@@ -76,7 +76,7 @@ github.com/opencontainers/image-spec v1.0.1

 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0

 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)

-github.com/coreos/go-systemd v15

+github.com/coreos/go-systemd v17

 github.com/godbus/dbus v4.0.0

 github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852

 github.com/golang/protobuf 7a211bcf3bce0e3f1d74f9894916e6f116ae83b4

new file mode 100644

@@ -0,0 +1,5 @@

+CoreOS Project

+Copyright 2018 CoreOS, Inc

+

+This product includes software developed at CoreOS, Inc.

+(http://www.coreos.com/).

@@ -6,9 +6,11 @@

 Go bindings to systemd. The project has several packages:

 - `activation` - for writing and using socket activation from Go

+- `daemon` - for notifying systemd of service status changes

 - `dbus` - for starting/stopping/inspecting running services and units

 - `journal` - for writing to systemd's logging service, journald

 - `sdjournal` - for reading from journald by wrapping its C API

+- `login1` - for integration with the systemd logind API

 - `machine1` - for registering machines/containers with systemd

 - `unit` - for (de)serialization and comparison of unit files

@@ -18,10 +20,9 @@ An example HTTP server using socket activation can be quickly set up by followin

 https://github.com/coreos/go-systemd/tree/master/examples/activation/httpserver

-## Journal

+## systemd Service Notification

-Using the pure-Go `journal` package you can submit journal entries directly to systemd's journal, taking advantage of features like indexed key/value pairs for each log entry.

-The `sdjournal` package provides read access to the journal by wrapping around journald's native C API; consequently it requires cgo and the journal headers to be available.

+The `daemon` package is an implementation of the [sd_notify protocol](https://www.freedesktop.org/software/systemd/man/sd_notify.html#Description). It can be used to inform systemd of service start-up completion, watchdog events, and other status changes.

 ## D-Bus

@@ -45,6 +46,20 @@ Create `/etc/dbus-1/system-local.conf` that looks like this:

