Merge bba2f7a1fe into a035eaa227

Follow-up for 90755dac69.

TODO

@@ -128,6 +128,13 @@ Deprecations and removals:
 
 Features:
 
+* loginctl: show argv[] of "leader" process in tabular list-sessions output
+
+* loginctl: show "service identifier" in tabular list-sessions output, to make
+  run0 sessions easily visible.
+
+* run0: maybe enable utmp for run0 sessions, so that they are easily visible.
+
 * maybe replace nss-machines with logic in networkd that registers records with
   systemd-resolved, based on DHCP leases, so that we gain compat with VMs.
   Implementation idea: encode in an ifaltname the intended local name to expose this

docs/TESTING_WITH_SANITIZERS.md

@@ -18,7 +18,7 @@ compiler you want to use and which part of the test suite you want to run.
 To build with sanitizers in mkosi, create a file `mkosi/mkosi.local.conf` and add the following contents:
 
 ```
-[Content]
+[Build]
 Environment=SANITIZERS=address,undefined
 ```
 

man/bootctl.xml

@@ -398,10 +398,12 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>--no-variables</option></term>
-        <listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para>
+        <term><option>--variables=yes|no</option></term>
+        <listitem><para>Controls whether to touch the firmware's boot loader list stored in EFI variables,
+        and other EFI variables. If not specified defaults to no when execution in a container runtime is
+        detected, yes otherwise.</para>
 
-        <xi:include href="version-info.xml" xpointer="v220"/></listitem>
+        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
       </varlistentry>
 
       <varlistentry>

man/org.freedesktop.systemd1.xml

@@ -477,8 +477,6 @@ node /org/freedesktop/systemd1 {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b DefaultCPUAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
-      readonly b DefaultBlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b DefaultIOAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b DefaultIPAccounting = ...;
@@ -719,8 +717,6 @@ node /org/freedesktop/systemd1 {
 
     <!--property DefaultCPUAccounting is not documented!-->
 
-    <!--property DefaultBlockIOAccounting is not documented!-->
-
     <!--property DefaultIOAccounting is not documented!-->
 
     <!--property DefaultIPAccounting is not documented!-->
@@ -1167,8 +1163,6 @@ node /org/freedesktop/systemd1 {
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultCPUAccounting"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="DefaultBlockIOAccounting"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultIOAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultIPAccounting"/>
@@ -2906,10 +2900,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -2940,18 +2930,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -2984,8 +2962,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -3565,10 +3541,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -3599,18 +3571,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -3643,8 +3603,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -4237,10 +4195,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -4271,18 +4225,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -4315,8 +4257,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -5113,10 +5053,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -5147,18 +5083,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -5191,8 +5115,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -5784,10 +5706,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -5818,18 +5736,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -5862,8 +5768,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -6428,10 +6332,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -6462,18 +6362,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -6506,8 +6394,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -7136,10 +7022,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -7170,18 +7052,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -7214,8 +7084,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -7737,10 +7605,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -7771,18 +7635,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -7815,8 +7667,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -8297,10 +8147,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -8331,18 +8177,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -8375,8 +8209,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -9132,10 +8964,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -9166,18 +8994,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -9210,8 +9026,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -9715,10 +9529,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -9749,18 +9559,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -9793,8 +9591,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -10257,10 +10053,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -10291,18 +10083,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -10335,8 +10115,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -10945,10 +10723,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -10979,18 +10753,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -11023,8 +10785,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -11138,10 +10898,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -11172,18 +10928,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -11216,8 +10960,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -11338,10 +11080,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -11372,18 +11110,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -11416,8 +11142,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -11569,10 +11293,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -11603,18 +11323,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -11647,8 +11355,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -11782,10 +11488,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -11816,18 +11518,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -11860,8 +11550,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -12012,10 +11700,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -12046,18 +11730,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -12090,8 +11762,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>

man/systemd.network.xml

@@ -1738,8 +1738,10 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
         <term><varname>FirewallMark=</varname></term>
         <listitem>
           <para>Specifies the iptables firewall mark value to match (a number in the range
-          1…4294967295). Optionally, the firewall mask (also a number between 1…4294967295) can be
-          suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>.</para>
+          0…4294967295). Optionally, the firewall mask (also a number between 0…4294967295) can be
+          suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>. When the
+          mark value is non-zero and no mask is explicitly specified, all bits of the mark are
+          compared. </para>
 
           <xi:include href="version-info.xml" xpointer="v235"/>
         </listitem>

mkosi/mkosi.conf.d/arch/mkosi.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         systemd
         systemd-libs

mkosi/mkosi.conf.d/arch/systemd.prepare

@@ -17,14 +17,16 @@ for PACKAGE in "${PACKAGES[@]}"; do
             sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it.
     )"
 
-    DEPS="$DEPS $(
-        pacman --sync --info "$PACKAGE" |
-            sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
-            sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive).
-            sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line.
-            sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
-            tr '\n' ' ' # Transform newlines to whitespace.
-    )"
+    if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+        DEPS="$DEPS $(
+            pacman --sync --info "$PACKAGE" |
+                sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
+                sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive).
+                sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line.
+                sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
+                tr '\n' ' ' # Transform newlines to whitespace.
+        )"
+    fi
 done
 
 echo "$DEPS" |

mkosi/mkosi.conf.d/centos-fedora/mkosi.conf

@@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         systemd
         systemd-boot

mkosi/mkosi.conf.d/centos-fedora/systemd.prepare

@@ -8,7 +8,12 @@ fi
 
 mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
 
-for DEPS in --requires --recommends --suggests; do
+DEP_TYPES=(--requires)
+if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+    DEP_TYPES+=(--recommends --suggests)
+fi
+
+for DEPS in "${DEP_TYPES[@]}"; do
     # We need --latest-limit=1 to only consider the newest version of the packages.
     # --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
     # are not considered on x86-64.

mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf

@@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         libnss-myhostname
         libnss-mymachines

mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare

@@ -22,9 +22,14 @@ for PACKAGE in "${PACKAGES[@]}"; do
     # Get all the dependencies of the systemd packages including recommended and suggested dependencies.
     PATTERNS+=(
         "?and(?reverse-depends(?exact-name($PACKAGE)), $COMMON)"
-        "?and(?reverse-recommends(?exact-name($PACKAGE)), $COMMON)"
-        "?and(?reverse-suggests(?exact-name($PACKAGE)), $COMMON)"
     )
+
+    if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+        PATTERNS+=(
+            "?and(?reverse-recommends(?exact-name($PACKAGE)), $COMMON)"
+            "?and(?reverse-suggests(?exact-name($PACKAGE)), $COMMON)"
+        )
+    fi
 done
 
 mkosi-install "${PATTERNS[@]}"

mkosi/mkosi.conf.d/opensuse/mkosi.conf

@@ -11,6 +11,7 @@ Repositories=non-oss
 SandboxTrees=macros.db_backend:/etc/rpm/macros.db_backend
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         libsystemd0
         libudev1

mkosi/mkosi.conf.d/opensuse/systemd.prepare

@@ -9,11 +9,15 @@ fi
 mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
 
 DEPS=""
+DEP_TYPES=(--requires)
+if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+    DEP_TYPES+=(--recommends --suggests)
+fi
 
 for PACKAGE in "${PACKAGES[@]}"; do
     # zypper's output is not machine readable so we make do with sed instead.
     DEPS="$DEPS\n$(
-        zypper info --requires --recommends --suggests "$PACKAGE" |
+        zypper info "${DEP_TYPES[@]}" "$PACKAGE" |
             sed '/Requires/,$!d' | # Remove everything before Requires line
             sed --quiet 's/^    //p' # All indented lines have dependencies
     )"

mkosi/mkosi.images/exitrd/mkosi.conf

@@ -3,6 +3,9 @@
 [Output]
 Format=directory
 
+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 Bootable=no
 Locale=C.UTF-8
@@ -11,6 +14,7 @@ CleanPackageMetadata=yes
 MakeInitrd=yes
 
 Packages=
+        coreutils
         bash
 
 [Include]

mkosi/mkosi.images/exitrd/mkosi.conf.d/arch.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 VolatilePackages=
         systemd
         systemd-libs

mkosi/mkosi.images/exitrd/mkosi.conf.d/centos-fedora.conf

@@ -5,5 +5,6 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 VolatilePackages=
         systemd-standalone-shutdown

mkosi/mkosi.images/exitrd/mkosi.conf.d/debian.conf

@@ -4,5 +4,6 @@
 Distribution=debian
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 VolatilePackages=
         systemd-standalone-shutdown

mkosi/mkosi.images/exitrd/mkosi.conf.d/opensuse.conf

@@ -4,6 +4,7 @@
 Distribution=opensuse
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         diffutils
         grep

mkosi/mkosi.images/exitrd/mkosi.conf.d/ubuntu.conf

@@ -4,6 +4,7 @@
 Distribution=ubuntu
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 VolatilePackages=
         libsystemd-shared
         libsystemd0

mkosi/mkosi.images/initrd/mkosi.conf

@@ -6,10 +6,14 @@ Include=
         %D/mkosi/mkosi.sanitizers
         %D/mkosi/mkosi.coverage
 
+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 ExtraTrees=%D/mkosi/mkosi.extra.common
 
 Packages=
+        coreutils
         findutils
         grep
         sed

mkosi/mkosi.images/initrd/mkosi.conf.d/arch.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 Packages=
         btrfs-progs
         tpm2-tools

mkosi/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf

@@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 Packages=
         tpm2-tools
 

mkosi/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf

@@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 Packages=
         btrfs-progs
         tpm2-tools

mkosi/mkosi.images/initrd/mkosi.conf.d/opensuse.conf

@@ -4,6 +4,7 @@
 Distribution=opensuse
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         btrfs-progs
         kmod

mkosi/mkosi.images/minimal-base/mkosi.conf

@@ -3,6 +3,9 @@
 [Output]
 Format=directory
 
+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 Bootable=no
 Locale=C.UTF-8

mkosi/mkosi.images/minimal-base/mkosi.conf.d/arch.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 Packages=
         inetutils
         iproute

mkosi/mkosi.images/minimal-base/mkosi.conf.d/centos-fedora.conf

@@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 Packages=
         hostname
         iproute

mkosi/mkosi.images/minimal-base/mkosi.conf.d/debian-ubuntu.conf

@@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 Packages=
         hostname
         iproute2

mkosi/mkosi.images/minimal-base/mkosi.conf.d/opensuse.conf

@@ -4,6 +4,7 @@
 Distribution=opensuse
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         diffutils
         grep

src/basic/conf-files.c

@@ -19,7 +19,6 @@
 #include "nulstr-util.h"
 #include "path-util.h"
 #include "set.h"
-#include "sort-util.h"
 #include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
@@ -122,29 +121,22 @@ static int files_add(
         return 0;
 }
 
-static int base_cmp(char * const *a, char * const *b) {
-        assert(a);
-        assert(b);
-        return path_compare_filename(*a, *b);
-}
-
 static int copy_and_sort_files_from_hashmap(Hashmap *fh, char ***ret) {
         _cleanup_free_ char **sv = NULL;
         char **files;
+        int r;
 
         assert(ret);
 
-        sv = hashmap_get_strv(fh);
-        if (!sv)
-                return -ENOMEM;
+        r = hashmap_dump_sorted(fh, (void***) &sv, /* ret_n = */ NULL);
+        if (r < 0)
+                return r;
 
-        /* The entries in the array given by hashmap_get_strv() are still owned by the hashmap. */
+        /* The entries in the array given by hashmap_dump_sorted() are still owned by the hashmap. */
         files = strv_copy(sv);
         if (!files)
                 return -ENOMEM;
 
