diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/211-tmpfiles.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/211-tmpfiles.patch
new file mode 100644
index 0000000000..888fa572a7
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/211-tmpfiles.patch
@@ -0,0 +1,12 @@
+diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
+index 7c6d6b9099b9..1aeb5e40f1ee 100644
+--- a/tmpfiles.d/systemd.conf
++++ b/tmpfiles.d/systemd.conf
+@@ -24,5 +24,7 @@ d /run/systemd/shutdown 0755 root root -
+ 
+ m /var/log/journal 2755 root systemd-journal - -
+ m /var/log/journal/%m 2755 root systemd-journal - -
++m /var/log/journal/%m/system.journal 2755 root systemd-journal - -
+ m /run/log/journal 2755 root systemd-journal - -
+ m /run/log/journal/%m 2755 root systemd-journal - -
++m /run/log/journal/%m/system.journal 2755 root systemd-journal - -
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch
new file mode 100644
index 0000000000..780a171850
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch
@@ -0,0 +1,32 @@
+From ef1a79119cc9cdeef03af17795e6a05459a0f3af Mon Sep 17 00:00:00 2001
+From: Steven Siloti <ssiloti@gmail.com>
+Date: Sun, 30 Mar 2014 21:20:26 -0700
+Subject: [PATCH] sd-rtnl: fix off-by-one
+To: systemd-devel@lists.freedesktop.org
+
+Also fix type parameter passed to new0
+---
+ src/libsystemd/sd-rtnl/rtnl-message.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
+index 84a8ffa..97ace2a 100644
+--- a/src/libsystemd/sd-rtnl/rtnl-message.c
++++ b/src/libsystemd/sd-rtnl/rtnl-message.c
+@@ -1073,11 +1073,11 @@ int rtnl_message_parse(sd_rtnl_message *m,
+         unsigned short type;
+         size_t *tb;
+ 
+-        tb = (size_t *) new0(size_t *, max);
++        tb = new0(size_t, max + 1);
+         if(!tb)
+                 return -ENOMEM;
+ 
+-        *rta_tb_size = max;
++        *rta_tb_size = max + 1;
+ 
+         for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) {
+                 type = rta->rta_type;
+-- 
+1.9.1
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
new file mode 100644
index 0000000000..04307bffdc
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
@@ -0,0 +1,35 @@
+From ff790a30ceae4e64249544f9719f78c385308f67 Mon Sep 17 00:00:00 2001
+From: Brandon Philips <brandon@ifup.co>
+Date: Fri, 25 Apr 2014 09:31:59 -0600
+Subject: [PATCH 2/4] job: add waiting jobs to run queue in unit_coldplug
+
+When we have job installed and added to run queue for service which is
+still in dead state and systemd initiates reload then after reload we
+never add deserialized job to the run queue again. This is caused by
+check in service_coldplug() where we check if deserialized state is
+something else than dead state, which is not the case thus we never call
+service_set_state() and finally unit_notify() where we would have added
+job to the run queue.
+
+Thanks to Michal Sekletar <msekleta@redhat.com> for the original patch.
+---
+ src/core/job.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/core/job.c b/src/core/job.c
+index 35a9de6..835cfe1 100644
+--- a/src/core/job.c
++++ b/src/core/job.c
+@@ -1066,6 +1066,9 @@ int job_coldplug(Job *j) {
+         if (j->timer_event_source)
+                 j->timer_event_source = sd_event_source_unref(j->timer_event_source);
+ 
++        if (j->state == JOB_WAITING)
++                job_add_to_run_queue(j);
++
+         r = sd_event_add_time(
+                         j->manager->event,
+                         &j->timer_event_source,
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch
new file mode 100644
index 0000000000..ea0e62f488
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch
@@ -0,0 +1,39 @@
+From 05728416aba07cf66e6933e65c5c076643a1d62b Mon Sep 17 00:00:00 2001
+From: Michael Marineau <michael.marineau@coreos.com>
+Date: Mon, 12 May 2014 09:26:16 +0200
+Subject: [PATCH 3/4] job: always add waiting jobs to run queue during coldplug
+
+commit 20a83d7bf was not equivalent to the original bug fix proposed by
+Michal Sekletar <msekleta@redhat.com>. The committed version only added
+the job to the run queue if the job had a timeout, which most jobs do
+not have. Just re-ordering the code gets us the intended functionality
+---
+ src/core/job.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/job.c b/src/core/job.c
+index 835cfe1..dc4f441 100644
+--- a/src/core/job.c
++++ b/src/core/job.c
+@@ -1060,15 +1060,15 @@ int job_coldplug(Job *j) {
+         if (r < 0)
+                 return r;
+ 
++        if (j->state == JOB_WAITING)
++                job_add_to_run_queue(j);
++
+         if (j->begin_usec == 0 || j->unit->job_timeout == 0)
+                 return 0;
+ 
+         if (j->timer_event_source)
+                 j->timer_event_source = sd_event_source_unref(j->timer_event_source);
+ 
+-        if (j->state == JOB_WAITING)
+-                job_add_to_run_queue(j);
+-
+         r = sd_event_add_time(
+                         j->manager->event,
+                         &j->timer_event_source,
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch
new file mode 100644
index 0000000000..33c7215853
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch
@@ -0,0 +1,118 @@
+From fb7fe351e092bb591a6fc24c76fd4a8effec644d Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 16 May 2014 01:15:03 +0200
+Subject: [PATCH 4/4] core: make sure to serialize jobs for all units
+
+Previously we wouldn't serialize jobs for units that themselves have
+nothing to serialize.
