[systemd] Fix syslog, fix systemd user session pam config

30 files changed, 285 insertions, 55 deletions

diff --git a/core/modules/systemd/data/etc/pam.d/systemd-user b/core/modules/systemd/data/etc/pam.d/systemd-user
new file mode 100644
index 00000000..a8d4ce36
--- /dev/null
+++ b/core/modules/systemd/data/etc/pam.d/systemd-user
@@ -0,0 +1,12 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+@include common-account
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+@include common-session-noninteractive
+session optional pam_systemd.so
+
diff --git a/core/modules/systemd/data/etc/systemd/journald.conf b/core/modules/systemd/data/etc/systemd/journald.conf
new file mode 100644
index 00000000..80ddb673
--- /dev/null
+++ b/core/modules/systemd/data/etc/systemd/journald.conf
@@ -0,0 +1,41 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See journald.conf(5) for details.
+
+[Journal]
+#Storage=auto
+#Compress=yes
+#Seal=yes
+#SplitMode=uid
+#SyncIntervalSec=5m
+#RateLimitIntervalSec=30s
+#RateLimitBurst=1000
+#SystemMaxUse=
+#SystemKeepFree=
+#SystemMaxFileSize=
+#SystemMaxFiles=100
+RuntimeMaxUse=20M
+#RuntimeKeepFree=
+#RuntimeMaxFileSize=
+#RuntimeMaxFiles=100
+#MaxRetentionSec=
+#MaxFileSec=1month
+ForwardToSyslog=yes
+#ForwardToKMsg=no
+#ForwardToConsole=no
+#ForwardToWall=yes
+#TTYPath=/dev/console
+#MaxLevelStore=debug
+#MaxLevelSyslog=debug
+#MaxLevelKMsg=notice
+#MaxLevelConsole=info
+#MaxLevelWall=emerg
diff --git a/core/modules/systemd/data/etc/systemd/logind.conf b/core/modules/systemd/data/etc/systemd/logind.conf
new file mode 100644
index 00000000..eda23484
--- /dev/null
+++ b/core/modules/systemd/data/etc/systemd/logind.conf
@@ -0,0 +1,37 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See logind.conf(5) for details.
+
+[Login]
+#NAutoVTs=6
+#ReserveVT=6
+KillUserProcesses=yes
+#KillOnlyUsers=
+#KillExcludeUsers=root
+#InhibitDelayMaxSec=5
+HandlePowerKey=poweroff
+#HandleSuspendKey=suspend
+#HandleHibernateKey=hibernate
+#HandleLidSwitch=suspend
+#HandleLidSwitchDocked=ignore
+#PowerKeyIgnoreInhibited=no
+#SuspendKeyIgnoreInhibited=no
+#HibernateKeyIgnoreInhibited=no
+#LidSwitchIgnoreInhibited=yes
+#HoldoffTimeoutSec=30s
+IdleAction=ignore
+#IdleActionSec=30min
+RuntimeDirectorySize=5%
+#RemoveIPC=yes
+#InhibitorsMax=8192
+#SessionsMax=8192
+#UserTasksMax=33%
diff --git a/core/modules/systemd/data/etc/systemd/system.conf b/core/modules/systemd/data/etc/systemd/system.conf
new file mode 100644
index 00000000..7efc9b25
--- /dev/null
+++ b/core/modules/systemd/data/etc/systemd/system.conf
@@ -0,0 +1,62 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See systemd-system.conf(5) for details.
+
+[Manager]
+#LogLevel=info
+#LogTarget=journal-or-kmsg
+#LogColor=yes
+#LogLocation=no
+#DumpCore=yes
+#ShowStatus=yes
+#CrashChangeVT=no
+#CrashShell=no
+#CrashReboot=no
+CtrlAltDelBurstAction=reboot-force
+#CPUAffinity=1 2
+#JoinControllers=cpu,cpuacct net_cls,net_prio
+#RuntimeWatchdogSec=0
+#ShutdownWatchdogSec=10min
+#CapabilityBoundingSet=
+#SystemCallArchitectures=
+#TimerSlackNSec=
+#DefaultTimerAccuracySec=1min
+#DefaultStandardOutput=journal
+#DefaultStandardError=inherit
+#DefaultTimeoutStartSec=90s
+#DefaultTimeoutStopSec=90s
+#DefaultRestartSec=100ms
+#DefaultStartLimitIntervalSec=10s
+#DefaultStartLimitBurst=5
+#DefaultEnvironment=
+#DefaultCPUAccounting=no
+#DefaultIOAccounting=no
+#DefaultBlockIOAccounting=no
+#DefaultMemoryAccounting=no
+#DefaultTasksAccounting=yes
+#DefaultTasksMax=15%
+#DefaultLimitCPU=
+#DefaultLimitFSIZE=
+#DefaultLimitDATA=
+#DefaultLimitSTACK=
+#DefaultLimitCORE=
+#DefaultLimitRSS=
+#DefaultLimitNOFILE=
+#DefaultLimitAS=
+#DefaultLimitNPROC=
+#DefaultLimitMEMLOCK=
+#DefaultLimitLOCKS=
+#DefaultLimitSIGPENDING=
+#DefaultLimitMSGQUEUE=
+#DefaultLimitNICE=
+#DefaultLimitRTPRIO=
+#DefaultLimitRTTIME=
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/console-getty.service b/core/modules/systemd/data/usr/lib/systemd/system/console-getty.service
index 74a220e2..5c9c01c7 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/console-getty.service
+++ b/core/modules/systemd/data/usr/lib/systemd/system/console-getty.service
@@ -9,11 +9,15 @@
 Description=Console Getty
 Documentation=man:agetty(8)
 After=systemd-user-sessions.service plymouth-quit-wait.service
+ConditionPathExists=/dev/console
 After=rc-local.service
 Before=getty.target
 