-        typesafe_qsort(files, strv_length(files), base_cmp);
-
         *ret = files;
         return 0;
 }
@@ -237,7 +229,7 @@ int conf_files_insert(char ***strv, const char *root, char **dirs, const char *p
         for (i = 0; i < n; i++) {
                 int c;
 
-                c = base_cmp((char* const*) *strv + i, (char* const*) &path);
+                c = path_compare_filename((*strv)[i], path);
                 if (c == 0)
                         /* Oh, there already is an entry with a matching name (the last component). */
                         STRV_FOREACH(dir, dirs) {

src/basic/xattr-util.c

@@ -104,7 +104,7 @@ static ssize_t getxattr_pinned_internal(
         if (n < 0)
                 return -errno;
 
-        assert((size_t) n <= size);
+        assert(size == 0 || (size_t) n <= size);
         return n;
 }
 
@@ -234,7 +234,7 @@ static int listxattr_pinned_internal(
         if (n < 0)
                 return -errno;
 
-        assert((size_t) n <= size);
+        assert(size == 0 || (size_t) n <= size);
 
         if (n > INT_MAX) /* We couldn't return this as 'int' anymore */
                 return -E2BIG;

src/bootctl/bootctl-install.c

@@ -865,17 +865,6 @@ static int install_variables(
         uint16_t slot;
         int r;
 
-        if (arg_root) {
-                log_info("Acting on %s, skipping EFI variable setup.",
-                         arg_image ? "image" : "root directory");
-                return 0;
-        }
-
-        if (!is_efi_boot()) {
-                log_warning("Not booted with EFI, skipping EFI variable setup.");
-                return 0;
-        }
-
         r = chase_and_access(path, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, F_OK, NULL);
         if (r == -ENOENT)
                 return 0;
@@ -1075,7 +1064,7 @@ int verb_install(int argc, char *argv[], void *userdata) {
 
         (void) sync_everything();
 
-        if (!arg_touch_variables)
+        if (!touch_variables())
                 return 0;
 
         if (arg_arch_all) {
@@ -1206,9 +1195,6 @@ static int remove_variables(sd_id128_t uuid, const char *path, bool in_order) {
         uint16_t slot;
         int r;
 
-        if (arg_root || !is_efi_boot())
-                return 0;
-
         r = find_slot(uuid, path, &slot);
         if (r != 1)
                 return 0;
@@ -1327,7 +1313,7 @@ int verb_remove(int argc, char *argv[], void *userdata) {
 
         (void) sync_everything();
 
-        if (!arg_touch_variables)
+        if (!touch_variables())
                 return r;
 
         if (arg_arch_all) {

src/bootctl/bootctl-random-seed.c

@@ -58,20 +58,9 @@ static int set_system_token(void) {
         size_t token_size;
         int r;
 
-        if (!arg_touch_variables)
+        if (!touch_variables())
                 return 0;
 
-        if (arg_root) {
-                log_warning("Acting on %s, skipping EFI variable setup.",
-                             arg_image ? "image" : "root directory");
-                return 0;
-        }
-
-        if (!is_efi_boot()) {
-                log_notice("Not booted with EFI, skipping EFI variable setup.");
-                return 0;
-        }
-
         r = getenv_bool("SYSTEMD_WRITE_SYSTEM_TOKEN");
         if (r < 0) {
                 if (r != -ENXIO)

src/bootctl/bootctl-set-efivar.c

@@ -105,32 +105,36 @@ static int parse_loader_entry_target_arg(const char *arg1, char16_t **ret_target
 int verb_set_efivar(int argc, char *argv[], void *userdata) {
         int r;
 
-        if (arg_root)
-                return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                       "Acting on %s, skipping EFI variable setup.",
-                                       arg_image ? "image" : "root directory");
+        /* Note: changing EFI variables is the primary purpose of these verbs, hence unlike in the other
+         * verbs that might touch EFI variables where we skip things gracefully, here we fail loudly if we
+         * are not run on EFI or EFI variable modifications were turned off. */
 
-        if (!is_efi_boot())
-                return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                       "Not booted with UEFI.");
+        if (arg_touch_variables < 0) {
+                if (arg_root)
+                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                               "Acting on %s, refusing EFI variable setup.",
+                                               arg_image ? "image" : "root directory");
 
-        if (access(EFIVAR_PATH(EFI_LOADER_VARIABLE_STR("LoaderInfo")), F_OK) < 0) {
-                if (errno == ENOENT) {
-                        log_error_errno(errno, "Not booted with a supported boot loader.");
-                        return -EOPNOTSUPP;
+                if (detect_container() > 0)
+                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                               "'%s' operation not supported in a container.",
+                                               argv[0]);
+                if (!is_efi_boot())
+                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                               "Not booted with UEFI.");
+
+                if (access(EFIVAR_PATH(EFI_LOADER_VARIABLE_STR("LoaderInfo")), F_OK) < 0) {
+                        if (errno == ENOENT) {
+                                log_error_errno(errno, "Not booted with a supported boot loader.");
+                                return -EOPNOTSUPP;
+                        }
+
+                        return log_error_errno(errno, "Failed to detect whether boot loader supports '%s' operation: %m", argv[0]);
                 }
 
-                return log_error_errno(errno, "Failed to detect whether boot loader supports '%s' operation: %m", argv[0]);
-        }
-
-        if (detect_container() > 0)
-                return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                       "'%s' operation not supported in a container.",
-                                       argv[0]);
-
-        if (!arg_touch_variables)
+        } else if (!arg_touch_variables)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "'%s' operation cannot be combined with --no-variables.",
+                                       "'%s' operation cannot be combined with --variables=no.",
                                        argv[0]);
 
         const char *variable;

src/bootctl/bootctl.c

@@ -43,7 +43,7 @@ bool arg_print_dollar_boot_path = false;
 bool arg_print_loader_path = false;
 bool arg_print_stub_path = false;
 unsigned arg_print_root_device = 0;
-bool arg_touch_variables = true;
+int arg_touch_variables = -1;
 bool arg_install_random_seed = true;
 PagerFlags arg_pager_flags = 0;
 bool arg_graceful = false;
@@ -213,6 +213,29 @@ static int print_loader_or_stub_path(void) {
         return 0;
 }
 
+bool touch_variables(void) {
+        /* If we run in a container or on a non-EFI system, automatically turn off EFI file system access,
+         * unless explicitly overriden. */
+
+        if (arg_touch_variables >= 0)
+                return arg_touch_variables;
+
+        if (arg_root) {
+                log_once(LOG_NOTICE,
+                         "Operating on %s, skipping EFI variable modifications.",
+                         arg_image ? "image" : "root directory");
+                return false;
+        }
+
+        if (!is_efi_boot()) { /* NB: this internally checks if we run in a container */
+                log_once(LOG_NOTICE,
+                         "Not booted with EFI or running in a container, skipping EFI variable modifications.");
+                return false;
+        }
+
+        return true;
+}
+
 static int help(int argc, char *argv[], void *userdata) {
         _cleanup_free_ char *link = NULL;
         int r;
@@ -271,7 +294,8 @@ static int help(int argc, char *argv[], void *userdata) {
                "                       Specify disk image dissection policy\n"
                "     --install-source=auto|image|host\n"
                "                       Where to pick files when using --root=/--image=\n"
-               "     --no-variables    Don't touch EFI variables\n"
+               "     --variables=yes|no\n"
+               "                       Whether to modify EFI variables\n"
                "     --random-seed=yes|no\n"
                "                       Whether to create random-seed file during install\n"
                "     --no-pager        Do not pipe output into a pager\n"
@@ -327,6 +351,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_IMAGE_POLICY,
                 ARG_INSTALL_SOURCE,
                 ARG_VERSION,
+                ARG_VARIABLES,
                 ARG_NO_VARIABLES,
                 ARG_RANDOM_SEED,
                 ARG_NO_PAGER,
@@ -362,7 +387,8 @@ static int parse_argv(int argc, char *argv[]) {
                 { "print-loader-path",           no_argument,       NULL, ARG_PRINT_LOADER_PATH           },
                 { "print-stub-path",             no_argument,       NULL, ARG_PRINT_STUB_PATH             },
                 { "print-root-device",           no_argument,       NULL, 'R'                             },
-                { "no-variables",                no_argument,       NULL, ARG_NO_VARIABLES                },
+                { "variables",                   required_argument, NULL, ARG_VARIABLES                   },
+                { "no-variables",                no_argument,       NULL, ARG_NO_VARIABLES                }, /* Compability */
                 { "random-seed",                 required_argument, NULL, ARG_RANDOM_SEED                 },
                 { "no-pager",                    no_argument,       NULL, ARG_NO_PAGER                    },
                 { "graceful",                    no_argument,       NULL, ARG_GRACEFUL                    },
@@ -460,6 +486,12 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_print_root_device++;
                         break;
 
+                case ARG_VARIABLES:
+                        r = parse_tristate_argument("--variables=", optarg, &arg_touch_variables);
+                        if (r < 0)
+                                return r;
+                        break;
+
                 case ARG_NO_VARIABLES:
                         arg_touch_variables = false;
                         break;
@@ -643,10 +675,6 @@ static int run(int argc, char *argv[]) {
 
         log_setup();
 
-        /* If we run in a container, automatically turn off EFI file system access */
-        if (detect_container() > 0)
-                arg_touch_variables = false;
-
         r = parse_argv(argc, argv);
         if (r <= 0)
                 return r;

src/bootctl/bootctl.h

@@ -20,7 +20,7 @@ extern char *arg_xbootldr_path;
 extern bool arg_print_esp_path;
 extern bool arg_print_dollar_boot_path;
 extern unsigned arg_print_root_device;
-extern bool arg_touch_variables;
+extern int arg_touch_variables;
 extern bool arg_install_random_seed;
 extern PagerFlags arg_pager_flags;
 extern bool arg_graceful;
@@ -54,3 +54,5 @@ static inline const char* arg_dollar_boot_path(void) {
 
 int acquire_esp(int unprivileged_mode, bool graceful, uint32_t *ret_part, uint64_t *ret_pstart, uint64_t *ret_psize, sd_id128_t *ret_uuid, dev_t *ret_devid);
 int acquire_xbootldr(int unprivileged_mode, sd_id128_t *ret_uuid, dev_t *ret_devid);
+
+bool touch_variables(void);

src/core/bpf-devices.c

@@ -261,11 +261,10 @@ int bpf_devices_supported(void) {
         static int supported = -1;
         int r;
 
-        /* Checks whether BPF device controller is supported. For this, we check five things:
+        /* Checks whether BPF device controller is supported. For this, we check two things:
          *
          * a) whether we are privileged
-         * b) whether the unified hierarchy is being used
-         * c) the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_DEVICE programs, which we require
+         * b) the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_DEVICE programs, which we require
          */
 
         if (supported >= 0)
@@ -276,14 +275,6 @@ int bpf_devices_supported(void) {
                 return supported = 0;
         }
 
-        r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
-        if (r < 0)
-                return log_error_errno(r, "Can't determine whether the unified hierarchy is used: %m");
-        if (r == 0) {
-                log_debug("Not running with unified cgroups, BPF device control is not supported.");
-                return supported = 0;
-        }
-
         r = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE, "sd_devices", &program);
         if (r < 0) {
                 log_debug_errno(r, "Can't allocate CGROUP DEVICE BPF program, BPF device control is not supported: %m");
@@ -315,38 +306,15 @@ static int allow_list_device_pattern(
 
         assert(IN_SET(type, 'b', 'c'));
 
-        if (cg_all_unified() > 0) {
-                if (!prog)
-                        return 0;
+        if (!prog)
+                return 0;
 