+
+http://lists.freedesktop.org/archives/systemd-devel/2014-May/019051.html
+---
+ src/core/manager.c |  3 ---
+ src/core/unit.c    | 43 +++++++++++++++++++++----------------------
+ 2 files changed, 21 insertions(+), 25 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 224106c..0b91db3 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -2129,9 +2129,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
+                 if (u->id != t)
+                         continue;
+ 
+-                if (!unit_can_serialize(u))
+-                        continue;
+-
+                 /* Start marker */
+                 fputs(u->id, f);
+                 fputc('\n', f);
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 153b79b..9147686 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -2287,25 +2287,25 @@ bool unit_can_serialize(Unit *u) {
+ }
+ 
+ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
+-        ExecRuntime *rt;
+         int r;
+ 
+         assert(u);
+         assert(f);
+         assert(fds);
+ 
+-        if (!unit_can_serialize(u))
+-                return 0;
+-
+-        r = UNIT_VTABLE(u)->serialize(u, f, fds);
+-        if (r < 0)
+-                return r;
++        if (unit_can_serialize(u)) {
++                ExecRuntime *rt;
+ 
+-        rt = unit_get_exec_runtime(u);
+-        if (rt) {
+-                r = exec_runtime_serialize(rt, u, f, fds);
++                r = UNIT_VTABLE(u)->serialize(u, f, fds);
+                 if (r < 0)
+                         return r;
++
++                rt = unit_get_exec_runtime(u);
++                if (rt) {
++                        r = exec_runtime_serialize(rt, u, f, fds);
++                        if (r < 0)
++                                return r;
++                }
+         }
+ 
+         dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp);
+@@ -2367,17 +2367,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) {
+ }
+ 
+ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
+-        size_t offset;
+         ExecRuntime **rt = NULL;
++        size_t offset;
+         int r;
+ 
+         assert(u);
+         assert(f);
+         assert(fds);
+ 
+-        if (!unit_can_serialize(u))
+-                return 0;
+-
+         offset = UNIT_VTABLE(u)->exec_runtime_offset;
+         if (offset > 0)
+                 rt = (ExecRuntime**) ((uint8_t*) u + offset);
+@@ -2494,17 +2491,19 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
+                         continue;
+                 }
+ 
+-                if (rt) {
+-                        r = exec_runtime_deserialize_item(rt, u, l, v, fds);
++                if (unit_can_serialize(u)) {
++                        if (rt) {
++                                r = exec_runtime_deserialize_item(rt, u, l, v, fds);
++                                if (r < 0)
++                                        return r;
++                                if (r > 0)
++                                        continue;
++                        }
++
++                        r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
+                         if (r < 0)
+                                 return r;
+-                        if (r > 0)
+-                                continue;
+                 }
+-
+-                r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
+-                if (r < 0)
+-                        return r;
+         }
+ }
+ 
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch
new file mode 100644
index 0000000000..c2d877e1e8
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch
@@ -0,0 +1,73 @@
+From 92b626e34454aa14b51a9b21a1e885806c10d2fb Mon Sep 17 00:00:00 2001
+From: Michael Marineau <michael.marineau@coreos.com>
+Date: Fri, 16 May 2014 16:03:38 -0700
+Subject: [PATCH 5/5] conf-parser: silently ignore sections starting with "X-"
+
+This allows external tools to keep additional unit information in a
+separate section without scaring users with a big warning.
+---
+ src/shared/conf-parser.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
+index d27b1b7..062b15b 100644
+--- a/src/shared/conf-parser.c
++++ b/src/shared/conf-parser.c
+@@ -204,6 +204,7 @@ static int parse_line(const char* unit,
+                       bool allow_include,
+                       char **section,
+                       unsigned *section_line,
++                      bool *section_ignored,
+                       char *l,
+                       void *userdata) {
+ 
+@@ -266,7 +267,7 @@ static int parse_line(const char* unit,
+ 
+                 if (sections && !nulstr_contains(sections, n)) {
+ 
+-                        if (!relaxed)
++                        if (!relaxed && !startswith(n, "X-"))
+                                 log_syntax(unit, LOG_WARNING, filename, line, EINVAL,
+                                            "Unknown section '%s'. Ignoring.", n);
+ 
+@@ -274,10 +275,12 @@ static int parse_line(const char* unit,
+                         free(*section);
+                         *section = NULL;
+                         *section_line = 0;
++                        *section_ignored = true;
+                 } else {
+                         free(*section);
+                         *section = n;
+                         *section_line = line;
++                        *section_ignored = false;
+                 }
+ 
+                 return 0;
+@@ -285,7 +288,7 @@ static int parse_line(const char* unit,
+ 
+         if (sections && !*section) {
+ 
+-                if (!relaxed)
++                if (!relaxed && !*section_ignored)
+                         log_syntax(unit, LOG_WARNING, filename, line, EINVAL,
+                                    "Assignment outside of section. Ignoring.");
+ 
+@@ -328,6 +331,7 @@ int config_parse(const char *unit,
+         _cleanup_free_ char *section = NULL, *continuation = NULL;
+         _cleanup_fclose_ FILE *ours = NULL;
+         unsigned line = 0, section_line = 0;
++        bool section_ignored = false;
+         int r;
+ 
+         assert(filename);
+@@ -399,6 +403,7 @@ int config_parse(const char *unit,
+                                allow_include,
+                                &section,
+                                &section_line,
++                               &section_ignored,
+                                p,
+                                userdata);
+                 free(c);
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/214-0001-shared-fix-searching-for-configs-in-alternate-roots.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/214-0001-shared-fix-searching-for-configs-in-alternate-roots.patch
new file mode 100644
index 0000000000..710e991688
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/214-0001-shared-fix-searching-for-configs-in-alternate-roots.patch
@@ -0,0 +1,169 @@
+From 7171a436771c02a75b6dd74b4ff9473d4d831e70 Mon Sep 17 00:00:00 2001
+From: Michael Marineau <michael.marineau@coreos.com>
+Date: Thu, 29 May 2014 10:59:42 -0700
+Subject: [PATCH] shared: fix searching for configs in alternate roots
+
+Commit 12ed81d9 changed path_strv_canonicalize_absolute's behavior to
+return a directory list without the root prefix if one was given but did
+not update other users of the function to the new behavior. This broke
+the --root option in systemd-tmpfiles, a regression in v213.