 [Service]
-ExecStart=-/sbin/agetty --noclear -s console 115200,38400,9600
+# The '-o' option value tells agetty to replace 'login' arguments with an
+# option to preserve environment (-p), followed by '--' for safety, and then
+# the entered username.
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM
 Type=idle
 Restart=always
 RestartSec=0
@@ -23,10 +27,7 @@ TTYReset=yes
 TTYVHangup=yes
 KillMode=process
 IgnoreSIGPIPE=no
-
-# Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash
-# terminates cleanly.
-KillSignal=SIGHUP
+SendSIGHUP=yes
 
 [Install]
 WantedBy=getty.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/dev-hugepages.mount b/core/modules/systemd/data/usr/lib/systemd/system/dev-hugepages.mount
index d711faed..86ad7ac2 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/dev-hugepages.mount
+++ b/core/modules/systemd/data/usr/lib/systemd/system/dev-hugepages.mount
@@ -8,10 +8,12 @@
 [Unit]
 Description=Huge Pages File System
 Documentation=https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt
-Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
+Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
 DefaultDependencies=no
 Before=sysinit.target
 ConditionPathExists=/sys/kernel/mm/hugepages
+ConditionCapability=CAP_SYS_ADMIN
+ConditionVirtualization=!private-users
 
 [Mount]
 What=hugetlbfs
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/dev-mqueue.mount b/core/modules/systemd/data/usr/lib/systemd/system/dev-mqueue.mount
index 5c11ca7d..b2adfeb8 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/dev-mqueue.mount
+++ b/core/modules/systemd/data/usr/lib/systemd/system/dev-mqueue.mount
@@ -8,10 +8,11 @@
 [Unit]
 Description=POSIX Message Queue File System
 Documentation=man:mq_overview(7)
-Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
+Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
 DefaultDependencies=no
 Before=sysinit.target
 ConditionPathExists=/proc/sys/fs/mqueue
+ConditionCapability=CAP_SYS_ADMIN
 
 [Mount]
 What=mqueue
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/emergency.service b/core/modules/systemd/data/usr/lib/systemd/system/emergency.service
index 72fcff2d..9f7db1db 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/emergency.service
+++ b/core/modules/systemd/data/usr/lib/systemd/system/emergency.service
@@ -10,22 +10,18 @@ Description=Emergency Shell
 Documentation=man:sulogin(8)
 DefaultDependencies=no
 Conflicts=shutdown.target
+Conflicts=rescue.service
+Conflicts=syslog.socket
 Before=shutdown.target
 