 </busconfig>

 ```

+## Journal

+

+### Writing to the Journal

+

+Using the pure-Go `journal` package you can submit journal entries directly to systemd's journal, taking advantage of features like indexed key/value pairs for each log entry.

+

+### Reading from the Journal

+

+The `sdjournal` package provides read access to the journal by wrapping around journald's native C API; consequently it requires cgo and the journal headers to be available.

+

+## logind

+

+The `login1` package provides functions to integrate with the [systemd logind API](http://www.freedesktop.org/wiki/Software/systemd/logind/).

+

 ## machined

 The `machine1` package allows interaction with the [systemd machined D-Bus API](http://www.freedesktop.org/wiki/Software/systemd/machined/).

@@ -18,18 +18,26 @@ package activation

 import (

 	"os"

 	"strconv"

+	"strings"

 	"syscall"

 )

-// based on: https://gist.github.com/alberts/4640792

 const (

+	// listenFdsStart corresponds to `SD_LISTEN_FDS_START`.

 	listenFdsStart = 3

 )

+// Files returns a slice containing a `os.File` object for each

+// file descriptor passed to this process via systemd fd-passing protocol.

+//

+// The order of the file descriptors is preserved in the returned slice.

+// `unsetEnv` is typically set to `true` in order to avoid clashes in

+// fd usage and to avoid leaking environment flags to child processes.

 func Files(unsetEnv bool) []*os.File {

 	if unsetEnv {

 		defer os.Unsetenv("LISTEN_PID")

 		defer os.Unsetenv("LISTEN_FDS")

+		defer os.Unsetenv("LISTEN_FDNAMES")

 	}

 	pid, err := strconv.Atoi(os.Getenv("LISTEN_PID"))

@@ -42,10 +50,17 @@ func Files(unsetEnv bool) []*os.File {

 		return nil

 	}

+	names := strings.Split(os.Getenv("LISTEN_FDNAMES"), ":")

+

 	files := make([]*os.File, 0, nfds)

 	for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ {

 		syscall.CloseOnExec(fd)

-		files = append(files, os.NewFile(uintptr(fd), "LISTEN_FD_"+strconv.Itoa(fd)))

+		name := "LISTEN_FD_" + strconv.Itoa(fd)

+		offset := fd - listenFdsStart

+		if offset < len(names) && len(names[offset]) > 0 {

+			name = names[offset]

+		}

+		files = append(files, os.NewFile(uintptr(fd), name))

 	}

 	return files

@@ -25,13 +25,33 @@ import (

 // The order of the file descriptors is preserved in the returned slice.

 // Nil values are used to fill any gaps. For example if systemd were to return file descriptors

 // corresponding with "udp, tcp, tcp", then the slice would contain {nil, net.Listener, net.Listener}

-func Listeners(unsetEnv bool) ([]net.Listener, error) {

-	files := Files(unsetEnv)

+func Listeners() ([]net.Listener, error) {

+	files := Files(true)

 	listeners := make([]net.Listener, len(files))

 	for i, f := range files {

 		if pc, err := net.FileListener(f); err == nil {

 			listeners[i] = pc

+			f.Close()

+		}

+	}

+	return listeners, nil

+}

+

+// ListenersWithNames maps a listener name to a set of net.Listener instances.

+func ListenersWithNames() (map[string][]net.Listener, error) {

+	files := Files(true)

+	listeners := map[string][]net.Listener{}

+

+	for _, f := range files {

+		if pc, err := net.FileListener(f); err == nil {

+			current, ok := listeners[f.Name()]

+			if !ok {

+				listeners[f.Name()] = []net.Listener{pc}

+			} else {

+				listeners[f.Name()] = append(current, pc)

+			}

+			f.Close()

 		}

 	}

 	return listeners, nil

@@ -40,8 +60,8 @@ func Listeners(unsetEnv bool) ([]net.Listener, error) {

 // TLSListeners returns a slice containing a net.listener for each matching TCP socket type

 // passed to this process.

 // It uses default Listeners func and forces TCP sockets handlers to use TLS based on tlsConfig.

-func TLSListeners(unsetEnv bool, tlsConfig *tls.Config) ([]net.Listener, error) {