+
+To better reflect that path_strv_canonicalize_absolute does not return
+fully resolved paths any more as canonicalize may imply it is now simply
+called path_strv_cleanup.
+---
+ src/shared/conf-files.c  | 18 +++++++++++++-----
+ src/shared/path-lookup.c |  6 +++---
+ src/shared/path-util.c   |  6 +++---
+ src/shared/path-util.h   |  4 ++--
+ src/shared/util.c        |  7 +++++--
+ 5 files changed, 26 insertions(+), 15 deletions(-)
+
+diff --git a/src/shared/conf-files.c b/src/shared/conf-files.c
+index 5201782..6f1dc7f 100644
+--- a/src/shared/conf-files.c
++++ b/src/shared/conf-files.c
+@@ -37,10 +37,18 @@
+ #include "hashmap.h"
+ #include "conf-files.h"
+ 
+-static int files_add(Hashmap *h, const char *dirpath, const char *suffix) {
++static int files_add(Hashmap *h, const char *dirpath, const char *suffix, const char *root) {
+         _cleanup_closedir_ DIR *dir = NULL;
++        _cleanup_free_ char *fullpath = NULL;
+ 
+-        dir = opendir(dirpath);
++        if (root)
++                fullpath = strappend(root, dirpath);
++        else
++                fullpath = strdup(dirpath);
++        if (!fullpath)
++                return -ENOMEM;
++
++        dir = opendir(fullpath);
+         if (!dir) {
+                 if (errno == ENOENT)
+                         return 0;
+@@ -63,7 +71,7 @@ static int files_add(Hashmap *h, const char *dirpath, const char *suffix) {
+                 if (!dirent_is_file_with_suffix(de, suffix))
+                         continue;
+ 
+-                p = strjoin(dirpath, "/", de->d_name, NULL);
++                p = strjoin(fullpath, "/", de->d_name, NULL);
+                 if (!p)
+                         return -ENOMEM;
+ 
+@@ -100,7 +108,7 @@ static int conf_files_list_strv_internal(char ***strv, const char *suffix, const
+         assert(suffix);
+ 
+         /* This alters the dirs string array */
+-        if (!path_strv_canonicalize_absolute_uniq(dirs, root))
++        if (!path_strv_cleanup_uniq(dirs, root))
+                 return -ENOMEM;
+ 
+         fh = hashmap_new(string_hash_func, string_compare_func);
+@@ -108,7 +116,7 @@ static int conf_files_list_strv_internal(char ***strv, const char *suffix, const
+                 return -ENOMEM;
+ 
+         STRV_FOREACH(p, dirs) {
+-                r = files_add(fh, *p, suffix);
++                r = files_add(fh, *p, suffix, root);
+                 if (r == -ENOMEM) {
+                         hashmap_free_free(fh);
+                         return r;
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index e072fd6..1a497f9 100644
+--- a/src/shared/path-lookup.c
++++ b/src/shared/path-lookup.c
+@@ -284,7 +284,7 @@ int lookup_paths_init(
+                 }
+         }
+ 
+-        if (!path_strv_canonicalize_absolute_uniq(p->unit_path, root_dir))
++        if (!path_strv_cleanup_uniq(p->unit_path, root_dir))
+                 return -ENOMEM;
+ 
+         if (!strv_isempty(p->unit_path)) {
+@@ -338,10 +338,10 @@ int lookup_paths_init(
+                                 return -ENOMEM;
+                 }
+ 
+-                if (!path_strv_canonicalize_absolute_uniq(p->sysvinit_path, root_dir))
++                if (!path_strv_cleanup_uniq(p->sysvinit_path, root_dir))
+                         return -ENOMEM;
+ 
+-                if (!path_strv_canonicalize_absolute_uniq(p->sysvrcnd_path, root_dir))
++                if (!path_strv_cleanup_uniq(p->sysvrcnd_path, root_dir))
+                         return -ENOMEM;
+ 
+                 if (!strv_isempty(p->sysvinit_path)) {
+diff --git a/src/shared/path-util.c b/src/shared/path-util.c
+index 5863429..37490be 100644
+--- a/src/shared/path-util.c
++++ b/src/shared/path-util.c
+@@ -238,7 +238,7 @@ char **path_strv_make_absolute_cwd(char **l) {
+         return l;
+ }
+ 
+-char **path_strv_canonicalize_absolute(char **l, const char *prefix) {
++char **path_strv_cleanup(char **l, const char *prefix) {
+         char **s;
+         unsigned k = 0;
+         bool enomem = false;
+@@ -323,12 +323,12 @@ char **path_strv_canonicalize_absolute(char **l, const char *prefix) {
+         return l;
+ }
+ 
+-char **path_strv_canonicalize_absolute_uniq(char **l, const char *prefix) {
++char **path_strv_cleanup_uniq(char **l, const char *prefix) {
+ 
+         if (strv_isempty(l))
+                 return l;
+ 
+-        if (!path_strv_canonicalize_absolute(l, prefix))
++        if (!path_strv_cleanup(l, prefix))
+                 return NULL;
+ 
+         return strv_uniq(l);
+diff --git a/src/shared/path-util.h b/src/shared/path-util.h
+index 6882d78..b523bcc 100644
+--- a/src/shared/path-util.h
++++ b/src/shared/path-util.h
+@@ -47,8 +47,8 @@ char* path_startswith(const char *path, const char *prefix) _pure_;
+ bool path_equal(const char *a, const char *b) _pure_;
+ 
+ char** path_strv_make_absolute_cwd(char **l);
+-char** path_strv_canonicalize_absolute(char **l, const char *prefix);
+-char** path_strv_canonicalize_absolute_uniq(char **l, const char *prefix);
++char** path_strv_cleanup(char **l, const char *prefix);
++char** path_strv_cleanup_uniq(char **l, const char *prefix);
+ 
+ int path_is_mount_point(const char *path, bool allow_symlink);
+ int path_is_read_only_fs(const char *path);
+diff --git a/src/shared/util.c b/src/shared/util.c
+index 91cbf20..429a775 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -5691,14 +5691,17 @@ static int search_and_fopen_internal(const char *path, const char *mode, const c
+         assert(mode);
+         assert(_f);
+ 
+-        if (!path_strv_canonicalize_absolute_uniq(search, root))
++        if (!path_strv_cleanup_uniq(search, root))
+                 return -ENOMEM;
+ 
+         STRV_FOREACH(i, search) {
+                 _cleanup_free_ char *p = NULL;
+                 FILE *f;
+ 
+-                p = strjoin(*i, "/", path, NULL);
++                if (root)
++                        p = strjoin(root, *i, "/", path, NULL);
++                else
++                        p = strjoin(*i, "/", path, NULL);
+                 if (!p)
+                         return -ENOMEM;
+ 
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r9.ebuild
new file mode 100644
index 0000000000..9b013b9153
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r9.ebuild
@@ -0,0 +1,503 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.103 2014/03/31 19:01:25 floppym Exp $
+
+EAPI=5
+
+if [[ ${PV} == 9999 ]]; then
+AUTOTOOLS_AUTORECONF=yes
+EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}
+	http://cgit.freedesktop.org/${PN}/${PN}/"
+
+inherit git-r3
+
+elif [[ ${PV} == *9999 ]]; then
+AUTOTOOLS_AUTORECONF=yes
+EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable
+	http://cgit.freedesktop.org/${PN}/${PN}-stable/"
+EGIT_BRANCH=v${PV%%.*}-stable
+
+inherit git-r3
+fi
+
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_2,3_3} )
+inherit autotools-utils bash-completion-r1 fcaps linux-info multilib \
+	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+	user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
+	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
+	test xattr"
+
+MINKV="3.0"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.20:0=
+	sys-libs/libcap:0=
+	acl? ( sys-apps/acl:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0= )
+	gudev? ( dev-libs/glib:2=[${MULTILIB_USEDEP}] )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0= )
+	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lzma? ( app-arch/xz-utils:0=[${MULTILIB_USEDEP}] )
+	pam? ( virtual/pam:= )
+	python? ( ${PYTHON_DEPS} )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.1:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	ssl? ( >=net-libs/gnutls-3.1.4:0= )
+	xattr? ( sys-apps/attr:0= )
+	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=sys-apps/baselayout-2.2
+	|| (
+		>=sys-apps/util-linux-2.22
+		<sys-apps/sysvinit-2.88-r4
+	)
+	!sys-auth/nss-myhostname
+	!<sys-libs/glibc-2.14
+	!sys-fs/udev"
+
+# sys-apps/daemon: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.6.8-r1:0
+	>=sys-apps/hwids-20130717-r1[udev]
+	policykit? ( sys-auth/polkit )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/intltool-0.50
+	>=sys-devel/binutils-2.23.1
+	>=sys-devel/gcc-4.6
+	>=sys-kernel/linux-headers-${MINKV}
+	ia64? ( >=sys-kernel/linux-headers-3.9 )
+	virtual/pkgconfig
+	doc? ( >=dev-util/gtk-doc-1.18 )
+	python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
+
+if [[ ${PV} == *9999 ]]; then
+DEPEND="${DEPEND}
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	dev-libs/gobject-introspection
+	>=dev-libs/libgcrypt-1.4.5:0"
+
+SRC_URI=
+KEYWORDS=
+fi
+
+src_prepare() {
+if [[ ${PV} == *9999 ]]; then
+	if use doc; then
+		gtkdocize --docdir docs/ || die
+	else
+		echo 'EXTRA_DIST =' > docs/gtk-doc.make
+	fi
+fi
+	# fix networkd crash, https://bugs.gentoo.org/show_bug.cgi?id=507044
+	epatch "${FILESDIR}"/212-0001-sd-rtnl-fix-off-by-one.patch
+
+	# fix stuck jobs after daemon-reload
+	epatch "${FILESDIR}"/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
+	epatch "${FILESDIR}"/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch
+
+	# fix broken device dependencies after daemon-reload
+	epatch "${FILESDIR}"/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch
+
+	# stop scaring all our users with warnings about "X-Fleet"
+	epatch "${FILESDIR}"/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch
+
+	# patch to make journald work at first boot
+	epatch "${FILESDIR}"/211-tmpfiles.patch
+
+	# Bug 463376
+	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
+
+	autotools-utils_src_prepare
+}
+
+pkg_pretend() {
+	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
+		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS
+		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD
+		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2
+		~!GRKERNSEC_PROC"
+
+	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+	use pam && CONFIG_CHECK+=" ~AUDITSYSCALL"
+	use xattr && CONFIG_CHECK+=" ~TMPFS_XATTR"
+	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+	use firmware-loader || CONFIG_CHECK+=" ~!FW_LOADER_USER_HELPER"
+
+	if linux_config_exists; then
+		local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+	fi
+
+	if [[ ${MERGE_TYPE} != binary ]]; then
+		if [[ $(gcc-major-version) -lt 4
+			|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
+		then
+			eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
+			eerror "gcc version using gcc-config."
+			die "systemd requires at least gcc 4.6"
+		fi
+	fi
+
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		if ! use firmware-loader && kernel_is -lt 3 8; then
+			ewarn "You seem to be using kernel older than 3.8. Those kernel versions"
+			ewarn "require systemd with USE=firmware-loader to support loading"
+			ewarn "firmware. Missing this flag may cause some hardware not to work."
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use python && python-single-r1_pkg_setup
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		# disable -flto since it is an optimization flag
+		# and makes distcc less effective
+		cc_cv_CFLAGS__flto=no
+
+		--with-pamconfdir=/usr/share/pam.d
+		--with-dbuspolicydir=/usr/share/dbus-1/system.d
+		--disable-maintainer-mode
+		--localstatedir=/var
+		--with-pamlibdir=$(getpam_mod_dir)
+		# avoid bash-completion dep
+		--with-bashcompletiondir="$(get_bashcompdir)"
+		# make sure we get /bin:/sbin in $PATH
+		--enable-split-usr
+		# disable sysv compatibility
+		--with-sysvinit-path=
+		--with-sysvrcnd-path=
+		# no deps
+		--enable-efi
+		--enable-ima
+		# optional components/dependencies
+		$(use_enable acl)
+		$(use_enable audit)
+		$(use_enable cryptsetup libcryptsetup)
+		$(use_enable doc gtk-doc)
+		$(use_enable gcrypt)
+		$(use_enable gudev)
+		$(use_enable http microhttpd)
+		$(use_enable introspection)
+		$(use_enable kdbus)
+		$(use_enable kmod)
+		$(use_enable lzma xz)
+		$(use_enable pam)
+		$(use_enable policykit polkit)
+		$(use_with python)
+		$(use_enable python python-devel)
+		$(use_enable qrcode qrencode)
+		$(use_enable seccomp)
+		$(use_enable selinux)
+		$(use_enable ssl gnutls)
+		$(use_enable test tests)
+		$(use_enable xattr)
+
+		# not supported (avoid automagic deps in the future)
+		--disable-chkconfig
+
+		# hardcode a few paths to spare some deps
+		QUOTAON=/usr/sbin/quotaon
+		QUOTACHECK=/usr/sbin/quotacheck
+	)
+
+	# Keep using the one where the rules were installed.
+	MY_UDEVDIR=$(get_udevdir)
+
+	if use firmware-loader; then
+		myeconfargs+=(
+			--with-firmware-path="/lib/firmware/updates:/lib/firmware"
+		)
+	fi
+
+	# Added for testing; this is UNSUPPORTED by the Gentoo systemd team!
+	if [[ -n ${ROOTPREFIX+set} ]]; then
+		myeconfargs+=(
+			--with-rootprefix="${ROOTPREFIX}"
+			--with-rootlibdir="${ROOTPREFIX}/$(get_libdir)"
+		)
+	fi
+
+	if ! multilib_is_native_abi; then
+		myeconfargs+=(
+			ac_cv_search_cap_init=
+			ac_cv_header_sys_capability_h=yes
+			DBUS_CFLAGS=' '
+			DBUS_LIBS=' '
+
+			--disable-acl
+			--disable-audit
+			--disable-gcrypt
+			--disable-gnutls
+			--disable-gtk-doc
+			--disable-introspection
+			--disable-kmod
+			--disable-libcryptsetup
+			--disable-microhttpd
+			--disable-networkd
+			--disable-pam
+			--disable-polkit
+			--disable-qrencode
+			--disable-seccomp
+			--disable-selinux
+			--disable-tests
+			--disable-xattr
+			--disable-xz
+			--disable-python-devel
+		)
+	fi
+
+	# Work around bug 463846.
+	tc-export CC
+
+	autotools-utils_src_configure
+}
+
+multilib_src_compile() {
+	local mymakeopts=(
+		udevlibexecdir="${MY_UDEVDIR}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}"
+	else
+		# prerequisites for gudev
+		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
+
+		echo 'gentoo: $(BUILT_SOURCES)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+	fi
+}
+
+multilib_src_test() {
+	multilib_is_native_abi || continue
+
+	default
+}
+
+multilib_src_install() {
+	local mymakeopts=(
+		# automake fails with parallel libtool relinking
+		# https://bugs.gentoo.org/show_bug.cgi?id=491398
+		-j1
+
+		udevlibexecdir="${MY_UDEVDIR}"
+		dist_udevhwdb_DATA=
+		DESTDIR="${D}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}" install
+	else
+		mymakeopts+=(
+			install-libLTLIBRARIES
+			install-pkgconfiglibDATA
+			install-includeHEADERS
+			# safe to call unconditionally, 'installs' empty list
+			install-libgudev_includeHEADERS
+			install-pkgincludeHEADERS
+		)
+
+		emake "${mymakeopts[@]}"
+	fi
+
+	# install compat pkg-config files
+	local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
+	emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
+		pkgconfiglib_DATA="${pcfiles[*]}"
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --modules
+	einstalldocs
+
+	# we just keep sysvinit tools, so no need for the mans
+	rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+		|| die
+	rm "${D}"/usr/share/man/man1/init.1 || die
+
+	# Disable storing coredumps in journald, bug #433457
+	mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
+
+	systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf
+	systemd_newtmpfilesd "${FILESDIR}"/213-systemd-resolv.conf systemd-resolv.conf
+
+	# Don't default to graphical.target
+	rm "${D}"/usr/lib/systemd/system/default.target || die
+	dosym multi-user.target /usr/lib/systemd/system/default.target
+
+	# Move a few services enabled in /etc to /usr
+	rm "${D}"/etc/systemd/system/getty.target.wants/getty@tty1.service || die
+	rmdir "${D}"/etc/systemd/system/getty.target.wants || die
+	dosym ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service
+
+	rm "${D}"/etc/systemd/system/multi-user.target.wants/remote-fs.target \
+		"${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service \
+		|| die
+	rmdir "${D}"/etc/systemd/system/multi-user.target.wants || die
+	systemd_enable_service multi-user.target remote-fs.target
+	systemd_enable_service multi-user.target systemd-networkd.service
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+	local locale_conf="${EROOT%/}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+migrate_net_name_slot() {
+	# If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
+	# do the same for 80-net-setup-link.rules to keep the old behavior
+	local net_move=no
+	local net_name_slot_sym=no
+	local net_rules_path="${EROOT%/}"/etc/udev/rules.d
+	local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
+	local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
+	if [[ -e ${net_setup_link} ]]; then
+		net_move=no
+	elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
+		net_move=yes
+	elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
+		net_move=yes
+		net_name_slot_sym=yes
+	fi
+	if [[ ${net_move} == yes ]]; then
+		ebegin "Copying ${net_name_slot} to ${net_setup_link}"
+
+		if [[ ${net_name_slot_sym} == yes ]]; then
+			ln -nfs /dev/null "${net_setup_link}"
+		else
+			cp "${net_name_slot}" "${net_setup_link}"
+		fi
+		eend $? || FAIL=1
+	fi
+}
+
+pkg_postinst() {
+	enewgroup systemd-journal
+	if use http; then
+		enewgroup systemd-journal-gateway
+		enewuser systemd-journal-gateway -1 -1 -1 systemd-journal-gateway
+	fi
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required. Despite that this file is owned by sys-apps/hwids.
+	if has_version "sys-apps/hwids[udev]"; then
+		udevadm hwdb --update --root="${ROOT%/}"
+	fi
+
+	udev_reload || FAIL=1
+
+	# Bug 468876
+	fcaps cap_dac_override,cap_sys_ptrace=ep usr/bin/systemd-detect-virt
+
+	# Bug 465468, make sure locales are respect, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
+	migrate_net_name_slot
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+
+	if [[ ! -L "${ROOT}"/etc/mtab ]]; then
+		ewarn "Upstream mandates the /etc/mtab file should be a symlink to /proc/mounts."
+		ewarn "Not having it is not supported by upstream and will cause tools like 'df'"
+		ewarn "and 'mount' to not work properly. Please run:"
+		ewarn "	# ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"
+		ewarn
+	fi
+
+	if ! has_version sys-apps/systemd-ui; then
+		elog "To get additional features, a number of optional runtime dependencies may"
+		elog "be installed:"
+		elog "- sys-apps/systemd-ui: for GTK+ systemadm UI and gnome-ask-password-agent"
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-213-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-213-r2.ebuild
index 19842a3433..efaa1e1913 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-213-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-213-r2.ebuild
@@ -32,7 +32,7 @@ SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
 	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
 	test xattr"
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-214.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-214.ebuild
new file mode 100644
index 0000000000..7155f5c9a8
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-214.ebuild
@@ -0,0 +1,512 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.115 2014/06/14 16:33:20 floppym Exp $
+
+EAPI=5
+
+if [[ ${PV} == 9999 ]]; then
+AUTOTOOLS_AUTORECONF=yes
+EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}
+	http://cgit.freedesktop.org/${PN}/${PN}/"
+
+inherit git-r3
+
+elif [[ ${PV} == *9999 ]]; then
+AUTOTOOLS_AUTORECONF=yes
+EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable
+	http://cgit.freedesktop.org/${PN}/${PN}-stable/"
+EGIT_BRANCH=v${PV%%.*}-stable
+
+inherit git-r3
+fi
+
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_2,3_3} )
+inherit autotools-utils bash-completion-r1 fcaps linux-info multilib \
+	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+	user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
+	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
+	test"
+
+MINKV="3.10"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.20:0=
+	sys-libs/libcap:0=
+	acl? ( sys-apps/acl:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0= )
+	gudev? ( dev-libs/glib:2=[${MULTILIB_USEDEP}] )
+	http? (
+		>=net-libs/libmicrohttpd-0.9.33:0=
+		ssl? ( >=net-libs/gnutls-3.1.4:0= )
+	)
+	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lzma? ( app-arch/xz-utils:0=[${MULTILIB_USEDEP}] )
+	pam? ( virtual/pam:= )
+	python? ( ${PYTHON_DEPS} )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.1:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=sys-apps/baselayout-2.2
+	|| (
+		>=sys-apps/util-linux-2.22
+		<sys-apps/sysvinit-2.88-r4
+	)
+	!sys-auth/nss-myhostname
+	!<sys-libs/glibc-2.14
+	!sys-fs/udev"
+
+# sys-apps/daemon: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.6.8-r1:0
+	>=sys-apps/hwids-20130717-r1[udev]
+	policykit? ( sys-auth/polkit )"
+
+DEPEND="${COMMON_DEPEND}
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/intltool-0.50
+	>=sys-devel/binutils-2.23.1
+	>=sys-devel/gcc-4.6
+	>=sys-kernel/linux-headers-${MINKV}
+	virtual/pkgconfig
+	doc? ( >=dev-util/gtk-doc-1.18 )
+	python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
+
+if [[ ${PV} == *9999 ]]; then
+DEPEND="${DEPEND}
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	dev-libs/gobject-introspection
+	>=dev-libs/libgcrypt-1.4.5:0"
+
+SRC_URI=
+KEYWORDS=
+fi
+
+src_prepare() {
+if [[ ${PV} == *9999 ]]; then
+	if use doc; then
+		gtkdocize --docdir docs/ || die
+	else
+		echo 'EXTRA_DIST =' > docs/gtk-doc.make
+	fi
+fi
+	# fix regression in systemd-tmpfiles
+	epatch "${FILESDIR}"/214-0001-shared-fix-searching-for-configs-in-alternate-roots.patch
+
+	# Bug 463376
+	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
+
+	autotools-utils_src_prepare
+}
+
+pkg_pretend() {
+	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
+		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS
+		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR
+		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2
+		~!GRKERNSEC_PROC"
+
+	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+	use firmware-loader || CONFIG_CHECK+=" ~!FW_LOADER_USER_HELPER"
+
+	if linux_config_exists; then
+		local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+	fi
+
+	if [[ ${MERGE_TYPE} != binary ]]; then
+		if [[ $(gcc-major-version) -lt 4
+			|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
+		then
+			eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
+			eerror "gcc version using gcc-config."