-                if (major != UINT_MAX && minor != UINT_MAX)
-                        return bpf_prog_allow_list_device(prog, type, major, minor, p);
-                else if (major != UINT_MAX)
-                        return bpf_prog_allow_list_major(prog, type, major, p);
-                else
-                        return bpf_prog_allow_list_class(prog, type, p);
+        if (major != UINT_MAX && minor != UINT_MAX)
+                return bpf_prog_allow_list_device(prog, type, major, minor, p);
+        if (major != UINT_MAX)
+                return bpf_prog_allow_list_major(prog, type, major, p);
 
-        } else {
-                char buf[2+DECIMAL_STR_MAX(unsigned)*2+2+4];
-                int r;
-
-                if (major != UINT_MAX && minor != UINT_MAX)
-                        xsprintf(buf, "%c %u:%u %s", type, major, minor, cgroup_device_permissions_to_string(p));
-                else if (major != UINT_MAX)
-                        xsprintf(buf, "%c %u:* %s", type, major, cgroup_device_permissions_to_string(p));
-                else
-                        xsprintf(buf, "%c *:* %s", type, cgroup_device_permissions_to_string(p));
-
-                /* Changing the devices list of a populated cgroup might result in EINVAL, hence ignore
-                 * EINVAL here. */
-
-                r = cg_set_attribute("devices", path, "devices.allow", buf);
-                if (r < 0)
-                        log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES, -EPERM) ? LOG_DEBUG : LOG_WARNING,
-                                       r, "Failed to set devices.allow on %s: %m", path);
-
-                return r;
-        }
+        return bpf_prog_allow_list_class(prog, type, p);
 }
 
 int bpf_devices_allow_list_device(

src/core/bpf-firewall.c

@@ -845,23 +845,12 @@ int bpf_firewall_supported(void) {
 
         /* Checks whether BPF firewalling is supported. For this, we check the following things:
          *
-         * - whether the unified hierarchy is being used
          * - the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_SKB programs, which we require
          * - the BPF implementation in the kernel supports the BPF_PROG_DETACH call, which we require
          */
         if (supported >= 0)
                 return supported;
 
-        r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
-        if (r < 0)
-                return log_error_errno(r, "bpf-firewall: Can't determine whether the unified hierarchy is used: %m");
-        if (r == 0) {
-                bpf_firewall_unsupported_reason =
-                        log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
-                                        "bpf-firewall: Not running with unified cgroup hierarchy, BPF firewalling is not supported.");
-                return supported = BPF_FIREWALL_UNSUPPORTED;
-        }
-
         /* prog_name is NULL since it is supported only starting from v4.15 kernel. */
         r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, NULL, &program);
         if (r < 0) {

src/core/bpf-foreign.h

@@ -4,10 +4,6 @@
 
 #include "unit.h"
 
-static inline int bpf_foreign_supported(void) {
-        return cg_all_unified();
-}
-
 /*
  * Attach cgroup-bpf programs foreign to systemd, i.e. loaded to the kernel by an entity
  * external to systemd.

src/core/bpf-util.c

@@ -13,17 +13,6 @@ bool cgroup_bpf_supported(void) {
         if (supported >= 0)
                 return supported;
 
-        r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
-        if (r < 0) {
-                log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
-                return (supported = false);
-        }
-
-        if (r == 0) {
-                log_info("Not running with unified cgroup hierarchy, disabling cgroup BPF features.");
-                return (supported = false);
-        }
-
         r = dlopen_bpf();
         if (r < 0) {
                 log_full_errno(in_initrd() ? LOG_DEBUG : LOG_INFO,

src/core/cgroup.h

@@ -34,8 +34,6 @@ typedef struct CGroupDeviceAllow CGroupDeviceAllow;
 typedef struct CGroupIODeviceWeight CGroupIODeviceWeight;
 typedef struct CGroupIODeviceLimit CGroupIODeviceLimit;
 typedef struct CGroupIODeviceLatency CGroupIODeviceLatency;
-typedef struct CGroupBlockIODeviceWeight CGroupBlockIODeviceWeight;
-typedef struct CGroupBlockIODeviceBandwidth CGroupBlockIODeviceBandwidth;
 typedef struct CGroupBPFForeignProgram CGroupBPFForeignProgram;
 typedef struct CGroupSocketBindItem CGroupSocketBindItem;
 typedef struct CGroupRuntime CGroupRuntime;
@@ -98,19 +96,6 @@ struct CGroupIODeviceLatency {
         usec_t target_usec;
 };
 
-struct CGroupBlockIODeviceWeight {
-        LIST_FIELDS(CGroupBlockIODeviceWeight, device_weights);
-        char *path;
-        uint64_t weight;
-};
-
-struct CGroupBlockIODeviceBandwidth {
-        LIST_FIELDS(CGroupBlockIODeviceBandwidth, device_bandwidths);
-        char *path;
-        uint64_t rbps;
-        uint64_t wbps;
-};
-
 struct CGroupBPFForeignProgram {
         LIST_FIELDS(CGroupBPFForeignProgram, programs);
         uint32_t attach_type;
@@ -140,7 +125,6 @@ typedef enum CGroupPressureWatch {
 struct CGroupContext {
         bool cpu_accounting;
         bool io_accounting;
-        bool blockio_accounting;
         bool memory_accounting;
         bool tasks_accounting;
         bool ip_accounting;
@@ -212,17 +196,6 @@ struct CGroupContext {
         Set *restrict_network_interfaces;
         bool restrict_network_interfaces_is_allow_list;
 
-        /* For legacy hierarchies */
-        uint64_t cpu_shares;
-        uint64_t startup_cpu_shares;
-
-        uint64_t blockio_weight;
-        uint64_t startup_blockio_weight;
-        LIST_HEAD(CGroupBlockIODeviceWeight, blockio_device_weights);
-        LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths);
-
-        uint64_t memory_limit;
-
         CGroupDevicePolicy device_policy;
         LIST_HEAD(CGroupDeviceAllow, device_allow);
 
@@ -396,8 +369,6 @@ void cgroup_context_free_device_allow(CGroupContext *c, CGroupDeviceAllow *a);
 void cgroup_context_free_io_device_weight(CGroupContext *c, CGroupIODeviceWeight *w);
 void cgroup_context_free_io_device_limit(CGroupContext *c, CGroupIODeviceLimit *l);
 void cgroup_context_free_io_device_latency(CGroupContext *c, CGroupIODeviceLatency *l);
-void cgroup_context_free_blockio_device_weight(CGroupContext *c, CGroupBlockIODeviceWeight *w);
-void cgroup_context_free_blockio_device_bandwidth(CGroupContext *c, CGroupBlockIODeviceBandwidth *b);
 void cgroup_context_remove_bpf_foreign_program(CGroupContext *c, CGroupBPFForeignProgram *p);
 void cgroup_context_remove_socket_bind(CGroupSocketBindItem **head);
 
@@ -417,8 +388,6 @@ static inline int cgroup_context_add_bpf_foreign_program_dup(CGroupContext *c, c
 int cgroup_context_add_io_device_limit_dup(CGroupContext *c, const CGroupIODeviceLimit *l);
 int cgroup_context_add_io_device_weight_dup(CGroupContext *c, const CGroupIODeviceWeight *w);
 int cgroup_context_add_io_device_latency_dup(CGroupContext *c, const CGroupIODeviceLatency *l);
-int cgroup_context_add_block_io_device_weight_dup(CGroupContext *c, const CGroupBlockIODeviceWeight *w);
-int cgroup_context_add_block_io_device_bandwidth_dup(CGroupContext *c, const CGroupBlockIODeviceBandwidth *b);
 int cgroup_context_add_device_allow_dup(CGroupContext *c, const CGroupDeviceAllow *a);
 int cgroup_context_add_socket_bind_item_allow_dup(CGroupContext *c, const CGroupSocketBindItem *i);
 int cgroup_context_add_socket_bind_item_deny_dup(CGroupContext *c, const CGroupSocketBindItem *i);
@@ -438,7 +407,6 @@ void unit_invalidate_cgroup_members_masks(Unit *u);
 
 void unit_add_family_to_cgroup_realize_queue(Unit *u);
 
-const char* unit_get_realized_cgroup_path(Unit *u, CGroupMask mask);
 int unit_default_cgroup_path(const Unit *u, char **ret);
 int unit_set_cgroup_path(Unit *u, const char *path);
 int unit_pick_cgroup_path(Unit *u);

src/core/dbus-cgroup.c

@@ -35,6 +35,8 @@ static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_de
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_mode, managed_oom_mode, ManagedOOMMode);
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_preference, managed_oom_preference, ManagedOOMPreference);
 
+static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_blockio_ast, "a(st)", 0);
+
 static int property_get_cgroup_mask(
                 sd_bus *bus,
                 const char *path,
@@ -196,72 +198,6 @@ static int property_get_io_device_latency(
         return sd_bus_message_close_container(reply);
 }
 
-static int property_get_blockio_device_weight(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        CGroupContext *c = ASSERT_PTR(userdata);
-        int r;
-
-        assert(bus);
-        assert(reply);
-
-        r = sd_bus_message_open_container(reply, 'a', "(st)");
-        if (r < 0)
-                return r;
-
-        LIST_FOREACH(device_weights, w, c->blockio_device_weights) {
-                r = sd_bus_message_append(reply, "(st)", w->path, w->weight);
-                if (r < 0)
-                        return r;
-        }
-
-        return sd_bus_message_close_container(reply);
-}
-
-static int property_get_blockio_device_bandwidths(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        CGroupContext *c = ASSERT_PTR(userdata);
-        int r;
-
-        assert(bus);
-        assert(reply);
-
-        r = sd_bus_message_open_container(reply, 'a', "(st)");
-        if (r < 0)
-                return r;
-
-        LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
-                uint64_t v;
-
-                if (streq(property, "BlockIOReadBandwidth"))
-                        v = b->rbps;
-                else
-                        v = b->wbps;
-
-                if (v == CGROUP_LIMIT_MAX)
-                        continue;
-
-                r = sd_bus_message_append(reply, "(st)", b->path, v);
-                if (r < 0)
-                        return r;
-        }
-
-        return sd_bus_message_close_container(reply);
-}
-
 static int property_get_device_allow(
                 sd_bus *bus,
                 const char *path,
@@ -450,8 +386,6 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
         SD_BUS_PROPERTY("CPUAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpu_accounting), 0),
         SD_BUS_PROPERTY("CPUWeight", "t", NULL, offsetof(CGroupContext, cpu_weight), 0),
         SD_BUS_PROPERTY("StartupCPUWeight", "t", NULL, offsetof(CGroupContext, startup_cpu_weight), 0),
-        SD_BUS_PROPERTY("CPUShares", "t", NULL, offsetof(CGroupContext, cpu_shares), 0),
-        SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0),
         SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0),
         SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0),
         SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0),
@@ -467,12 +401,6 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
         SD_BUS_PROPERTY("IOReadIOPSMax", "a(st)", property_get_io_device_limits, 0, 0),
         SD_BUS_PROPERTY("IOWriteIOPSMax", "a(st)", property_get_io_device_limits, 0, 0),
         SD_BUS_PROPERTY("IODeviceLatencyTargetUSec", "a(st)", property_get_io_device_latency, 0, 0),
-        SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, blockio_accounting), 0),
-        SD_BUS_PROPERTY("BlockIOWeight", "t", NULL, offsetof(CGroupContext, blockio_weight), 0),
-        SD_BUS_PROPERTY("StartupBlockIOWeight", "t", NULL, offsetof(CGroupContext, startup_blockio_weight), 0),
-        SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_device_weight, 0, 0),
-        SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0),
-        SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0),
         SD_BUS_PROPERTY("MemoryAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, memory_accounting), 0),
         SD_BUS_PROPERTY("DefaultMemoryLow", "t", NULL, offsetof(CGroupContext, default_memory_low), 0),
         SD_BUS_PROPERTY("DefaultStartupMemoryLow", "t", NULL, offsetof(CGroupContext, default_startup_memory_low), 0),
@@ -489,7 +417,6 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
         SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0),
         SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0),
         SD_BUS_PROPERTY("MemoryZSwapWriteback", "b", bus_property_get_bool, offsetof(CGroupContext, memory_zswap_writeback), 0),
-        SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0),
         SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0),
         SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0),
         SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0),
@@ -513,6 +440,16 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
         SD_BUS_PROPERTY("MemoryPressureThresholdUSec", "t", bus_property_get_usec, offsetof(CGroupContext, memory_pressure_threshold_usec), 0),
         SD_BUS_PROPERTY("NFTSet", "a(iiss)", property_get_cgroup_nft_set, 0, 0),
         SD_BUS_PROPERTY("CoredumpReceive", "b", bus_property_get_bool, offsetof(CGroupContext, coredump_receive), 0),
+        /* deprecated cgroup v1 properties */
+        SD_BUS_PROPERTY("MemoryLimit", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("CPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("StartupCPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("StartupBlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
         SD_BUS_VTABLE_END
 };
 
@@ -777,17 +714,6 @@ static int bus_cgroup_set_transient_property(
                                 return r;
 
                         unit_write_setting(u, flags, name, buf);
-
-                        if (c->bpf_foreign_programs) {
-                                r = bpf_foreign_supported();
-                                if (r < 0)
-                                        return r;
-                                if (r == 0)
-                                        log_full(LOG_DEBUG,
-                                                 "Transient unit %s configures a BPF program pinned to BPF "
-                                                 "filesystem, but the local system does not support that.\n"
-                                                 "Starting this unit will fail!", u->id);
-                        }
                 }
 
                 return 1;
@@ -993,9 +919,7 @@ static int bus_cgroup_set_boolean(
         }
 
 DISABLE_WARNING_TYPE_LIMITS;
-BUS_DEFINE_SET_CGROUP_WEIGHT(cpu_shares, CGROUP_MASK_CPU, CGROUP_CPU_SHARES_IS_OK, CGROUP_CPU_SHARES_INVALID);
 BUS_DEFINE_SET_CGROUP_WEIGHT(io_weight, CGROUP_MASK_IO, CGROUP_WEIGHT_IS_OK, CGROUP_WEIGHT_INVALID);
-BUS_DEFINE_SET_CGROUP_WEIGHT(blockio_weight, CGROUP_MASK_BLKIO, CGROUP_BLKIO_WEIGHT_IS_OK, CGROUP_BLKIO_WEIGHT_INVALID);
 BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1);
 BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
 BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
@@ -1127,12 +1051,6 @@ int bus_cgroup_set_property(
         if (streq(name, "StartupCPUWeight"))
                 return bus_cgroup_set_cpu_weight(u, name, &c->startup_cpu_weight, message, flags, error);
 
-        if (streq(name, "CPUShares"))
-                return bus_cgroup_set_cpu_shares(u, name, &c->cpu_shares, message, flags, error);
-
-        if (streq(name, "StartupCPUShares"))
-                return bus_cgroup_set_cpu_shares(u, name, &c->startup_cpu_shares, message, flags, error);
-
         if (streq(name, "IOAccounting"))
                 return bus_cgroup_set_boolean(u, name, &c->io_accounting, CGROUP_MASK_IO, message, flags, error);
 
@@ -1142,15 +1060,6 @@ int bus_cgroup_set_property(
         if (streq(name, "StartupIOWeight"))
                 return bus_cgroup_set_io_weight(u, name, &c->startup_io_weight, message, flags, error);
 
-        if (streq(name, "BlockIOAccounting"))
-                return bus_cgroup_set_boolean(u, name, &c->blockio_accounting, CGROUP_MASK_BLKIO, message, flags, error);
-
-        if (streq(name, "BlockIOWeight"))
-                return bus_cgroup_set_blockio_weight(u, name, &c->blockio_weight, message, flags, error);
-
-        if (streq(name, "StartupBlockIOWeight"))
-                return bus_cgroup_set_blockio_weight(u, name, &c->startup_blockio_weight, message, flags, error);
-
         if (streq(name, "MemoryAccounting"))
                 return bus_cgroup_set_boolean(u, name, &c->memory_accounting, CGROUP_MASK_MEMORY, message, flags, error);
 
@@ -1236,9 +1145,6 @@ int bus_cgroup_set_property(
                 return r;
         }
 
-        if (streq(name, "MemoryLimit"))
-                return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error);
-
         if (streq(name, "MemoryMinScale")) {
                 r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error);
                 if (r > 0)
@@ -1279,9 +1185,6 @@ int bus_cgroup_set_property(
         if (streq(name, "MemoryMaxScale"))
                 return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error);
 
-        if (streq(name, "MemoryLimitScale"))
-                return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error);
-
         if (streq(name, "MemoryZSwapWriteback"))
                 return bus_cgroup_set_boolean(u, name, &c->memory_zswap_writeback, CGROUP_MASK_MEMORY, message, flags, error);
 
@@ -1622,180 +1525,6 @@ int bus_cgroup_set_property(
 
                 return 1;
 
-        } else if (STR_IN_SET(name, "BlockIOReadBandwidth", "BlockIOWriteBandwidth")) {
-                const char *path;
-                unsigned n = 0;
-                uint64_t u64;
-                bool read;
-
-                read = streq(name, "BlockIOReadBandwidth");
-
-                r = sd_bus_message_enter_container(message, 'a', "(st)");
-                if (r < 0)
-                        return r;
-
-                while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) {
-
-                        if (!path_is_normalized(path))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
-
-                        if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                                CGroupBlockIODeviceBandwidth *a = NULL;
-
-                                LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
-                                        if (path_equal(path, b->path)) {
-                                                a = b;
-                                                break;
-                                        }
-
-                                if (!a) {
-                                        a = new0(CGroupBlockIODeviceBandwidth, 1);
-                                        if (!a)
-                                                return -ENOMEM;
-
-                                        a->rbps = CGROUP_LIMIT_MAX;
-                                        a->wbps = CGROUP_LIMIT_MAX;
-                                        a->path = strdup(path);
-                                        if (!a->path) {
-                                                free(a);
-                                                return -ENOMEM;
-                                        }
-
-                                        LIST_APPEND(device_bandwidths, c->blockio_device_bandwidths, a);
-                                }
-
-                                if (read)
-                                        a->rbps = u64;
-                                else
-                                        a->wbps = u64;
-                        }
-
-                        n++;
-                }
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(message);
-                if (r < 0)
-                        return r;
-
-                if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                        _cleanup_(memstream_done) MemStream m = {};
-                        _cleanup_free_ char *buf = NULL;
-                        FILE *f;
-
-                        if (n == 0)
-                                LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) {
-                                        if (read)
-                                                a->rbps = CGROUP_LIMIT_MAX;
-                                        else
-                                                a->wbps = CGROUP_LIMIT_MAX;
-                                }
-
-                        unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO);
-
-                        f = memstream_init(&m);
-                        if (!f)
-                                return -ENOMEM;
-
-                        if (read) {
-                                fputs("BlockIOReadBandwidth=\n", f);
-                                LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths)
-                                        if (a->rbps != CGROUP_LIMIT_MAX)
-                                                fprintf(f, "BlockIOReadBandwidth=%s %" PRIu64 "\n", a->path, a->rbps);
-                        } else {
-                                fputs("BlockIOWriteBandwidth=\n", f);
-                                LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths)
-                                        if (a->wbps != CGROUP_LIMIT_MAX)
-                                                fprintf(f, "BlockIOWriteBandwidth=%s %" PRIu64 "\n", a->path, a->wbps);
-                        }
-
-                        r = memstream_finalize(&m, &buf, NULL);
-                        if (r < 0)
-                                return r;
-
-                        unit_write_setting(u, flags, name, buf);
-                }
-
-                return 1;
-
-        } else if (streq(name, "BlockIODeviceWeight")) {
-                const char *path;
-                uint64_t weight;
-                unsigned n = 0;
-
-                r = sd_bus_message_enter_container(message, 'a', "(st)");
-                if (r < 0)
-                        return r;
-
-                while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) {
-
-                        if (!path_is_normalized(path))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
-
-                        if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight) || weight == CGROUP_BLKIO_WEIGHT_INVALID)
-                                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "BlockIODeviceWeight= out of range");
-
-                        if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                                CGroupBlockIODeviceWeight *a = NULL;
-
-                                LIST_FOREACH(device_weights, b, c->blockio_device_weights)
-                                        if (path_equal(b->path, path)) {
-                                                a = b;
-                                                break;
-                                        }
-
-                                if (!a) {
-                                        a = new0(CGroupBlockIODeviceWeight, 1);
-                                        if (!a)
-                                                return -ENOMEM;
-
-                                        a->path = strdup(path);
-                                        if (!a->path) {
-                                                free(a);
-                                                return -ENOMEM;
-                                        }
-                                        LIST_APPEND(device_weights, c->blockio_device_weights, a);
-                                }
-
-                                a->weight = weight;
-                        }
-
-                        n++;
-                }
-
-                r = sd_bus_message_exit_container(message);
-                if (r < 0)
-                        return r;
-
-                if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                        _cleanup_(memstream_done) MemStream m = {};
-                        _cleanup_free_ char *buf = NULL;
-                        FILE *f;
-
-                        if (n == 0)
-                                while (c->blockio_device_weights)
-                                        cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
-
-                        unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO);
-
-                        f = memstream_init(&m);
-                        if (!f)
-                                return -ENOMEM;
-
-                        fputs("BlockIODeviceWeight=\n", f);
-                        LIST_FOREACH(device_weights, a, c->blockio_device_weights)
-                                fprintf(f, "BlockIODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight);
-
-                        r = memstream_finalize(&m, &buf, NULL);
-                        if (r < 0)
-                                return r;
-
-                        unit_write_setting(u, flags, name, buf);
-                }
-
-                return 1;
-
         } else if (streq(name, "DevicePolicy")) {
                 const char *policy;
                 CGroupDevicePolicy p;
@@ -2319,6 +2048,26 @@ int bus_cgroup_set_property(
                 return 1;
         }
 
+        /* deprecated CGroup v1 properties */
+        if (STR_IN_SET(name,
+                       "MemoryLimit",
+                       "MemoryLimitScale",
+                       "CPUShares",
+                       "StartupCPUShares",
+                       "BlockIOAccounting",
+                       "BlockIOWeight",
+                       "StartupBlockIOWeight",
+                       "BlockIODeviceWeight",
+                       "BlockIOReadBandwidth",
+                       "BlockIOWriteBandwidth")) {
+
+                r = sd_bus_message_skip(message, NULL);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+
         /* must be last */
         if (streq(name, "DisableControllers") || (u->transient && u->load_state == UNIT_STUB))
                 return bus_cgroup_set_transient_property(u, c, name, message, flags, error);

src/core/dbus-manager.c

@@ -3057,7 +3057,6 @@ const sd_bus_vtable bus_manager_vtable[] = {
         SD_BUS_PROPERTY("DefaultStartLimitInterval", "t", bus_property_get_usec, offsetof(Manager, defaults.start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
         SD_BUS_PROPERTY("DefaultStartLimitBurst", "u", bus_property_get_unsigned, offsetof(Manager, defaults.start_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("DefaultCPUAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpu_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("DefaultIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.io_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -3102,6 +3101,8 @@ const sd_bus_vtable bus_manager_vtable[] = {
         SD_BUS_PROPERTY("DefaultOOMScoreAdjust", "i", property_get_oom_score_adjust, 0, SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("CtrlAltDelBurstAction", "s", bus_property_get_emergency_action, offsetof(Manager, cad_burst_action), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("SoftRebootsCount", "u", bus_property_get_unsigned, offsetof(Manager, soft_reboots_count), SD_BUS_VTABLE_PROPERTY_CONST),
+        /* deprecated cgroup v1 property */
+        SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
 