 [Service]
 Environment=HOME=/root
-WorkingDirectory=/root
-ExecStartPre=-/bin/plymouth quit
-ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
-ExecStart=-/sbin/sulogin
-ExecStopPost=/usr/bin/systemctl --fail --no-block default
+WorkingDirectory=-/root
+ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
 Type=idle
 StandardInput=tty-force
 StandardOutput=inherit
 StandardError=inherit
 KillMode=process
 IgnoreSIGPIPE=no
-
-# Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash
-# terminates cleanly.
-KillSignal=SIGHUP
+SendSIGHUP=yes
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/final.target b/core/modules/systemd/data/usr/lib/systemd/system/final.target
index c7cf18e0..42819105 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/final.target
+++ b/core/modules/systemd/data/usr/lib/systemd/system/final.target
@@ -10,4 +10,4 @@ Description=Final Step
 Documentation=man:systemd.special(7)
 DefaultDependencies=no
 RefuseManualStart=yes
-After=shutdown.target 
+After=shutdown.target umount.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/graphical.target b/core/modules/systemd/data/usr/lib/systemd/system/graphical.target
index 65f2521d..87be97e1 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/graphical.target
+++ b/core/modules/systemd/data/usr/lib/systemd/system/graphical.target
@@ -9,10 +9,7 @@
 Description=Graphical Interface
 Documentation=man:systemd.special(7)
 Requires=multi-user.target
-After=multi-user.target
-Conflicts=rescue.target
 Wants=display-manager.service
+Conflicts=rescue.service rescue.target
+After=multi-user.target rescue.service rescue.target display-manager.service
 AllowIsolate=yes
-
-[Install]
-Alias=default.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/network-online.target b/core/modules/systemd/data/usr/lib/systemd/system/network-online.target
index a40c44c9..5130d8c5 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/network-online.target
+++ b/core/modules/systemd/data/usr/lib/systemd/system/network-online.target
@@ -8,4 +8,5 @@
 [Unit]
 Description=Network is Online
 Documentation=man:systemd.special(7)
-Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
+Documentation=https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
+After=network.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/poweroff.target b/core/modules/systemd/data/usr/lib/systemd/system/poweroff.target
index 71871033..dd92d816 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/poweroff.target
+++ b/core/modules/systemd/data/usr/lib/systemd/system/poweroff.target
@@ -12,6 +12,8 @@ DefaultDependencies=no
 Requires=systemd-poweroff.service
 After=systemd-poweroff.service
 AllowIsolate=yes
+JobTimeoutSec=30min
+JobTimeoutAction=poweroff-force
 
 [Install]
 Alias=ctrl-alt-del.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount b/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount
index 6be38937..1067bcd8 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount
+++ b/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount
@@ -7,8 +7,8 @@
 
 [Unit]
 Description=Arbitrary Executable File Formats File System Automount Point
-Documentation=https://www.kernel.org/doc/Documentation/binfmt_misc.txt
-Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
+Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html
+Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
 DefaultDependencies=no
 Before=sysinit.target
 ConditionPathExists=/proc/sys/fs/binfmt_misc/
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount b/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount
index 8c7c3863..27773cd4 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount
+++ b/core/modules/systemd/data/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount
@@ -7,8 +7,8 @@
 
 [Unit]
 Description=Arbitrary Executable File Formats File System
-Documentation=https://www.kernel.org/doc/Documentation/binfmt_misc.txt
-Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
+Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html
+Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
 DefaultDependencies=no
 
 [Mount]
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/reboot.target b/core/modules/systemd/data/usr/lib/systemd/system/reboot.target
index dec8f567..668b98d9 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/reboot.target
+++ b/core/modules/systemd/data/usr/lib/systemd/system/reboot.target
@@ -12,6 +12,8 @@ DefaultDependencies=no
 Requires=systemd-reboot.service
 After=systemd-reboot.service
 AllowIsolate=yes
+JobTimeoutSec=30min
+JobTimeoutAction=reboot-force
 
 [Install]
 Alias=ctrl-alt-del.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/remote-fs.target b/core/modules/systemd/data/usr/lib/systemd/system/remote-fs.target
index 0821987d..43ffa5c1 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/remote-fs.target
+++ b/core/modules/systemd/data/usr/lib/systemd/system/remote-fs.target
@@ -1,3 +1,16 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
 [Unit]
-Description=Remote File Systems Impostor
+Description=Remote File Systems
+Documentation=man:systemd.special(7)
+After=remote-fs-pre.target
+DefaultDependencies=no
+Conflicts=shutdown.target
 
+[Install]
+WantedBy=multi-user.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/serial-getty@.service b/core/modules/systemd/data/usr/lib/systemd/system/serial-getty@.service
index 5f289500..fb7b6e78 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/serial-getty@.service
+++ b/core/modules/systemd/data/usr/lib/systemd/system/serial-getty@.service
@@ -19,18 +19,26 @@ After=rc-local.service
 Before=getty.target
 IgnoreOnIsolate=yes
 
+# IgnoreOnIsolate causes issues with sulogin, if someone isolates
+# rescue.target or starts rescue.service from multi-user.target or
+# graphical.target.
+Conflicts=rescue.service
+Before=rescue.service
+
 [Service]
-ExecStart=-/sbin/agetty -s %I 115200,38400,9600 vt102
+# The '-o' option value tells agetty to replace 'login' arguments with an
+# option to preserve environment (-p), followed by '--' for safety, and then
+# the entered username.
+ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,38400,9600 %I $TERM
 Type=idle
 Restart=always
-RestartSec=0
 UtmpIdentifier=%I
 TTYPath=/dev/%I
 TTYReset=yes
 TTYVHangup=yes
 KillMode=process
 IgnoreSIGPIPE=no
+SendSIGHUP=yes
 