+			die "systemd requires at least gcc 4.6"
+		fi
+	fi
+
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		if ! use firmware-loader && kernel_is -lt 3 8; then
+			ewarn "You seem to be using kernel older than 3.8. Those kernel versions"
+			ewarn "require systemd with USE=firmware-loader to support loading"
+			ewarn "firmware. Missing this flag may cause some hardware not to work."
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use python && python-single-r1_pkg_setup
+}
+
+src_configure() {
+	# Keep using the one where the rules were installed.
+	MY_UDEVDIR=$(get_udevdir)
+	# Fix systems broken by bug #509454.
+	[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		# disable -flto since it is an optimization flag
+		# and makes distcc less effective
+		cc_cv_CFLAGS__flto=no
+
+		--with-pamconfdir=/usr/share/pam.d
+		--disable-maintainer-mode
+		--localstatedir=/var
+		--with-pamlibdir=$(getpam_mod_dir)
+		# avoid bash-completion dep
+		--with-bashcompletiondir="$(get_bashcompdir)"
+		# make sure we get /bin:/sbin in $PATH
+		--enable-split-usr
+		# disable sysv compatibility
+		--with-sysvinit-path=
+		--with-sysvrcnd-path=
+		# no deps
+		--enable-efi
+		--enable-ima
+		# optional components/dependencies
+		$(use_enable acl)
+		$(use_enable audit)
+		$(use_enable cryptsetup libcryptsetup)
+		$(use_enable doc gtk-doc)
+		$(use_enable gcrypt)
+		$(use_enable gudev)
+		$(use_enable http microhttpd)
+		$(usex http $(use_enable ssl gnutls) --disable-gnutls)
+		$(use_enable introspection)
+		$(use_enable kdbus)
+		$(use_enable kmod)
+		$(use_enable lzma xz)
+		$(use_enable pam)
+		$(use_enable policykit polkit)
+		$(use_with python)
+		$(use_enable python python-devel)
+		$(use_enable qrcode qrencode)
+		$(use_enable seccomp)
+		$(use_enable selinux)
+		$(use_enable test tests)
+
+		# not supported (avoid automagic deps in the future)
+		--disable-chkconfig
+
+		# hardcode a few paths to spare some deps
+		QUOTAON=/usr/sbin/quotaon
+		QUOTACHECK=/usr/sbin/quotacheck
+
+		# dbus paths
+		--with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d"
+		--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
+		--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
+		--with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
+
+		--with-ntp-servers="0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org"
+	)
+
+	if use firmware-loader; then
+		myeconfargs+=(
+			--with-firmware-path="/lib/firmware/updates:/lib/firmware"
+		)
+	fi
+
+	# Added for testing; this is UNSUPPORTED by the Gentoo systemd team!
+	if [[ -n ${ROOTPREFIX+set} ]]; then
+		myeconfargs+=(
+			--with-rootprefix="${ROOTPREFIX}"
+			--with-rootlibdir="${ROOTPREFIX}/$(get_libdir)"
+		)
+	fi
+
+	if ! multilib_is_native_abi; then
+		myeconfargs+=(
+			ac_cv_search_cap_init=
+			ac_cv_header_sys_capability_h=yes
+			DBUS_CFLAGS=' '
+			DBUS_LIBS=' '
+
+			--disable-acl
+			--disable-audit
+			--disable-gcrypt
+			--disable-gnutls
+			--disable-gtk-doc
+			--disable-introspection
+			--disable-kmod
+			--disable-libcryptsetup
+			--disable-microhttpd
+			--disable-networkd
+			--disable-pam
+			--disable-polkit
+			--disable-qrencode
+			--disable-seccomp
+			--disable-selinux
+			--disable-timesyncd
+			--disable-tests
+			--disable-xz
+			--disable-python-devel
+		)
+	fi
+
+	# Work around bug 463846.
+	tc-export CC
+
+	autotools-utils_src_configure
+}
+
+multilib_src_compile() {
+	local mymakeopts=(
+		udevlibexecdir="${MY_UDEVDIR}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}"
+	else
+		# prerequisites for gudev
+		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
+
+		echo 'gentoo: $(BUILT_SOURCES)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+	fi
+}
+
+multilib_src_test() {
+	multilib_is_native_abi || continue
+
+	default
+}
+
+multilib_src_install() {
+	local mymakeopts=(
+		# automake fails with parallel libtool relinking
+		# https://bugs.gentoo.org/show_bug.cgi?id=491398
+		-j1
+
+		udevlibexecdir="${MY_UDEVDIR}"
+		dist_udevhwdb_DATA=
+		DESTDIR="${D}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}" install
+	else
+		mymakeopts+=(
+			install-libLTLIBRARIES
+			install-pkgconfiglibDATA
+			install-includeHEADERS
+			# safe to call unconditionally, 'installs' empty list
+			install-libgudev_includeHEADERS
+			install-pkgincludeHEADERS
+		)
+
+		emake "${mymakeopts[@]}"
+	fi
+
+	# install compat pkg-config files
+	local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
+	emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
+		pkgconfiglib_DATA="${pcfiles[*]}"
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --modules
+	einstalldocs
+
+	# we just keep sysvinit tools, so no need for the mans
+	rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+		|| die
+	rm "${D}"/usr/share/man/man1/init.1 || die
+
+	# Disable storing coredumps in journald, bug #433457
+	mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
+
+	systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf
+	systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf
+
+	# Don't default to graphical.target
+	rm "${D}"/usr/lib/systemd/system/default.target || die
+	dosym multi-user.target /usr/lib/systemd/system/default.target
+
+	# Move a few services enabled in /etc to /usr
+	rm "${D}"/etc/systemd/system/getty.target.wants/getty@tty1.service || die
+	rmdir "${D}"/etc/systemd/system/getty.target.wants || die
+	dosym ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service
+
+	rm "${D}"/etc/systemd/system/multi-user.target.wants/remote-fs.target \
+		"${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service \
+		"${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service \
+		"${D}"/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service \
+		|| die
+	rmdir "${D}"/etc/systemd/system/multi-user.target.wants \
+		"${D}"/etc/systemd/system/network-online.target.wants \
+		|| die
+	systemd_enable_service multi-user.target remote-fs.target
+	systemd_enable_service multi-user.target systemd-networkd.service
+	systemd_enable_service multi-user.target systemd-resolved.service
+	systemd_enable_service network-online.target systemd-networkd-wait-online.service
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+	local locale_conf="${EROOT%/}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+migrate_net_name_slot() {
+	# If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
+	# do the same for 80-net-setup-link.rules to keep the old behavior
+	local net_move=no
+	local net_name_slot_sym=no
+	local net_rules_path="${EROOT%/}"/etc/udev/rules.d
+	local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
+	local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
+	if [[ -e ${net_setup_link} ]]; then
+		net_move=no
+	elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
+		net_move=yes
+	elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
+		net_move=yes
+		net_name_slot_sym=yes
+	fi
+	if [[ ${net_move} == yes ]]; then
+		ebegin "Copying ${net_name_slot} to ${net_setup_link}"
+
+		if [[ ${net_name_slot_sym} == yes ]]; then
+			ln -nfs /dev/null "${net_setup_link}"
+		else
+			cp "${net_name_slot}" "${net_setup_link}"
+		fi
+		eend $? || FAIL=1
+	fi
+}
+
+pkg_postinst() {
+	newusergroup() {
+		enewgroup "$1"
+		enewuser "$1" -1 -1 -1 "$1"
+	}
+
+	enewgroup systemd-journal
+	newusergroup systemd-bus-proxy
+	newusergroup systemd-network
+	newusergroup systemd-resolve
+	newusergroup systemd-timesync
+	use http && newusergroup systemd-journal-gateway
+
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required. Despite that this file is owned by sys-apps/hwids.
+	if has_version "sys-apps/hwids[udev]"; then
+		udevadm hwdb --update --root="${ROOT%/}"
+	fi
+
+	udev_reload || FAIL=1
+
+	# Bug 468876
+	fcaps cap_dac_override,cap_sys_ptrace=ep usr/bin/systemd-detect-virt
+
+	# Bug 465468, make sure locales are respect, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
+	migrate_net_name_slot
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+
+	if [[ ! -L "${ROOT}"/etc/mtab ]]; then
+		ewarn "Upstream mandates the /etc/mtab file should be a symlink to /proc/mounts."
+		ewarn "Not having it is not supported by upstream and will cause tools like 'df'"
+		ewarn "and 'mount' to not work properly. Please run:"
+		ewarn "	# ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"
+		ewarn
+	fi
+
+	if ! has_version sys-apps/systemd-ui; then
+		elog "To get additional features, a number of optional runtime dependencies may"
+		elog "be installed:"
+		elog "- sys-apps/systemd-ui: for GTK+ systemadm UI and gnome-ask-password-agent"
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index a63b3a0005..822555791b 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.114 2014/06/11 15:13:06 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.115 2014/06/14 16:33:20 floppym Exp $
 
 EAPI=5
 
@@ -35,7 +35,7 @@ SLOT="0/2"
 KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
 	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
-	test xattr"
+	test"
 
 MINKV="3.10"
 
@@ -58,7 +58,6 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.20:0=
 	qrcode? ( media-gfx/qrencode:0= )
 	seccomp? ( >=sys-libs/libseccomp-2.1:0= )
 	selinux? ( sys-libs/libselinux:0= )
-	xattr? ( sys-apps/attr:0= )
 	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
 		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
 
@@ -121,12 +120,11 @@ fi
 pkg_pretend() {
 	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
 		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS
-		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD
+		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR
 		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2
 		~!GRKERNSEC_PROC"
 
 	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-	use xattr && CONFIG_CHECK+=" ~TMPFS_XATTR"
 	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
 	use firmware-loader || CONFIG_CHECK+=" ~!FW_LOADER_USER_HELPER"
 
@@ -217,7 +215,6 @@ multilib_src_configure() {
 		$(use_enable seccomp)
 		$(use_enable selinux)
 		$(use_enable test tests)
-		$(use_enable xattr)
 
 		# not supported (avoid automagic deps in the future)
 		--disable-chkconfig
@@ -273,7 +270,6 @@ multilib_src_configure() {
 			--disable-selinux
 			--disable-timesyncd
 			--disable-tests
-			--disable-xattr
 			--disable-xz
 			--disable-python-devel
 		)
@@ -452,15 +448,18 @@ migrate_net_name_slot() {
 }
 
 pkg_postinst() {
+	newusergroup() {
+		enewgroup "$1"
+		enewuser "$1" -1 -1 -1 "$1"
+	}
+
 	enewgroup systemd-journal
-	enewgroup systemd-network
-	enewuser systemd-network -1 -1 -1 systemd-network
-	enewgroup systemd-timesync
-	enewuser systemd-timesync -1 -1 -1 systemd-timesync
-	if use http; then
-		enewgroup systemd-journal-gateway
-		enewuser systemd-journal-gateway -1 -1 -1 systemd-journal-gateway
-	fi
+	newusergroup systemd-bus-proxy
+	newusergroup systemd-network
+	newusergroup systemd-resolve
+	newusergroup systemd-timesync
+	use http && newusergroup systemd-journal-gateway
+
 	systemd_update_catalog
 
 	# Keep this here in case the database format changes so it gets updated