         SD_BUS_METHOD_WITH_ARGS("GetUnit",
                                 SD_BUS_ARGS("s", name),

src/core/exec-invoke.c

@@ -4967,7 +4967,7 @@ int exec_invoke(
                         return log_exec_error_errno(context, params, r, "Failed to acquire cgroup path: %m");
                 }
 
-                r = cg_attach_everywhere(params->cgroup_supported, p, 0);
+                r = cg_attach(p, 0);
                 if (r == -EUCLEAN) {
                         *exit_status = EXIT_CGROUP;
                         return log_exec_error_errno(context, params, r,
@@ -5190,7 +5190,7 @@ int exec_invoke(
                 if (params->flags & EXEC_CGROUP_DELEGATE) {
                         _cleanup_free_ char *p = NULL;
 
-                        r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, uid, gid);
+                        r = cg_set_access(params->cgroup_path, uid, gid);
                         if (r < 0) {
                                 *exit_status = EXIT_CGROUP;
                                 return log_exec_error_errno(context, params, r, "Failed to adjust control group access: %m");
@@ -5202,7 +5202,7 @@ int exec_invoke(
                                 return log_exec_error_errno(context, params, r, "Failed to acquire cgroup path: %m");
                         }
                         if (r > 0) {
-                                r = cg_set_access_recursive(SYSTEMD_CGROUP_CONTROLLER, p, uid, gid);
+                                r = cg_set_access_recursive(p, uid, gid);
                                 if (r < 0) {
                                         *exit_status = EXIT_CGROUP;
                                         return log_exec_error_errno(context, params, r, "Failed to adjust control subgroup access: %m");
@@ -5210,7 +5210,7 @@ int exec_invoke(
                         }
                 }
 
-                if (cg_unified() > 0 && is_pressure_supported() > 0) {
+                if (is_pressure_supported() > 0) {
                         if (cgroup_context_want_memory_pressure(cgroup_context)) {
                                 r = cg_get_path("memory", params->cgroup_path, "memory.pressure", &memory_pressure_path);
                                 if (r < 0) {

src/core/execute-serialize.c

@@ -40,10 +40,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
         if (r < 0)
                 return r;
 
-        r = serialize_bool_elide(f, "exec-cgroup-context-block-io-accounting", c->blockio_accounting);
-        if (r < 0)
-                return r;
-
         r = serialize_bool_elide(f, "exec-cgroup-context-memory-accounting", c->memory_accounting);
         if (r < 0)
                 return r;
@@ -72,18 +68,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
                         return r;
         }
 
-        if (c->cpu_shares != CGROUP_CPU_SHARES_INVALID) {
-                r = serialize_item_format(f, "exec-cgroup-context-cpu-shares", "%" PRIu64, c->cpu_shares);
-                if (r < 0)
-                        return r;
-        }
-
-        if (c->startup_cpu_shares != CGROUP_CPU_SHARES_INVALID) {
-                r = serialize_item_format(f, "exec-cgroup-context-startup-cpu-shares", "%" PRIu64, c->startup_cpu_shares);
-                if (r < 0)
-                        return r;
-        }
-
         if (c->cpu_quota_per_sec_usec != USEC_INFINITY) {
                 r = serialize_usec(f, "exec-cgroup-context-cpu-quota-per-sec-usec", c->cpu_quota_per_sec_usec);
                 if (r < 0)
@@ -140,18 +124,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
                         return r;
         }
 
-        if (c->blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID) {
-                r = serialize_item_format(f, "exec-cgroup-context-block-io-weight", "%" PRIu64, c->blockio_weight);
-                if (r < 0)
-                        return r;
-        }
-
-        if (c->startup_blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID) {
-                r = serialize_item_format(f, "exec-cgroup-context-startup-block-io-weight", "%" PRIu64, c->startup_blockio_weight);
-                if (r < 0)
-                        return r;
-        }
-
         if (c->default_memory_min > 0) {
                 r = serialize_item_format(f, "exec-cgroup-context-default-memory-min", "%" PRIu64, c->default_memory_min);
                 if (r < 0)
@@ -234,12 +206,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
         if (r < 0)
                 return r;
 
-        if (c->memory_limit != CGROUP_LIMIT_MAX) {
-                r = serialize_item_format(f, "exec-cgroup-context-memory-limit", "%" PRIu64, c->memory_limit);
-                if (r < 0)
-                        return r;
-        }
-
         if (c->tasks_max.value != UINT64_MAX) {
                 r = serialize_item_format(f, "exec-cgroup-context-tasks-max-value", "%" PRIu64, c->tasks_max.value);
                 if (r < 0)
@@ -390,31 +356,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
                                 return r;
                 }
 
-        LIST_FOREACH(device_weights, w, c->blockio_device_weights) {
-                r = serialize_item_format(f, "exec-cgroup-context-blockio-device-weight", "%s %" PRIu64,
-                                          w->path,
-                                          w->weight);
-                if (r < 0)
-                        return r;
-        }
-
-        LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
-                if (b->rbps != CGROUP_LIMIT_MAX) {
-                        r = serialize_item_format(f, "exec-cgroup-context-blockio-read-bandwidth", "%s %" PRIu64,
-                                                  b->path,
-                                                  b->rbps);
-                        if (r < 0)
-                                return r;
-                }
-                if (b->wbps != CGROUP_LIMIT_MAX) {
-                        r = serialize_item_format(f, "exec-cgroup-context-blockio-write-bandwidth", "%s %" PRIu64,
-                                                  b->path,
-                                                  b->wbps);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
         SET_FOREACH(iaai, c->ip_address_allow) {
                 r = serialize_item(f,
                                    "exec-cgroup-context-ip-address-allow",
@@ -512,11 +453,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                         if (r < 0)
                                 return r;
                         c->io_accounting = r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-accounting="))) {
-                        r = parse_boolean(val);
-                        if (r < 0)
-                                return r;
-                        c->blockio_accounting = r;
                 } else if ((val = startswith(l, "exec-cgroup-context-memory-accounting="))) {
                         r = parse_boolean(val);
                         if (r < 0)
@@ -545,14 +481,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                         r = safe_atou64(val, &c->startup_cpu_weight);
                         if (r < 0)
                                 return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-cpu-shares="))) {
-                        r = safe_atou64(val, &c->cpu_shares);
-                        if (r < 0)
-                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-startup-cpu-shares="))) {
-                        r = safe_atou64(val, &c->startup_cpu_shares);
-                        if (r < 0)
-                                return r;
                 } else if ((val = startswith(l, "exec-cgroup-context-cpu-quota-per-sec-usec="))) {
                         r = deserialize_usec(val, &c->cpu_quota_per_sec_usec);
                         if (r < 0)
@@ -625,14 +553,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                         r = safe_atou64(val, &c->startup_io_weight);
                         if (r < 0)
                                 return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-weight="))) {
-                        r = safe_atou64(val, &c->blockio_weight);
-                        if (r < 0)
-                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-startup-block-io-weight="))) {
-                        r = safe_atou64(val, &c->startup_blockio_weight);
-                        if (r < 0)
-                                return r;
                 } else if ((val = startswith(l, "exec-cgroup-context-default-memory-min="))) {
                         r = safe_atou64(val, &c->default_memory_min);
                         if (r < 0)
@@ -690,10 +610,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                         if (r < 0)
                                 return r;
                         c->memory_zswap_writeback = r;
-                } else if ((val = startswith(l, "exec-cgroup-context-memory-limit="))) {
-                        r = safe_atou64(val, &c->memory_limit);
-                        if (r < 0)
-                                return r;
                 } else if ((val = startswith(l, "exec-cgroup-context-tasks-max-value="))) {
                         r = safe_atou64(val, &c->tasks_max.value);
                         if (r < 0)
@@ -912,87 +828,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                         r = safe_atou64(limits, &limit->limits[t]);
                         if (r < 0)
                                 return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-device-weight="))) {
-                        _cleanup_free_ char *path = NULL, *weight = NULL;
-                        CGroupBlockIODeviceWeight *a = NULL;
-
-                        r = extract_many_words(&val, " ", 0, &path, &weight);
-                        if (r < 0)
-                                return r;
-                        if (r != 2)
-                                return -EINVAL;
-
-                        a = new0(CGroupBlockIODeviceWeight, 1);
-                        if (!a)
-                                return log_oom_debug();
-
-                        a->path = TAKE_PTR(path);
-
-                        LIST_PREPEND(device_weights, c->blockio_device_weights, a);
-
-                        r = safe_atou64(weight, &a->weight);
-                        if (r < 0)
-                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-read-bandwidth="))) {
-                        _cleanup_free_ char *path = NULL, *bw = NULL;
-                        CGroupBlockIODeviceBandwidth *a = NULL;
-
-                        r = extract_many_words(&val, " ", 0, &path, &bw);
-                        if (r < 0)
-                                return r;
-                        if (r != 2)
-                                return -EINVAL;
-
-                        LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
-                                if (path_equal(b->path, path)) {
-                                        a = b;
-                                        break;
-                                }
-
-                        if (!a) {
-                                a = new0(CGroupBlockIODeviceBandwidth, 1);
-                                if (!a)
-                                        return log_oom_debug();
-
-                                a->path = TAKE_PTR(path);
-                                a->wbps = CGROUP_LIMIT_MAX;
-
-                                LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, a);
-                        }
-
-                        r = safe_atou64(bw, &a->rbps);
-                        if (r < 0)
-                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-write-bandwidth="))) {
-                        _cleanup_free_ char *path = NULL, *bw = NULL;
-                        CGroupBlockIODeviceBandwidth *a = NULL;
-
-                        r = extract_many_words(&val, " ", 0, &path, &bw);
-                        if (r < 0)
-                                return r;
-                        if (r != 2)
-                                return -EINVAL;
-
-                        LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
-                                if (path_equal(b->path, path)) {
-                                        a = b;
-                                        break;
-                                }
-
-                        if (!a) {
-                                a = new0(CGroupBlockIODeviceBandwidth, 1);
-                                if (!a)
-                                        return log_oom_debug();
-
-                                a->path = TAKE_PTR(path);
-                                a->rbps = CGROUP_LIMIT_MAX;
-
-                                LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, a);
-                        }
-
-                        r = safe_atou64(bw, &a->wbps);
-                        if (r < 0)
-                                return r;
                 } else if ((val = startswith(l, "exec-cgroup-context-ip-address-allow="))) {
                         struct in_addr_prefix a;
 

src/core/execute.c

@@ -508,7 +508,7 @@ int exec_spawn(
                         /* If there's a subcgroup, then let's create it here now (the main cgroup was already
                          * realized by the unit logic) */
 
-                        r = cg_create(SYSTEMD_CGROUP_CONTROLLER, subcgroup_path);
+                        r = cg_create(subcgroup_path);
                         if (r < 0)
                                 return log_unit_error_errno(unit, r, "Failed to create subcgroup '%s': %m", subcgroup_path);
                 }
@@ -576,7 +576,7 @@ int exec_spawn(
                                   "--log-level", max_log_levels,
                                   "--log-target", log_target_to_string(manager_get_executor_log_target(unit->manager))),
                         environ,
-                        cg_unified() > 0 ? subcgroup_path : NULL,
+                        subcgroup_path,
                         &pidref);
 
         /* Drop the ambient set again, so no processes other than sd-executore spawned from the manager inherit it. */
@@ -593,7 +593,7 @@ int exec_spawn(
          * executed outside of the cgroup) and in the parent (so that we can be sure that when we kill the cgroup the
          * process will be killed too). */
         if (r == 0 && subcgroup_path)
-                (void) cg_attach(SYSTEMD_CGROUP_CONTROLLER, subcgroup_path, pidref.pid);
+                (void) cg_attach(subcgroup_path, pidref.pid);
         /* r > 0: Already in the right cgroup thanks to CLONE_INTO_CGROUP */
 
         log_unit_debug(unit, "Forked %s as " PID_FMT " (%s CLONE_INTO_CGROUP)",

src/core/load-fragment-gperf.gperf.in

@@ -204,8 +204,8 @@
 {{type}}.CPUAccounting,                       config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.cpu_accounting)
 {{type}}.CPUWeight,                           config_parse_cg_cpu_weight,                         0,                                  offsetof({{type}}, cgroup_context.cpu_weight)
 {{type}}.StartupCPUWeight,                    config_parse_cg_cpu_weight,                         0,                                  offsetof({{type}}, cgroup_context.startup_cpu_weight)
-{{type}}.CPUShares,                           config_parse_cpu_shares,                            0,                                  offsetof({{type}}, cgroup_context.cpu_shares)
-{{type}}.StartupCPUShares,                    config_parse_cpu_shares,                            0,                                  offsetof({{type}}, cgroup_context.startup_cpu_shares)
+{{type}}.CPUShares,                           config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.StartupCPUShares,                    config_parse_warn_compat,                           DISABLED_LEGACY,                    0
 {{type}}.CPUQuota,                            config_parse_cpu_quota,                             0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.CPUQuotaPeriodSec,                   config_parse_sec_def_infinity,                      0,                                  offsetof({{type}}, cgroup_context.cpu_quota_period_usec)
 {{type}}.MemoryAccounting,                    config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.memory_accounting)
@@ -224,7 +224,7 @@
 {{type}}.MemoryZSwapMax,                      config_parse_memory_limit,                          0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.StartupMemoryZSwapMax,               config_parse_memory_limit,                          0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.MemoryZSwapWriteback,                config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.memory_zswap_writeback)
-{{type}}.MemoryLimit,                         config_parse_memory_limit,                          0,                                  offsetof({{type}}, cgroup_context)
+{{type}}.MemoryLimit,                         config_parse_warn_compat,                           DISABLED_LEGACY,                    0
 {{type}}.DeviceAllow,                         config_parse_device_allow,                          0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.DevicePolicy,                        config_parse_device_policy,                         0,                                  offsetof({{type}}, cgroup_context.device_policy)
 {{type}}.IOAccounting,                        config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.io_accounting)
@@ -236,12 +236,12 @@
 {{type}}.IOReadIOPSMax,                       config_parse_io_limit,                              0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.IOWriteIOPSMax,                      config_parse_io_limit,                              0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.IODeviceLatencyTargetSec,            config_parse_io_device_latency,                     0,                                  offsetof({{type}}, cgroup_context)
-{{type}}.BlockIOAccounting,                   config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.blockio_accounting)
-{{type}}.BlockIOWeight,                       config_parse_blockio_weight,                        0,                                  offsetof({{type}}, cgroup_context.blockio_weight)
-{{type}}.StartupBlockIOWeight,                config_parse_blockio_weight,                        0,                                  offsetof({{type}}, cgroup_context.startup_blockio_weight)
-{{type}}.BlockIODeviceWeight,                 config_parse_blockio_device_weight,                 0,                                  offsetof({{type}}, cgroup_context)
-{{type}}.BlockIOReadBandwidth,                config_parse_blockio_bandwidth,                     0,                                  offsetof({{type}}, cgroup_context)
-{{type}}.BlockIOWriteBandwidth,               config_parse_blockio_bandwidth,                     0,                                  offsetof({{type}}, cgroup_context)
+{{type}}.BlockIOAccounting,                   config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.BlockIOWeight,                       config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.StartupBlockIOWeight,                config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.BlockIODeviceWeight,                 config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.BlockIOReadBandwidth,                config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.BlockIOWriteBandwidth,               config_parse_warn_compat,                           DISABLED_LEGACY,                    0
 {{type}}.TasksAccounting,                     config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.tasks_accounting)
 {{type}}.TasksMax,                            config_parse_tasks_max,                             0,                                  offsetof({{type}}, cgroup_context.tasks_max)
 {{type}}.Delegate,                            config_parse_delegate,                              0,                                  offsetof({{type}}, cgroup_context)

src/core/load-fragment.c

@@ -153,38 +153,13 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy);
 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference, managed_oom_preference, ManagedOOMPreference);
 DEFINE_CONFIG_PARSE_ENUM(config_parse_memory_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch);
 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1);
-DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t);
 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t);
 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight, cg_cpu_weight_parse, uint64_t);
-static DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares_internal, cg_cpu_shares_parse, uint64_t);
 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_propagation_flag, mount_propagation_flag_from_string, unsigned long);
 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1);
 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat);
 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping);
 
-int config_parse_cpu_shares(
-                const char *unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-
-        log_syntax(unit, LOG_WARNING, filename, line, 0,
-                   "Unit uses %s=; please use CPUWeight= instead. Support for %s= will be removed soon.",
-                   lvalue, lvalue);
-
-        return config_parse_cpu_shares_internal(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
-}
-
 bool contains_instance_specifier_superset(const char *s) {
         const char *p, *q;
         bool percent = false;
@@ -3899,10 +3874,6 @@ int config_parse_memory_limit(
         else if (streq(lvalue, "StartupMemoryZSwapMax")) {
                 c->startup_memory_zswap_max = bytes;
                 c->startup_memory_zswap_max_set = true;
-        } else if (streq(lvalue, "MemoryLimit")) {
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
-                           "Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.");
-                c->memory_limit = bytes;
         } else
                 return -EINVAL;
 
@@ -4477,177 +4448,6 @@ int config_parse_io_limit(
         return 0;
 }
 
-int config_parse_blockio_device_weight(
-                const char *unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        _cleanup_free_ char *path = NULL, *resolved = NULL;
-        CGroupBlockIODeviceWeight *w;
-        CGroupContext *c = data;
-        const char *p = ASSERT_PTR(rvalue);
-        uint64_t u;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-
-        log_syntax(unit, LOG_WARNING, filename, line, 0,
-                   "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
-                   lvalue, lvalue);
-
-        if (isempty(rvalue)) {
-                while (c->blockio_device_weights)
-                        cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
-
-                return 0;
-        }
-
-        r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
-        if (r == -ENOMEM)
-                return log_oom();
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to extract device node and weight from '%s', ignoring.", rvalue);
-                return 0;
-        }
-        if (r == 0 || isempty(p)) {
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
-                           "Invalid device node or weight specified in '%s', ignoring.", rvalue);
-                return 0;
-        }
-
-        r = unit_path_printf(userdata, path, &resolved);
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
-                return 0;
-        }
-
-        r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
-        if (r < 0)
-                return 0;
-
-        r = cg_blkio_weight_parse(p, &u);
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
-                return 0;
-        }
-
-        assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
-
-        w = new0(CGroupBlockIODeviceWeight, 1);
-        if (!w)
-                return log_oom();
-
-        w->path = TAKE_PTR(resolved);
-        w->weight = u;
-
-        LIST_APPEND(device_weights, c->blockio_device_weights, w);
-        return 0;
-}
-
-int config_parse_blockio_bandwidth(
-                const char *unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        _cleanup_free_ char *path = NULL, *resolved = NULL;
-        CGroupBlockIODeviceBandwidth *b = NULL;
-        CGroupContext *c = data;
-        const char *p = ASSERT_PTR(rvalue);
-        uint64_t bytes;
-        bool read;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-
-        log_syntax(unit, LOG_WARNING, filename, line, 0,
-                   "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
-                   lvalue, lvalue);
-
-        read = streq("BlockIOReadBandwidth", lvalue);
-
-        if (isempty(rvalue)) {
-                LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
-                        t->rbps = CGROUP_LIMIT_MAX;
-                        t->wbps = CGROUP_LIMIT_MAX;
-                }
-                return 0;
-        }
-
-        r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
-        if (r == -ENOMEM)
-                return log_oom();
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
-                return 0;
-        }
-        if (r == 0 || isempty(p)) {
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
-                           "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue);
-                return 0;
-        }
-
-        r = unit_path_printf(userdata, path, &resolved);
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
-                return 0;
-        }
-
-        r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
-        if (r < 0)
-                return 0;
-
-        r = parse_size(p, 1000, &bytes);
-        if (r < 0 || bytes <= 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
-                return 0;
-        }
-
-        LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths)
-                if (path_equal(resolved, t->path)) {
-                        b = t;
-                        break;
-                }
-
-        if (!b) {
-                b = new0(CGroupBlockIODeviceBandwidth, 1);
-                if (!b)
-                        return log_oom();
-
-                b->path = TAKE_PTR(resolved);
-                b->rbps = CGROUP_LIMIT_MAX;
-                b->wbps = CGROUP_LIMIT_MAX;
-
-                LIST_APPEND(device_bandwidths, c->blockio_device_bandwidths, b);
-        }
-
-        if (read)
-                b->rbps = bytes;
-        else
-                b->wbps = bytes;
-
-        return 0;
-}
-
 int config_parse_job_mode_isolate(
                 const char *unit,
                 const char *filename,
@@ -6372,7 +6172,6 @@ void unit_dump_config_items(FILE *f) {
 #endif
                 { config_parse_namespace_flags,       "NAMESPACES" },
                 { config_parse_restrict_filesystems,  "FILESYSTEMS"  },
-                { config_parse_cpu_shares,            "SHARES" },
                 { config_parse_cg_weight,             "WEIGHT" },
                 { config_parse_cg_cpu_weight,         "CPUWEIGHT" },
                 { config_parse_memory_limit,          "LIMIT" },
@@ -6381,9 +6180,6 @@ void unit_dump_config_items(FILE *f) {
                 { config_parse_io_limit,              "LIMIT" },
                 { config_parse_io_device_weight,      "DEVICEWEIGHT" },
                 { config_parse_io_device_latency,     "DEVICELATENCY" },
-                { config_parse_blockio_bandwidth,     "BANDWIDTH" },
-                { config_parse_blockio_weight,        "WEIGHT" },
-                { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
                 { config_parse_long,                  "LONG" },
                 { config_parse_socket_service,        "SERVICE" },
 #if HAVE_SELINUX

src/core/load-fragment.h

@@ -81,7 +81,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_unset_environ);
 CONFIG_PARSER_PROTOTYPE(config_parse_unit_slice);
 CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight);
 CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight);
-CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares);
 CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit);
 CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max);
 CONFIG_PARSER_PROTOTYPE(config_parse_delegate);
@@ -95,9 +94,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_device_allow);
 CONFIG_PARSER_PROTOTYPE(config_parse_io_device_latency);
 CONFIG_PARSER_PROTOTYPE(config_parse_io_device_weight);
 CONFIG_PARSER_PROTOTYPE(config_parse_io_limit);
-CONFIG_PARSER_PROTOTYPE(config_parse_blockio_weight);
-CONFIG_PARSER_PROTOTYPE(config_parse_blockio_device_weight);
-CONFIG_PARSER_PROTOTYPE(config_parse_blockio_bandwidth);
 CONFIG_PARSER_PROTOTYPE(config_parse_job_mode);
 CONFIG_PARSER_PROTOTYPE(config_parse_job_mode_isolate);
 CONFIG_PARSER_PROTOTYPE(config_parse_exec_selinux_context);

src/core/main.c

@@ -794,7 +794,7 @@ static int parse_config_file(void) {
                 { "Manager", "DefaultCPUAccounting",         config_parse_bool,                  0,                        &arg_defaults.cpu_accounting      },
                 { "Manager", "DefaultIOAccounting",          config_parse_bool,                  0,                        &arg_defaults.io_accounting       },
                 { "Manager", "DefaultIPAccounting",          config_parse_bool,                  0,                        &arg_defaults.ip_accounting       },
-                { "Manager", "DefaultBlockIOAccounting",     config_parse_bool,                  0,                        &arg_defaults.blockio_accounting  },
+                { "Manager", "DefaultBlockIOAccounting",     config_parse_warn_compat,           DISABLED_LEGACY,          NULL                              },
                 { "Manager", "DefaultMemoryAccounting",      config_parse_bool,                  0,                        &arg_defaults.memory_accounting   },
                 { "Manager", "DefaultTasksAccounting",       config_parse_bool,                  0,                        &arg_defaults.tasks_accounting    },
                 { "Manager", "DefaultTasksMax",              config_parse_tasks_max,             0,                        &arg_defaults.tasks_max           },

src/core/scope.c

@@ -371,7 +371,7 @@ static int scope_enter_start_chown(Scope *s) {
                         }
                 }
 
-                r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_runtime->cgroup_path, uid, gid);
+                r = cg_set_access(s->cgroup_runtime->cgroup_path, uid, gid);
                 if (r < 0) {
                         log_unit_error_errno(UNIT(s), r, "Failed to adjust control group access: %m");
                         _exit(EXIT_CGROUP);

src/core/service.c

@@ -729,9 +729,6 @@ static int service_verify(Service *s) {
         if (s->type == SERVICE_SIMPLE && s->exec_command[SERVICE_EXEC_START_POST] && exec_context_has_credentials(&s->exec_context))
                 log_unit_warning(UNIT(s), "Service uses a combination of Type=simple, ExecStartPost=, and credentials. This could lead to race conditions. Continuing.");
 
-        if (s->exit_type == SERVICE_EXIT_CGROUP && cg_unified() < CGROUP_UNIFIED_SYSTEMD)
-                log_unit_warning(UNIT(s), "Service has ExitType=cgroup set, but we are running with legacy cgroups v1, which might not work correctly. Continuing.");
-
         if (s->restart_max_delay_usec == USEC_INFINITY && s->restart_steps > 0)
                 log_unit_warning(UNIT(s), "Service has RestartSteps= but no RestartMaxDelaySec= setting. Ignoring.");
 

src/core/unit.c

@@ -173,7 +173,6 @@ static void unit_init(Unit *u) {
 
                 cc->cpu_accounting = u->manager->defaults.cpu_accounting;
                 cc->io_accounting = u->manager->defaults.io_accounting;
-                cc->blockio_accounting = u->manager->defaults.blockio_accounting;
                 cc->memory_accounting = u->manager->defaults.memory_accounting;
                 cc->tasks_accounting = u->manager->defaults.tasks_accounting;
                 cc->ip_accounting = u->manager->defaults.ip_accounting;
@@ -1572,9 +1571,6 @@ static int unit_add_oomd_dependencies(Unit *u) {
         if (!wants_oomd)
                 return 0;
 
-        if (!cg_all_unified())
-                return 0;
-
         r = cg_mask_supported(&mask);
         if (r < 0)
                 return log_debug_errno(r, "Failed to determine supported controllers: %m");
@@ -4809,16 +4805,7 @@ int unit_kill_context(Unit *u, KillOperation k) {
 
                 } else if (r > 0) {
 
-                        /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
-                         * we are running in a container or if this is a delegation unit, simply because cgroup
-                         * notification is unreliable in these cases. It doesn't work at all in containers, and outside
-                         * of containers it can be confused easily by left-over directories in the cgroup — which
-                         * however should not exist in non-delegated units. On the unified hierarchy that's different,
-                         * there we get proper events. Hence rely on them. */
-
-                        if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
-                            (detect_container() == 0 && !unit_cgroup_delegate(u)))
-                                wait_for_exit = true;
+                        wait_for_exit = true;
 
                         if (send_sighup) {
                                 r = unit_pid_set(u, &pid_set);
@@ -5418,7 +5405,7 @@ int unit_fork_helper_process(Unit *u, const char *name, bool into_cgroup, PidRef
         (void) ignore_signals(SIGPIPE);
 
         if (crt && crt->cgroup_path) {
-                r = cg_attach_everywhere(u->manager->cgroup_supported, crt->cgroup_path, 0);
+                r = cg_attach(crt->cgroup_path, 0);
                 if (r < 0) {
                         log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", empty_to_root(crt->cgroup_path));
                         _exit(EXIT_CGROUP);

src/libsystemd/sd-netlink/netlink-socket.c

@@ -161,12 +161,13 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
         assert(fd >= 0);
         assert(peek || (buf && buf_size > 0));
 
+        /* Note: this might return successfully, but with a zero size under some transient conditions, such
+         * as the reception of a non-kernel message. In such a case the passed buffer might or might not be
+         * modified. Caller must treat a zero return as "no message, but also not an error". */
+
         n = recvmsg_safe(fd, &msg, peek ? (MSG_PEEK|MSG_TRUNC) : 0);
-        if (ERRNO_IS_NEG_TRANSIENT(n)) {
-                if (ret_mcast_group)
-                        *ret_mcast_group = 0;
-                return 0;
-        }
+        if (ERRNO_IS_NEG_TRANSIENT(n))
+                goto transient;
         if (n == -ENOBUFS)
                 return log_debug_errno(n, "sd-netlink: kernel receive buffer overrun");
         if (n == -ECHRNG)
@@ -181,15 +182,16 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
                 log_debug("sd-netlink: ignoring message from PID %"PRIu32, sender.nl.nl_pid);
 
                 if (peek) {
-                        /* drop the message */
+                        /* Drop the message. Note that we ignore ECHRNG/EXFULL errors here, which
+                         * recvmsg_safe() returns in case the payload or cdata is truncated. Given we just
+                         * want to drop the message we also don't care if its payload or cdata was
+                         * truncated. */
                         n = recvmsg_safe(fd, &msg, 0);
-                        if (n < 0)
+                        if (n < 0 && !IN_SET(n, -ECHRNG, -EXFULL))
                                 return (int) n;
                 }
 
-                if (ret_mcast_group)
-                        *ret_mcast_group = 0;
-                return 0;
+                goto transient;
         }
 
         if (ret_mcast_group) {
@@ -203,6 +205,12 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
         }
 
         return (int) n;
+
+transient:
+        if (ret_mcast_group)
+                *ret_mcast_group = 0;
+
+        return 0;
 }
 
 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(

src/network/netdev/l2tp-tunnel.c

@@ -54,6 +54,11 @@ static L2tpSession* l2tp_session_free(L2tpSession *s) {
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(L2tpSession, l2tp_session_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                l2tp_session_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                L2tpSession, l2tp_session_free);
+
 static int l2tp_session_new_static(L2tpTunnel *t, const char *filename, unsigned section_line, L2tpSession **ret) {
         _cleanup_(config_section_freep) ConfigSection *n = NULL;
         _cleanup_(l2tp_session_freep) L2tpSession *s = NULL;
@@ -84,7 +89,7 @@ static int l2tp_session_new_static(L2tpTunnel *t, const char *filename, unsigned
                 .section = TAKE_PTR(n),
         };
 
-        r = ordered_hashmap_ensure_put(&t->sessions_by_section, &config_section_hash_ops, s->section, s);
+        r = ordered_hashmap_ensure_put(&t->sessions_by_section, &l2tp_session_hash_ops_by_section, s->section, s);
         if (r < 0)
                 return r;
 
@@ -904,7 +909,7 @@ static int netdev_l2tp_tunnel_get_ifindex(NetDev *netdev, const char *name) {
 static void l2tp_tunnel_done(NetDev *netdev) {
         L2tpTunnel *t = L2TP(netdev);
 
-        ordered_hashmap_free_with_destructor(t->sessions_by_section, l2tp_session_free);
+        ordered_hashmap_free(t->sessions_by_section);
         free(t->local_ifname);
 }
 

src/network/netdev/macsec.c

@@ -20,6 +20,12 @@
 #include "string-util.h"
 #include "unaligned.h"
 
+#define SECURITY_ASSOCIATION_NULL               \
+        (SecurityAssociation) {                 \
+                .activate = -1,                 \
+                .use_for_encoding = -1,         \
+        }
+
 static void security_association_clear(SecurityAssociation *sa) {
         if (!sa)
                 return;
@@ -29,13 +35,6 @@ static void security_association_clear(SecurityAssociation *sa) {
         free(sa->key_file);
 }
 
-static void security_association_init(SecurityAssociation *sa) {
-        assert(sa);
-
-        sa->activate = -1;
-        sa->use_for_encoding = -1;
-}
-
 static ReceiveAssociation* macsec_receive_association_free(ReceiveAssociation *c) {
         if (!c)
                 return NULL;
@@ -51,6 +50,11 @@ static ReceiveAssociation* macsec_receive_association_free(ReceiveAssociation *c
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(ReceiveAssociation, macsec_receive_association_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                receive_association_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                ReceiveAssociation, macsec_receive_association_free);
+
 static int macsec_receive_association_new_static(MACsec *s, const char *filename, unsigned section_line, ReceiveAssociation **ret) {
         _cleanup_(config_section_freep) ConfigSection *n = NULL;
         _cleanup_(macsec_receive_association_freep) ReceiveAssociation *c = NULL;
@@ -78,16 +82,14 @@ static int macsec_receive_association_new_static(MACsec *s, const char *filename
         *c = (ReceiveAssociation) {
                 .macsec = s,
                 .section = TAKE_PTR(n),
+                .sa = SECURITY_ASSOCIATION_NULL,
         };
 
-        security_association_init(&c->sa);
-
-        r = ordered_hashmap_ensure_put(&s->receive_associations_by_section, &config_section_hash_ops, c->section, c);
+        r = ordered_hashmap_ensure_put(&s->receive_associations_by_section, &receive_association_hash_ops_by_section, c->section, c);
         if (r < 0)
                 return r;
 
         *ret = TAKE_PTR(c);
-
         return 0;
 }
 
@@ -110,6 +112,16 @@ static ReceiveChannel* macsec_receive_channel_free(ReceiveChannel *c) {
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(ReceiveChannel, macsec_receive_channel_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                receive_channel_hash_ops,
+                uint64_t, uint64_hash_func, uint64_compare_func,
+                ReceiveChannel, macsec_receive_channel_free);
+
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                receive_channel_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                ReceiveChannel, macsec_receive_channel_free);
+
 static int macsec_receive_channel_new(MACsec *s, uint64_t sci, ReceiveChannel **ret) {
         ReceiveChannel *c;
 
@@ -154,12 +166,11 @@ static int macsec_receive_channel_new_static(MACsec *s, const char *filename, un
 
         c->section = TAKE_PTR(n);
 
-        r = ordered_hashmap_ensure_put(&s->receive_channels_by_section, &config_section_hash_ops, c->section, c);
+        r = ordered_hashmap_ensure_put(&s->receive_channels_by_section, &receive_channel_hash_ops_by_section, c->section, c);
         if (r < 0)
                 return r;
 
