sd_is_socket(). Returns a
+  negative errno style error code on failure.
+
+  See sd_is_socket_inet(3) for more information.
+*/
+int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) _sd_hidden_;
+
+/*
+  Helper call for identifying a passed file descriptor. Returns 1 if
+  the file descriptor is an AF_UNIX socket of the specified type
+  (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0
+  a socket type check will not be done. If path is NULL a socket path
+  check will not be done. For normal AF_UNIX sockets set length to
+  0. For abstract namespace sockets set length to the length of the
+  socket name (including the initial 0 byte), and pass the full
+  socket path in path (including the initial 0 byte). The listening
+  flag is used the same way as in sd_is_socket(). Returns a negative
+  errno style error code on failure.
+
+  See sd_is_socket_unix(3) for more information.
+*/
+int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) _sd_hidden_;
+
+/*
+  Informs systemd about changed daemon state. This takes a number of
+  newline separated environment-style variable assignments in a
+  string. The following variables are known:
+
+     READY=1      Tells systemd that daemon startup is finished (only
+                  relevant for services of Type=notify). The passed
+                  argument is a boolean "1" or "0". Since there is
+                  little value in signalling non-readiness the only
+                  value daemons should send is "READY=1".
+
+     STATUS=...   Passes a single-line status string back to systemd
+                  that describes the daemon state. This is free-from
+                  and can be used for various purposes: general state
+                  feedback, fsck-like programs could pass completion
+                  percentages and failing programs could pass a human
+                  readable error message. Example: "STATUS=Completed
+                  66% of file system check..."
+
+     ERRNO=...    If a daemon fails, the errno-style error code,
+                  formatted as string. Example: "ERRNO=2" for ENOENT.
+
+     BUSERROR=... If a daemon fails, the D-Bus error-style error
+                  code. Example: "BUSERROR=org.freedesktop.DBus.Error.TimedOut"
+
+     MAINPID=...  The main pid of a daemon, in case systemd did not
+                  fork off the process itself. Example: "MAINPID=4711"
+
+  Daemons can choose to send additional variables. However, it is
+  recommened to prefix variable names not listed above with X_.
+
+  Returns a negative errno-style error code on failure. Returns > 0
+  if systemd could be notified, 0 if it couldn't possibly because
+  systemd is not running.
+
+  Example: When a daemon finished starting up, it could issue this
+  call to notify systemd about it:
+
+     sd_notify(0, "READY=1");
+
+  See sd_notifyf() for more complete examples.
+
+  See sd_notify(3) for more information.
+*/
+int sd_notify(int unset_environment, const char *state) _sd_hidden_;
+
+/*
+  Similar to sd_notify() but takes a format string.
+
+  Example 1: A daemon could send the following after initialization:
+
+     sd_notifyf(0, "READY=1\n"
+                   "STATUS=Processing requests...\n"
+                   "MAINPID=%lu",
+                   (unsigned long) getpid());
+
+  Example 2: A daemon could send the following shortly before
+  exiting, on failure:
+
+     sd_notifyf(0, "STATUS=Failed to start up: %s\n"
+                   "ERRNO=%i",
+                   strerror(errno),
+                   errno);
+
+  See sd_notifyf(3) for more information.
+*/
+int sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3) _sd_hidden_;
+
+/*
+  Returns > 0 if the system was booted with systemd. Returns < 0 on
+  error. Returns 0 if the system was not booted with systemd. Note
+  that all of the functions above handle non-systemd boots just
+  fine. You should NOT protect them with a call to this function. Also
+  note that this function checks whether the system, not the user
+  session is controlled by systemd. However the functions above work
+  for both user and system services.
+
+  See sd_booted(3) for more information.
+*/
+int sd_booted(void) _sd_hidden_;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif