diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask
new file mode 100644
index 0000000000..d7d483989a
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask
@@ -0,0 +1 @@
+kdbus
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999-r1.ebuild
index a1fa1a6a87..2d28bb620c 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999-r1.ebuild,v 1.16 2013/09/14 18:44:05 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.86 2014/02/21 15:40:01 zx2c4 Exp $
 
 EAPI=5
 
@@ -9,11 +9,11 @@ AUTOTOOLS_AUTORECONF=yes
 EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}
 	http://cgit.freedesktop.org/${PN}/${PN}/"
 
-inherit git-2
+inherit git-r3
 #endif
 
 AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
-PYTHON_COMPAT=( python2_7 )
+PYTHON_COMPAT=( python{2_7,3_2,3_3} )
 inherit autotools-utils bash-completion-r1 fcaps linux-info multilib \
 	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
 	user
@@ -23,91 +23,112 @@ HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
 SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0"
+SLOT="0/1"
 KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
 IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
-	+kmod lzma openrc pam policykit python qrcode selinux tcpd test
-	vanilla xattr"
+	kdbus +kmod networkd lzma pam policykit python qrcode +seccomp selinux tcpd
+	test vanilla xattr"
 
 MINKV="3.0"
 
-COMMON_DEPEND=">=sys-apps/dbus-1.6.8-r1
-	>=sys-apps/util-linux-2.20
-	sys-libs/libcap
-	acl? ( sys-apps/acl )
-	audit? ( >=sys-process/audit-2 )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6 )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5 )
-	gudev? ( >=dev-libs/glib-2[${MULTILIB_USEDEP}] )
-	http? ( net-libs/libmicrohttpd )
-	introspection? ( >=dev-libs/gobject-introspection-1.31.1 )
-	kmod? ( >=sys-apps/kmod-14-r1 )
-	lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
-	pam? ( virtual/pam )
+COMMON_DEPEND=">=sys-apps/util-linux-2.20:0=
+	sys-libs/libcap:0=
+	acl? ( sys-apps/acl:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0= )
+	gudev? ( dev-libs/glib:2=[${MULTILIB_USEDEP}] )
+	http? ( net-libs/libmicrohttpd:0= )
+	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lzma? ( app-arch/xz-utils:0=[${MULTILIB_USEDEP}] )
+	pam? ( virtual/pam:= )
 	python? ( ${PYTHON_DEPS} )
-	qrcode? ( media-gfx/qrencode )
-	selinux? ( sys-libs/libselinux )
-	tcpd? ( sys-apps/tcp-wrappers )
-	xattr? ( sys-apps/attr )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( sys-libs/libseccomp:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	tcpd? ( sys-apps/tcp-wrappers:0= )
+	xattr? ( sys-apps/attr:0= )
 	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
 		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
 
 # baselayout-2.2 has /run
 RDEPEND="${COMMON_DEPEND}
 	>=sys-apps/baselayout-2.2
-	openrc? ( >=sys-fs/udev-init-scripts-25 )
 	|| (
 		>=sys-apps/util-linux-2.22
 		<sys-apps/sysvinit-2.88-r4
 	)
-	!vanilla? ( sys-apps/gentoo-systemd-integration )
 	!sys-auth/nss-myhostname
 	!<sys-libs/glibc-2.10
 	!sys-fs/udev"
 
-PDEPEND=">=sys-apps/hwids-20130717-r1[udev]
-	policykit? ( sys-auth/polkit )"
+# sys-apps/daemon: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.6.8-r1:0
+	>=sys-apps/hwids-20130717-r1[udev]
+	>=sys-fs/udev-init-scripts-25
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
 
+# Newer linux-headers needed by ia64, bug #480218
 DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils
+	app-arch/xz-utils:0
 	app-text/docbook-xml-dtd:4.2
 	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt
+	dev-libs/libxslt:0
 	dev-util/gperf
 	>=dev-util/intltool-0.50
 	>=sys-devel/binutils-2.23.1
 	>=sys-devel/gcc-4.6
 	>=sys-kernel/linux-headers-${MINKV}
+	ia64? ( >=sys-kernel/linux-headers-3.9 )
 	virtual/pkgconfig
-	doc? ( >=dev-util/gtk-doc-1.18 )"
+	doc? ( >=dev-util/gtk-doc-1.18 )
+	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
 
 #if LIVE
 DEPEND="${DEPEND}
 	dev-libs/gobject-introspection
-	>=dev-libs/libgcrypt-1.4.5
-	>=dev-util/gtk-doc-1.18"
+	>=dev-libs/libgcrypt-1.4.5:0"
 
 SRC_URI=
 KEYWORDS=
+#endif
 
 src_prepare() {
-	gtkdocize --docdir docs/ || die
+	if use doc; then
+		gtkdocize --docdir docs/ || die
+	else
+		echo 'EXTRA_DIST =' > docs/gtk-doc.make
+	fi
+
+	# Bug 463376
+	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
 
 	autotools-utils_src_prepare
 }
-#endif
 
 pkg_pretend() {
-	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS
+	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
 		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~PROC_FS
 		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD
-		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2"
+		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2
+		~!GRKERNSEC_PROC"
 