-	listeners, err := Listeners(unsetEnv)

+func TLSListeners(tlsConfig *tls.Config) ([]net.Listener, error) {

+	listeners, err := Listeners()

 	if listeners == nil || err != nil {

 		return nil, err

@@ -58,3 +78,26 @@ func TLSListeners(unsetEnv bool, tlsConfig *tls.Config) ([]net.Listener, error)

 	return listeners, err

 }

+

+// TLSListenersWithNames maps a listener name to a net.Listener with

+// the associated TLS configuration.

+func TLSListenersWithNames(tlsConfig *tls.Config) (map[string][]net.Listener, error) {

+	listeners, err := ListenersWithNames()

+

+	if listeners == nil || err != nil {

+		return nil, err

+	}

+

+	if tlsConfig != nil && err == nil {

+		for _, ll := range listeners {

+			// Activate TLS only for TCP sockets

+			for i, l := range ll {

+				if l.Addr().Network() == "tcp" {

+					ll[i] = tls.NewListener(l, tlsConfig)

+				}

+			}

+		}

+	}

+

+	return listeners, err

+}

@@ -24,13 +24,14 @@ import (

 // The order of the file descriptors is preserved in the returned slice.

 // Nil values are used to fill any gaps. For example if systemd were to return file descriptors

 // corresponding with "udp, tcp, udp", then the slice would contain {net.PacketConn, nil, net.PacketConn}

-func PacketConns(unsetEnv bool) ([]net.PacketConn, error) {

-	files := Files(unsetEnv)

+func PacketConns() ([]net.PacketConn, error) {

+	files := Files(true)

 	conns := make([]net.PacketConn, len(files))

 	for i, f := range files {

 		if pc, err := net.FilePacketConn(f); err == nil {

 			conns[i] = pc

+			f.Close()

 		}

 	}

 	return conns, nil

@@ -1,4 +1,5 @@

 // Copyright 2014 Docker, Inc.

+// Copyright 2015-2018 CoreOS, Inc.

 //

 // Licensed under the Apache License, Version 2.0 (the "License");

 // you may not use this file except in compliance with the License.

@@ -13,7 +14,11 @@

 // limitations under the License.

 //

-// Code forked from Docker project

+// Package daemon provides a Go implementation of the sd_notify protocol.

+// It can be used to inform systemd of service start-up completion, watchdog

+// events, and other status changes.

+//

+// https://www.freedesktop.org/software/systemd/man/sd_notify.html#Description

 package daemon

 import (

@@ -21,6 +26,25 @@ import (

 	"os"

 )

+const (

+	// SdNotifyReady tells the service manager that service startup is finished

+	// or the service finished loading its configuration.

+	SdNotifyReady = "READY=1"

+

+	// SdNotifyStopping tells the service manager that the service is beginning

+	// its shutdown.

+	SdNotifyStopping = "STOPPING=1"

+

+	// SdNotifyReloading tells the service manager that this service is

+	// reloading its configuration. Note that you must call SdNotifyReady when

+	// it completed reloading.

+	SdNotifyReloading = "RELOADING=1"

+

+	// SdNotifyWatchdog tells the service manager to update the watchdog

+	// timestamp for the service.

+	SdNotifyWatchdog = "WATCHDOG=1"

+)

+

 // SdNotify sends a message to the init daemon. It is common to ignore the error.

 // If `unsetEnvironment` is true, the environment variable `NOTIFY_SOCKET`

 // will be unconditionally unset.

@@ -29,7 +53,7 @@ import (

 // (false, nil) - notification not supported (i.e. NOTIFY_SOCKET is unset)

 // (false, err) - notification supported, but failure happened (e.g. error connecting to NOTIFY_SOCKET or while sending data)

 // (true, nil) - notification supported, data has been sent

-func SdNotify(unsetEnvironment bool, state string) (sent bool, err error) {

+func SdNotify(unsetEnvironment bool, state string) (bool, error) {

 	socketAddr := &net.UnixAddr{

 		Name: os.Getenv("NOTIFY_SOCKET"),

 		Net:  "unixgram",

@@ -41,10 +65,9 @@ func SdNotify(unsetEnvironment bool, state string) (sent bool, err error) {

 	}

 	if unsetEnvironment {

-		err = os.Unsetenv("NOTIFY_SOCKET")

-	}

-	if err != nil {

-		return false, err

+		if err := os.Unsetenv("NOTIFY_SOCKET"); err != nil {

+			return false, err

+		}

 	}

 	conn, err := net.DialUnix(socketAddr.Net, nil, socketAddr)

@@ -54,9 +77,7 @@ func SdNotify(unsetEnvironment bool, state string) (sent bool, err error) {

 	}

 	defer conn.Close()

-	_, err = conn.Write([]byte(state))

-	// Error sending the message

-	if err != nil {

+	if _, err = conn.Write([]byte(state)); err != nil {

 		return false, err

 	}

 	return true, nil

@@ -21,10 +21,11 @@ import (

 	"time"

 )

-// SdWatchdogEnabled return watchdog information for a service.

-// Process should send daemon.SdNotify("WATCHDOG=1") every time / 2.

-// If `unsetEnvironment` is true, the environment variables `WATCHDOG_USEC`

-// and `WATCHDOG_PID` will be unconditionally unset.

+// SdWatchdogEnabled returns watchdog information for a service.

+// Processes should call daemon.SdNotify(false, daemon.SdNotifyWatchdog) every

+// time / 2.

+// If `unsetEnvironment` is true, the environment variables `WATCHDOG_USEC` and

+// `WATCHDOG_PID` will be unconditionally unset.

 //

 // It returns one of the following:

 // (0, nil) - watchdog isn't enabled or we aren't the watched PID.

@@ -16,6 +16,7 @@

 package dbus

 import (

+	"encoding/hex"

 	"fmt"

 	"os"

 	"strconv"

@@ -60,6 +61,27 @@ func PathBusEscape(path string) string {

 	return string(n)

 }

+// pathBusUnescape is the inverse of PathBusEscape.

+func pathBusUnescape(path string) string {

+	if path == "_" {

+		return ""

+	}

+	n := []byte{}

+	for i := 0; i < len(path); i++ {

+		c := path[i]

+		if c == '_' && i+2 < len(path) {

+			res, err := hex.DecodeString(path[i+1 : i+3])

+			if err == nil {

+				n = append(n, res...)

+			}

+			i += 2

+		} else {

+			n = append(n, c)

+		}

+	}

+	return string(n)

+}

+

 // Conn is a connection to systemd's dbus endpoint.

 type Conn struct {

 	// sysconn/sysobj are only used to call dbus methods

@@ -74,13 +96,18 @@ type Conn struct {

 		jobs map[dbus.ObjectPath]chan<- string

 		sync.Mutex

 	}

-	subscriber struct {

+	subStateSubscriber struct {

 		updateCh chan<- *SubStateUpdate

 		errCh    chan<- error

 		sync.Mutex

 		ignore      map[dbus.ObjectPath]int64

 		cleanIgnore int64

 	}

+	propertiesSubscriber struct {

+		updateCh chan<- *PropertiesUpdate

+		errCh    chan<- error

+		sync.Mutex

+	}

 }

 // New establishes a connection to any available bus and authenticates.

@@ -152,7 +179,7 @@ func NewConnection(dialBus func() (*dbus.Conn, error)) (*Conn, error) {

 		sigobj:  systemdObject(sigconn),

 	}

-	c.subscriber.ignore = make(map[dbus.ObjectPath]int64)

+	c.subStateSubscriber.ignore = make(map[dbus.ObjectPath]int64)

 	c.jobListener.jobs = make(map[dbus.ObjectPath]chan<- string)

 	// Setup the listeners on jobs so that we can get completions

@@ -1,4 +1,4 @@

-// Copyright 2015 CoreOS, Inc.

+// Copyright 2015, 2018 CoreOS, Inc.

 //

 // Licensed under the Apache License, Version 2.0 (the "License");

 // you may not use this file except in compliance with the License.

@@ -16,6 +16,7 @@ package dbus

 import (

 	"errors"

+	"fmt"

 	"path"

 	"strconv"

@@ -148,14 +149,27 @@ func (c *Conn) ResetFailedUnit(name string) error {

 	return c.sysobj.Call("org.freedesktop.systemd1.Manager.ResetFailedUnit", 0, name).Store()

 }

-// getProperties takes the unit name and returns all of its dbus object properties, for the given dbus interface

-func (c *Conn) getProperties(unit string, dbusInterface string) (map[string]interface{}, error) {

+// SystemState returns the systemd state. Equivalent to `systemctl is-system-running`.

+func (c *Conn) SystemState() (*Property, error) {

+	var err error

+	var prop dbus.Variant

+

+	obj := c.sysconn.Object("org.freedesktop.systemd1", "/org/freedesktop/systemd1")

+	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, "org.freedesktop.systemd1.Manager", "SystemState").Store(&prop)

+	if err != nil {

+		return nil, err

+	}

+

+	return &Property{Name: "SystemState", Value: prop}, nil

+}

+

+// getProperties takes the unit path and returns all of its dbus object properties, for the given dbus interface

+func (c *Conn) getProperties(path dbus.ObjectPath, dbusInterface string) (map[string]interface{}, error) {

 	var err error

 	var props map[string]dbus.Variant

-	path := unitPath(unit)

 	if !path.IsValid() {

-		return nil, errors.New("invalid unit name: " + unit)

+		return nil, fmt.Errorf("invalid unit name: %v", path)

 	}

 	obj := c.sysconn.Object("org.freedesktop.systemd1", path)

@@ -172,9 +186,15 @@ func (c *Conn) getProperties(unit string, dbusInterface string) (map[string]inte

 	return out, nil

 }

-// GetUnitProperties takes the unit name and returns all of its dbus object properties.

+// GetUnitProperties takes the (unescaped) unit name and returns all of its dbus object properties.

 func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {

-	return c.getProperties(unit, "org.freedesktop.systemd1.Unit")

+	path := unitPath(unit)

+	return c.getProperties(path, "org.freedesktop.systemd1.Unit")

+}

+

+// GetUnitProperties takes the (escaped) unit path and returns all of its dbus object properties.

+func (c *Conn) GetUnitPathProperties(path dbus.ObjectPath) (map[string]interface{}, error) {

+	return c.getProperties(path, "org.freedesktop.systemd1.Unit")

 }

 func (c *Conn) getProperty(unit string, dbusInterface string, propertyName string) (*Property, error) {

@@ -208,7 +228,8 @@ func (c *Conn) GetServiceProperty(service string, propertyName string) (*Propert

 // Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope

 // return "dbus.Error: Unknown interface" if the unitType is not the correct type of the unit

 func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) {

-	return c.getProperties(unit, "org.freedesktop.systemd1."+unitType)

+	path := unitPath(unit)

+	return c.getProperties(path, "org.freedesktop.systemd1."+unitType)

 }

 // SetUnitProperties() may be used to modify certain unit properties at runtime.

@@ -292,6 +313,7 @@ func (c *Conn) ListUnitsByPatterns(states []string, patterns []string) ([]UnitSt

 // names and returns an UnitStatus array. Comparing to ListUnitsByPatterns

 // method, this method returns statuses even for inactive or non-existing

 // units. Input array should contain exact unit names, but not patterns.

+// Note: Requires systemd v230 or higher

 func (c *Conn) ListUnitsByNames(units []string) ([]UnitStatus, error) {

 	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitsByNames", 0, units).Store)

 }

@@ -563,3 +585,8 @@ func (c *Conn) Reload() error {

 func unitPath(name string) dbus.ObjectPath {

 	return dbus.ObjectPath("/org/freedesktop/systemd1/unit/" + PathBusEscape(name))

 }

+

+// unitName returns the unescaped base element of the supplied escaped path

+func unitName(dpath dbus.ObjectPath) string {

+	return pathBusUnescape(path.Base(string(dpath)))

+}

@@ -36,7 +36,7 @@ func (s *set) Length() int {

 }

 func (s *set) Values() (values []string) {

-	for val, _ := range s.data {

+	for val := range s.data {

 		values = append(values, val)

 	}

 	return

@@ -16,6 +16,7 @@ package dbus

 import (

 	"errors"

+	"log"

 	"time"

 	"github.com/godbus/dbus"

@@ -36,22 +37,12 @@ func (c *Conn) Subscribe() error {

 	c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,

 		"type='signal',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged'")

-	err := c.sigobj.Call("org.freedesktop.systemd1.Manager.Subscribe", 0).Store()

-	if err != nil {

-		return err

-	}

-

-	return nil

+	return c.sigobj.Call("org.freedesktop.systemd1.Manager.Subscribe", 0).Store()

 }

 // Unsubscribe this connection from systemd dbus events.

 func (c *Conn) Unsubscribe() error {

-	err := c.sigobj.Call("org.freedesktop.systemd1.Manager.Unsubscribe", 0).Store()

-	if err != nil {

-		return err

-	}

-

-	return nil

+	return c.sigobj.Call("org.freedesktop.systemd1.Manager.Unsubscribe", 0).Store()

 }

 func (c *Conn) dispatch() {

@@ -70,7 +61,8 @@ func (c *Conn) dispatch() {

 				c.jobComplete(signal)

 			}

-			if c.subscriber.updateCh == nil {

+			if c.subStateSubscriber.updateCh == nil &&

+				c.propertiesSubscriber.updateCh == nil {

 				continue

 			}

@@ -84,6 +76,12 @@ func (c *Conn) dispatch() {

 			case "org.freedesktop.DBus.Properties.PropertiesChanged":

 				if signal.Body[0].(string) == "org.freedesktop.systemd1.Unit" {

 					unitPath = signal.Path

+

+					if len(signal.Body) >= 2 {

+						if changed, ok := signal.Body[1].(map[string]dbus.Variant); ok {

+							c.sendPropertiesUpdate(unitPath, changed)

+						}

+					}

 				}

 			}

@@ -169,42 +167,80 @@ type SubStateUpdate struct {

 // is full, it attempts to write an error to errCh; if errCh is full, the error

 // passes silently.

 func (c *Conn) SetSubStateSubscriber(updateCh chan<- *SubStateUpdate, errCh chan<- error) {

-	c.subscriber.Lock()

-	defer c.subscriber.Unlock()

-	c.subscriber.updateCh = updateCh

-	c.subscriber.errCh = errCh

+	if c == nil {

+		msg := "nil receiver"

+		select {

+		case errCh <- errors.New(msg):

+		default:

+			log.Printf("full error channel while reporting: %s\n", msg)

+		}

+		return

+	}

+

+	c.subStateSubscriber.Lock()

+	defer c.subStateSubscriber.Unlock()

+	c.subStateSubscriber.updateCh = updateCh

+	c.subStateSubscriber.errCh = errCh

 }

-func (c *Conn) sendSubStateUpdate(path dbus.ObjectPath) {

-	c.subscriber.Lock()

-	defer c.subscriber.Unlock()

+func (c *Conn) sendSubStateUpdate(unitPath dbus.ObjectPath) {

+	c.subStateSubscriber.Lock()

+	defer c.subStateSubscriber.Unlock()

+

+	if c.subStateSubscriber.updateCh == nil {

+		return

+	}

-	if c.shouldIgnore(path) {

+	isIgnored := c.shouldIgnore(unitPath)

+	defer c.cleanIgnore()

+	if isIgnored {

 		return

 	}

-	info, err := c.GetUnitProperties(string(path))

+	info, err := c.GetUnitPathProperties(unitPath)

 	if err != nil {

 		select {

-		case c.subscriber.errCh <- err:

+		case c.subStateSubscriber.errCh <- err:

 		default:

+			log.Printf("full error channel while reporting: %s\n", err)

 		}

+		return

 	}

+	defer c.updateIgnore(unitPath, info)

-	name := info["Id"].(string)

-	substate := info["SubState"].(string)

+	name, ok := info["Id"].(string)

+	if !ok {

+		msg := "failed to cast info.Id"

+		select {

+		case c.subStateSubscriber.errCh <- errors.New(msg):

+		default:

+			log.Printf("full error channel while reporting: %s\n", err)

+		}

+		return

+	}

+	substate, ok := info["SubState"].(string)

+	if !ok {

+		msg := "failed to cast info.SubState"

+		select {

+		case c.subStateSubscriber.errCh <- errors.New(msg):

+		default:

+			log.Printf("full error channel while reporting: %s\n", msg)

+		}

+		return

+	}

 	update := &SubStateUpdate{name, substate}

 	select {

-	case c.subscriber.updateCh <- update:

+	case c.subStateSubscriber.updateCh <- update:

 	default:

+		msg := "update channel is full"

 		select {

-		case c.subscriber.errCh <- errors.New("update channel full!"):

+		case c.subStateSubscriber.errCh <- errors.New(msg):

 		default:

+			log.Printf("full error channel while reporting: %s\n", msg)

 		}

+		return

 	}

-

-	c.updateIgnore(path, info)

 }

 // The ignore functions work around a wart in the systemd dbus interface.

@@ -222,29 +258,76 @@ func (c *Conn) sendSubStateUpdate(path dbus.ObjectPath) {

 // the properties).

 func (c *Conn) shouldIgnore(path dbus.ObjectPath) bool {

-	t, ok := c.subscriber.ignore[path]

+	t, ok := c.subStateSubscriber.ignore[path]

 	return ok && t >= time.Now().UnixNano()

 }

 func (c *Conn) updateIgnore(path dbus.ObjectPath, info map[string]interface{}) {

-	c.cleanIgnore()

+	loadState, ok := info["LoadState"].(string)

+	if !ok {

+		return

+	}

 	// unit is unloaded - it will trigger bad systemd dbus behavior

-	if info["LoadState"].(string) == "not-found" {

-		c.subscriber.ignore[path] = time.Now().UnixNano() + ignoreInterval

+	if loadState == "not-found" {

+		c.subStateSubscriber.ignore[path] = time.Now().UnixNano() + ignoreInterval

 	}

 }

 // without this, ignore would grow unboundedly over time

 func (c *Conn) cleanIgnore() {

 	now := time.Now().UnixNano()

-	if c.subscriber.cleanIgnore < now {

-		c.subscriber.cleanIgnore = now + cleanIgnoreInterval

+	if c.subStateSubscriber.cleanIgnore < now {

+		c.subStateSubscriber.cleanIgnore = now + cleanIgnoreInterval

-		for p, t := range c.subscriber.ignore {

+		for p, t := range c.subStateSubscriber.ignore {

 			if t < now {

-				delete(c.subscriber.ignore, p)

+				delete(c.subStateSubscriber.ignore, p)

 			}

 		}

 	}

 }

+

+// PropertiesUpdate holds a map of a unit's changed properties

+type PropertiesUpdate struct {

+	UnitName string

+	Changed  map[string]dbus.Variant

+}

+

+// SetPropertiesSubscriber writes to updateCh when any unit's properties

+// change. Every property change reported by systemd will be sent; that is, no

+// transitions will be "missed" (as they might be with SetSubStateSubscriber).

+// However, state changes will only be written to the channel with non-blocking

+// writes.  If updateCh is full, it attempts to write an error to errCh; if

+// errCh is full, the error passes silently.

+func (c *Conn) SetPropertiesSubscriber(updateCh chan<- *PropertiesUpdate, errCh chan<- error) {

+	c.propertiesSubscriber.Lock()

+	defer c.propertiesSubscriber.Unlock()

+	c.propertiesSubscriber.updateCh = updateCh

+	c.propertiesSubscriber.errCh = errCh

+}

+

+// we don't need to worry about shouldIgnore() here because

+// sendPropertiesUpdate doesn't call GetProperties()

+func (c *Conn) sendPropertiesUpdate(unitPath dbus.ObjectPath, changedProps map[string]dbus.Variant) {

+	c.propertiesSubscriber.Lock()

+	defer c.propertiesSubscriber.Unlock()

+

+	if c.propertiesSubscriber.updateCh == nil {

+		return

+	}

+

+	update := &PropertiesUpdate{unitName(unitPath), changedProps}

+

+	select {

+	case c.propertiesSubscriber.updateCh <- update:

+	default:

+		msg := "update channel is full"

+		select {

+		case c.propertiesSubscriber.errCh <- errors.New(msg):

+		default:

+			log.Printf("full error channel while reporting: %s\n", msg)

+		}

+		return

+	}

+}

@@ -103,7 +103,10 @@ func Send(message string, priority Priority, vars map[string]string) error {

 		if !ok {

 			return journalError("can't send file through non-Unix connection")

 		}

-		unixConn.WriteMsgUnix([]byte{}, rights, nil)

+		_, _, err = unixConn.WriteMsgUnix([]byte{}, rights, nil)

+		if err != nil {

+			return journalError(err.Error())

+		}

 	} else if err != nil {

 		return journalError(err.Error())

 	}

@@ -165,7 +168,7 @@ func tempFd() (*os.File, error) {

 	if err != nil {

 		return nil, err

 	}

-	syscall.Unlink(file.Name())

+	err = syscall.Unlink(file.Name())

 	if err != nil {

 		return nil, err

 	}