-# Some login implementations ignore SIGTERM, so we send SIGHUP
-# instead, to ensure that login terminates cleanly.
-KillSignal=SIGHUP
+[Install]
+WantedBy=getty.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket b/core/modules/systemd/data/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket
new file mode 120000
index 00000000..b7cca50f
--- /dev/null
+++ b/core/modules/systemd/data/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket
@@ -0,0 +1 @@
+../systemd-journald-dev-log.socket
\ No newline at end of file
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/sys-fs-fuse-connections.mount b/core/modules/systemd/data/usr/lib/systemd/system/sys-fs-fuse-connections.mount
index ebd93e2c..492ceb16 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/sys-fs-fuse-connections.mount
+++ b/core/modules/systemd/data/usr/lib/systemd/system/sys-fs-fuse-connections.mount
@@ -8,9 +8,11 @@
 [Unit]
 Description=FUSE Control File System
 Documentation=https://www.kernel.org/doc/Documentation/filesystems/fuse.txt
-Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
+Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
 DefaultDependencies=no
 ConditionPathExists=/sys/fs/fuse/connections
+ConditionCapability=CAP_SYS_ADMIN
+ConditionVirtualization=!private-users
 After=systemd-modules-load.service
 Before=sysinit.target
 
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/sys-kernel-config.mount b/core/modules/systemd/data/usr/lib/systemd/system/sys-kernel-config.mount
index 020101c0..b585f325 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/sys-kernel-config.mount
+++ b/core/modules/systemd/data/usr/lib/systemd/system/sys-kernel-config.mount
@@ -6,11 +6,12 @@
 #  (at your option) any later version.
 
 [Unit]
-Description=Configuration File System
+Description=Kernel Configuration File System
 Documentation=https://www.kernel.org/doc/Documentation/filesystems/configfs/configfs.txt
-Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
+Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
 DefaultDependencies=no
 ConditionPathExists=/sys/kernel/config
+ConditionCapability=CAP_SYS_RAWIO
 After=systemd-modules-load.service
 Before=sysinit.target
 
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/sysinit.target b/core/modules/systemd/data/usr/lib/systemd/system/sysinit.target
index ec6fbefc..ec335033 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/sysinit.target
+++ b/core/modules/systemd/data/usr/lib/systemd/system/sysinit.target
@@ -9,6 +9,5 @@
 Description=System Initialization
 Documentation=man:systemd.special(7)
 Conflicts=emergency.service emergency.target
-Wants= swap.target
-After= swap.target emergency.service emergency.target
-RefuseManualStart=yes
+Wants=local-fs.target swap.target
+After=local-fs.target swap.target emergency.service emergency.target
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-halt.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-halt.service
index a13d67c6..4bd1afb8 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-halt.service
+++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-halt.service
@@ -9,8 +9,8 @@
 Description=Halt
 Documentation=man:systemd-halt.service(8)
 DefaultDependencies=no
-Requires=shutdown.target final.target
-After=shutdown.target final.target
+Requires=shutdown.target umount.target final.target
+After=shutdown.target umount.target final.target
 