 	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
 	use pam && CONFIG_CHECK+=" ~AUDITSYSCALL"
+	use xattr && CONFIG_CHECK+=" ~TMPFS_XATTR"
 	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
 	use firmware-loader || CONFIG_CHECK+=" ~!FW_LOADER_USER_HELPER"
 
+	if linux_config_exists; then
+		local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+	fi
+
 	if [[ ${MERGE_TYPE} != binary ]]; then
 		if [[ $(gcc-major-version) -lt 4
 			|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
@@ -139,6 +160,9 @@ pkg_setup() {
 
 multilib_src_configure() {
 	local myeconfargs=(
+		--with-pamconfdir=/usr/share/pam.d
+		--with-dbuspolicydir=/usr/share/dbus-1/system.d
+		--disable-maintainer-mode
 		--localstatedir=/var
 		--with-pamlibdir=$(getpam_mod_dir)
 		# avoid bash-completion dep
@@ -151,6 +175,8 @@ multilib_src_configure() {
 		# no deps
 		--enable-efi
 		--enable-ima
+		# we enable compat libs, for now. hopefully we can drop this flag later
+		--enable-compat-libs
 		# optional components/dependencies
 		$(use_enable acl)
 		$(use_enable audit)
@@ -160,13 +186,15 @@ multilib_src_configure() {
 		$(use_enable gudev)
 		$(use_enable http microhttpd)
 		$(use_enable introspection)
+		$(use_enable kdbus)
 		$(use_enable kmod)
 		$(use_enable lzma xz)
+		$(use_enable networkd)
 		$(use_enable pam)
 		$(use_enable policykit polkit)
 		$(use_enable python python-devel)
-		$(use python && echo PYTHON_CONFIG=/usr/bin/python-config-${EPYTHON#python})
 		$(use_enable qrcode qrencode)
+		$(use_enable seccomp)
 		$(use_enable selinux)
 		$(use_enable tcpd tcpwrap)
 		$(use_enable test tests)
@@ -196,6 +224,7 @@ multilib_src_configure() {
 			DBUS_CFLAGS=' '
 			DBUS_LIBS=' '
 
+			--enable-compat-libs
 			--disable-acl
 			--disable-audit
 			--disable-gcrypt
@@ -204,9 +233,11 @@ multilib_src_configure() {
 			--disable-kmod
 			--disable-libcryptsetup
 			--disable-microhttpd
+			--disable-networkd
 			--disable-pam
 			--disable-polkit
 			--disable-qrencode
+			--disable-seccomp
 			--disable-selinux
 			--disable-tcpwrap
 			--disable-tests
@@ -233,6 +264,8 @@ multilib_src_compile() {
 		# prerequisites for gudev
 		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
 
+		echo 'gentoo: $(BUILT_SOURCES)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
 		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
 		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
 	fi
@@ -246,6 +279,10 @@ multilib_src_test() {
 
 multilib_src_install() {
 	local mymakeopts=(
+		# automake fails with parallel libtool relinking
+		# https://bugs.gentoo.org/show_bug.cgi?id=491398
+		-j1
+
 		udevlibexecdir="${MY_UDEVDIR}"
 		dist_udevhwdb_DATA=
 		DESTDIR="${D}"
@@ -253,6 +290,9 @@ multilib_src_install() {
 
 	if multilib_is_native_abi; then
 		emake "${mymakeopts[@]}" install
+		# Even with --enable-networkd, it's not right to have this running by default
+		# when it's unconfigured.
+		rm -f "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
 	else
 		mymakeopts+=(
 			install-libLTLIBRARIES
@@ -265,10 +305,16 @@ multilib_src_install() {
 
 		emake "${mymakeopts[@]}"
 	fi
+
+	rmdir ${D}/etc/binfmt.d
+	rmdir ${D}/etc/sysctl.d
+	rmdir ${D}/etc/tmpfiles.d
+	rmdir ${D}/etc/modules-load.d
 }
 
 multilib_src_install_all() {
 	prune_libtool_files --modules
+	einstalldocs
 
 	# we just keep sysvinit tools, so no need for the mans
 	rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
@@ -278,18 +324,55 @@ multilib_src_install_all() {
 	# Disable storing coredumps in journald, bug #433457
 	mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
 
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
-		/etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd
+	# Preserve empty dir /var, bug #437008
+	keepdir /var/lib/systemd
+}
 
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+migrate_locale() {
+	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+	local locale_conf="${EROOT%/}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
 }
 
 pkg_postinst() {
-	# for udev rules
-	enewgroup dialout
-
 	enewgroup systemd-journal
 	if use http; then
 		enewgroup systemd-journal-gateway
@@ -303,13 +386,22 @@ pkg_postinst() {
 		udevadm hwdb --update --root="${ROOT%/}"
 	fi
 
-	if [[ ${ROOT} == "" || ${ROOT} == "/" ]]; then
-		udevadm control --reload
-	fi
+	udev_reload || FAIL=1
 
 	# Bug 468876
 	fcaps cap_dac_override,cap_sys_ptrace=ep usr/bin/systemd-detect-virt
 
+	# Bug 465468, make sure locales are respect, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+
 	if [[ ! -L "${ROOT}"/etc/mtab ]]; then
 		ewarn "Upstream mandates the /etc/mtab file should be a symlink to /proc/mounts."
 		ewarn "Not having it is not supported by upstream and will cause tools like 'df'"