 [Service]
 Type=oneshot
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-journal-flush.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-journal-flush.service
new file mode 100644
index 00000000..74342665
--- /dev/null
+++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-journal-flush.service
@@ -0,0 +1,22 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Flush Journal to Persistent Storage
+Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+DefaultDependencies=no
+Requires=systemd-journald.service
+After=systemd-journald.service
+After=systemd-remount-fs.service
+Before=systemd-user-sessions.service systemd-tmpfiles-setup.service
+RequiresMountsFor=/var/log/journal
+
+[Service]
+ExecStart=/usr/bin/journalctl --flush
+Type=oneshot
+RemainAfterExit=yes
+TimeoutSec=90s
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-journald-dev-log.socket b/core/modules/systemd/data/usr/lib/systemd/system/systemd-journald-dev-log.socket
new file mode 100644
index 00000000..ffd44bb5
--- /dev/null
+++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-journald-dev-log.socket
@@ -0,0 +1,32 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Journal Socket (/dev/log)
+Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+DefaultDependencies=no
+Before=sockets.target
+
+# Mount and swap units need this. If this socket unit is removed by an
+# isolate request the mount and swap units would be removed too,
+# hence let's exclude this from isolate requests.
+IgnoreOnIsolate=yes
+
+[Socket]
+Service=systemd-journald.service
+ListenDatagram=/run/systemd/journal/dev-log
+Symlinks=/dev/log
+SocketMode=0666
+PassCredentials=yes
+PassSecurity=yes
+
+# Increase both the send and receive buffer, so that things don't
+# block early. Note that journald internally uses the this socket both
+# for receiving syslog messages, and for forwarding them to any other
+# syslog, hence we bump both values.
+ReceiveBuffer=8M
+SendBuffer=8M
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-modules-load.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-modules-load.service
index 3ff810f7..0f1a8521 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-modules-load.service
+++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-modules-load.service
@@ -10,7 +10,6 @@ Description=Load Kernel Modules
 Documentation=man:systemd-modules-load.service(8) man:modules-load.d(5)
 DefaultDependencies=no
 Conflicts=shutdown.target
-After= 
 Before=sysinit.target shutdown.target
 ConditionCapability=CAP_SYS_MODULE
 ConditionDirectoryNotEmpty=|/lib/modules-load.d
@@ -25,3 +24,4 @@ ConditionKernelCommandLine=|rd.modules-load
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-modules-load
+TimeoutSec=90s
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-reboot.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-reboot.service
index b2d27c8e..49acabc9 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-reboot.service
+++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-reboot.service
@@ -9,8 +9,8 @@
 Description=Reboot
 Documentation=man:systemd-halt.service(8)
 DefaultDependencies=no
-Requires=shutdown.target final.target
-After=shutdown.target final.target
+Requires=shutdown.target umount.target final.target
+After=shutdown.target umount.target final.target
 
 [Service]
 Type=oneshot
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-sysctl.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-sysctl.service
index 46e2475e..1a150fd6 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-sysctl.service
+++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-sysctl.service
@@ -10,17 +10,12 @@ Description=Apply Kernel Variables
 Documentation=man:systemd-sysctl.service(8) man:sysctl.d(5)
 DefaultDependencies=no
 Conflicts=shutdown.target
-After= 
+After=systemd-modules-load.service
 Before=sysinit.target shutdown.target
-ConditionPathIsReadWrite=/proc/sys/
-ConditionPathExists=|/etc/sysctl.conf
-ConditionDirectoryNotEmpty=|/lib/sysctl.d
-ConditionDirectoryNotEmpty=|/usr/lib/sysctl.d
-ConditionDirectoryNotEmpty=|/usr/local/lib/sysctl.d
-ConditionDirectoryNotEmpty=|/etc/sysctl.d
-ConditionDirectoryNotEmpty=|/run/sysctl.d
+ConditionPathIsReadWrite=/proc/sys/net/
 
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-sysctl
+TimeoutSec=90s
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-udevd-kernel.socket b/core/modules/systemd/data/usr/lib/systemd/system/systemd-udevd-kernel.socket
index 4b8a5b0f..1a162069 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-udevd-kernel.socket
+++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-udevd-kernel.socket
@@ -10,10 +10,10 @@ Description=udev Kernel Socket
 Documentation=man:systemd-udevd.service(8) man:udev(7)
 DefaultDependencies=no
 Before=sockets.target
-ConditionCapability=CAP_MKNOD
+ConditionPathIsReadWrite=/sys
 
 [Socket]
 Service=systemd-udevd.service
-ReceiveBuffer=134217728
+ReceiveBuffer=128M
 ListenNetlink=kobject-uevent 1
 PassCredentials=yes
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/systemd-user-sessions.service b/core/modules/systemd/data/usr/lib/systemd/system/systemd-user-sessions.service
index 9226e3ea..612c3a0b 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/systemd-user-sessions.service
+++ b/core/modules/systemd/data/usr/lib/systemd/system/systemd-user-sessions.service
@@ -8,7 +8,7 @@
 [Unit]
 Description=Permit User Sessions
 Documentation=man:systemd-user-sessions.service(8)
-After= 
+After=remote-fs.target nss-user-lookup.target network.target
 
 [Service]
 Type=oneshot
diff --git a/core/modules/systemd/data/usr/lib/systemd/system/timers.target b/core/modules/systemd/data/usr/lib/systemd/system/timers.target
index 07fda3d9..251fa680 100644
--- a/core/modules/systemd/data/usr/lib/systemd/system/timers.target
+++ b/core/modules/systemd/data/usr/lib/systemd/system/timers.target
@@ -8,3 +8,6 @@
 [Unit]
 Description=Timers
 Documentation=man:systemd.special(7)
+
+DefaultDependencies=no
+Conflicts=shutdown.target