         *ret = TAKE_PTR(c);
-
         return 0;
 }
 
@@ -178,6 +189,11 @@ static TransmitAssociation* macsec_transmit_association_free(TransmitAssociation
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(TransmitAssociation, macsec_transmit_association_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                transmit_association_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                TransmitAssociation, macsec_transmit_association_free);
+
 static int macsec_transmit_association_new_static(MACsec *s, const char *filename, unsigned section_line, TransmitAssociation **ret) {
         _cleanup_(config_section_freep) ConfigSection *n = NULL;
         _cleanup_(macsec_transmit_association_freep) TransmitAssociation *a = NULL;
@@ -205,16 +221,14 @@ static int macsec_transmit_association_new_static(MACsec *s, const char *filenam
         *a = (TransmitAssociation) {
                 .macsec = s,
                 .section = TAKE_PTR(n),
+                .sa = SECURITY_ASSOCIATION_NULL,
         };
 
-        security_association_init(&a->sa);
-
-        r = ordered_hashmap_ensure_put(&s->transmit_associations_by_section, &config_section_hash_ops, a->section, a);
+        r = ordered_hashmap_ensure_put(&s->transmit_associations_by_section, &transmit_association_hash_ops_by_section, a->section, a);
         if (r < 0)
                 return r;
 
         *ret = TAKE_PTR(a);
-
         return 0;
 }
 
@@ -1018,7 +1032,7 @@ static int macsec_receive_channel_verify(ReceiveChannel *c) {
                                               "Ignoring [MACsecReceiveChannel] section from line %u",
                                               c->section->filename, c->section->line);
 
-        r = ordered_hashmap_ensure_put(&c->macsec->receive_channels, &uint64_hash_ops, &c->sci.as_uint64, c);
+        r = ordered_hashmap_ensure_put(&c->macsec->receive_channels, &receive_channel_hash_ops, &c->sci.as_uint64, c);
         if (r == -ENOMEM)
                 return log_oom();
         if (r == -EEXIST)
@@ -1108,7 +1122,7 @@ static int macsec_receive_association_verify(ReceiveAssociation *a) {
                 if (r < 0)
                         return log_oom();
 
-                r = ordered_hashmap_ensure_put(&a->macsec->receive_channels, &uint64_hash_ops, &new_channel->sci.as_uint64, new_channel);
+                r = ordered_hashmap_ensure_put(&a->macsec->receive_channels, &receive_channel_hash_ops, &new_channel->sci.as_uint64, new_channel);
                 if (r == -ENOMEM)
                         return log_oom();
                 if (r < 0)
@@ -1203,10 +1217,10 @@ static void macsec_init(NetDev *netdev) {
 static void macsec_done(NetDev *netdev) {
         MACsec *v = MACSEC(netdev);
 
-        ordered_hashmap_free_with_destructor(v->receive_channels, macsec_receive_channel_free);
-        ordered_hashmap_free_with_destructor(v->receive_channels_by_section, macsec_receive_channel_free);
-        ordered_hashmap_free_with_destructor(v->transmit_associations_by_section, macsec_transmit_association_free);
-        ordered_hashmap_free_with_destructor(v->receive_associations_by_section, macsec_receive_association_free);
+        ordered_hashmap_free(v->receive_channels);
+        ordered_hashmap_free(v->receive_channels_by_section);
+        ordered_hashmap_free(v->transmit_associations_by_section);
+        ordered_hashmap_free(v->receive_associations_by_section);
 }
 
 const NetDevVTable macsec_vtable = {

src/network/netdev/wireguard.c

@@ -72,6 +72,11 @@ static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(WireguardPeer, wireguard_peer_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                wireguard_peer_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                WireguardPeer, wireguard_peer_free);
+
 static int wireguard_peer_new_static(Wireguard *w, const char *filename, unsigned section_line, WireguardPeer **ret) {
         _cleanup_(config_section_freep) ConfigSection *n = NULL;
         _cleanup_(wireguard_peer_freep) WireguardPeer *peer = NULL;
@@ -104,7 +109,7 @@ static int wireguard_peer_new_static(Wireguard *w, const char *filename, unsigne
 
         LIST_PREPEND(peers, w->peers, peer);
 
-        r = hashmap_ensure_put(&w->peers_by_section, &config_section_hash_ops, peer->section, peer);
+        r = hashmap_ensure_put(&w->peers_by_section, &wireguard_peer_hash_ops_by_section, peer->section, peer);
         if (r < 0)
                 return r;
 
@@ -1077,7 +1082,7 @@ static void wireguard_done(NetDev *netdev) {
         explicit_bzero_safe(w->private_key, WG_KEY_LEN);
         free(w->private_key_file);
 
-        hashmap_free_with_destructor(w->peers_by_section, wireguard_peer_free);
+        hashmap_free(w->peers_by_section);
 
         set_free(w->routes);
 }

src/network/networkd-routing-policy-rule.c

@@ -615,7 +615,7 @@ static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule
         if (r < 0)
                 return r;
 
-        if (rule->fwmark > 0) {
+        if (rule->fwmark > 0 || rule->fwmask > 0) {
                 r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark);
                 if (r < 0)
                         return r;
@@ -1315,14 +1315,12 @@ static int parse_fwmark_fwmask(const char *s, uint32_t *ret_fwmark, uint32_t *re
         if (r < 0)
                 return r;
 
-        if (fwmark > 0) {
-                if (slash) {
-                        r = safe_atou32(slash + 1, &fwmask);
-                        if (r < 0)
-                                return r;
-                } else
-                        fwmask = UINT32_MAX;
-        }
+        if (slash) {
+                r = safe_atou32(slash + 1, &fwmask);
+                if (r < 0)
+                        return r;
+        } else if (fwmark > 0)
+                fwmask = UINT32_MAX;
 
         *ret_fwmark = fwmark;
         *ret_fwmask = fwmask;

src/nspawn/nspawn-cgroup.c

@@ -88,9 +88,9 @@ int create_subcgroup(
                 return log_oom();
 
         if (userns_mode != USER_NAMESPACE_MANAGED)
-                r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, payload, pid);
+                r = cg_create_and_attach(payload, pid);
         else
-                r = cg_create(SYSTEMD_CGROUP_CONTROLLER, payload);
+                r = cg_create(payload);
         if (r < 0)
                 return log_error_errno(r, "Failed to create %s subcgroup: %m", payload);
 
@@ -125,13 +125,13 @@ int create_subcgroup(
                 if (!supervisor)
                         return log_oom();
 
-                r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, supervisor, 0);
+                r = cg_create_and_attach(supervisor, 0);
                 if (r < 0)
                         return log_error_errno(r, "Failed to create %s subcgroup: %m", supervisor);
         }
 
         /* Try to enable as many controllers as possible for the new payload. */
-        (void) cg_enable_everywhere(supported, supported, cgroup, NULL);
+        (void) cg_enable(supported, supported, cgroup, NULL);
         return 0;
 }
 

src/oom/test-oomd-util.c

@@ -52,7 +52,7 @@ static void test_oomd_cgroup_kill(void) {
          * by the test so that pid1 doesn't delete it before we can read the xattrs. */
         cgroup = path_join(cgroup_root, "oomdkilltest");
         assert_se(cgroup);
-        assert_se(cg_create(SYSTEMD_CGROUP_CONTROLLER, cgroup) >= 0);
+        assert_se(cg_create(cgroup) >= 0);
 
         /* If we don't have permissions to set xattrs we're likely in a userns or missing capabilities */
         r = cg_set_xattr(cgroup, "user.oomd_test", "test", 4, 0);
@@ -65,7 +65,7 @@ static void test_oomd_cgroup_kill(void) {
 
                 for (int j = 0; j < 2; j++) {
                         pid[j] = fork_and_sleep(5);
-                        assert_se(cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup, pid[j]) >= 0);
+                        assert_se(cg_attach(cgroup, pid[j]) >= 0);
                 }
 
                 r = oomd_cgroup_kill(cgroup, false /* recurse */, false /* dry run */);
@@ -477,7 +477,7 @@ static void test_oomd_fetch_cgroup_oom_preference(void) {
          * owned by the same user. */
         if (test_xattrs && !empty_or_root(cgroup)) {
                 ctx = oomd_cgroup_context_free(ctx);
-                assert_se(cg_set_access(SYSTEMD_CGROUP_CONTROLLER, cgroup, 61183, 0) >= 0);
+                assert_se(cg_set_access(cgroup, 61183, 0) >= 0);
                 assert_se(oomd_cgroup_context_acquire(cgroup, &ctx) == 0);
 
                 assert_se(oomd_fetch_cgroup_oom_preference(ctx, NULL) == 0);

src/resolve/resolved-dns-question.c

@@ -548,3 +548,12 @@ int dns_question_merge(DnsQuestion *a, DnsQuestion *b, DnsQuestion **ret) {
         *ret = TAKE_PTR(k);
         return 0;
 }
+
+bool dns_question_contains_key_type(DnsQuestion *q, uint16_t type) {
+        DnsResourceKey *t;
+        DNS_QUESTION_FOREACH(t, q)
+                if (t->type == type)
+                        return true;
+
+        return false;
+}

src/resolve/resolved-dns-question.h

@@ -61,6 +61,8 @@ static inline bool dns_question_isempty(DnsQuestion *q) {
 
 int dns_question_merge(DnsQuestion *a, DnsQuestion *b, DnsQuestion **ret);
 
+bool dns_question_contains_key_type(DnsQuestion *q, uint16_t type);
+
 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQuestion*, dns_question_unref);
 
 #define _DNS_QUESTION_FOREACH(u, k, q)                                     \

src/resolve/resolved-dns-scope.c

@@ -713,6 +713,11 @@ DnsScopeMatch dns_scope_good_domain(
                 if (!dns_scope_get_dns_server(s))
                         return DNS_SCOPE_NO;
 
+                /* Route DS requests to the parent */
+                const char *route_domain = domain;
+                if (dns_question_contains_key_type(question, DNS_TYPE_DS))
+                        (void) dns_name_parent(&route_domain);
+
                 /* Always honour search domains for routing queries, except if this scope lacks DNS servers. Note that
                  * we return DNS_SCOPE_YES here, rather than just DNS_SCOPE_MAYBE, which means other wildcard scopes
                  * won't be considered anymore. */
@@ -721,7 +726,7 @@ DnsScopeMatch dns_scope_good_domain(
                         if (!d->route_only && !dns_name_is_root(d->name))
                                 has_search_domains = true;
 
-                        if (dns_name_endswith(domain, d->name) > 0) {
+                        if (dns_name_endswith(route_domain, d->name) > 0) {
                                 int c;
 
                                 c = dns_name_count_labels(d->name);

src/resolve/resolved-dns-trust-anchor.c

@@ -14,7 +14,6 @@
 #include "resolved-dns-dnssec.h"
 #include "resolved-dns-trust-anchor.h"
 #include "set.h"
-#include "sort-util.h"
 #include "string-util.h"
 #include "strv.h"
 
@@ -415,7 +414,7 @@ static int dns_trust_anchor_load_negative(DnsTrustAnchor *d, const char *path, u
                 return -EINVAL;
         }
 
-        r = set_ensure_consume(&d->negative_by_name, &dns_name_hash_ops, TAKE_PTR(domain));
+        r = set_ensure_consume(&d->negative_by_name, &dns_name_hash_ops_free, TAKE_PTR(domain));
         if (r < 0)
                 return log_oom();
 
@@ -477,10 +476,6 @@ static int dns_trust_anchor_load_files(
         return 0;
 }
 
-static int domain_name_cmp(char * const *a, char * const *b) {
-        return dns_name_compare_func(*a, *b);
-}
-
 static int dns_trust_anchor_dump(DnsTrustAnchor *d) {
         DnsAnswer *a;
 
@@ -503,12 +498,9 @@ static int dns_trust_anchor_dump(DnsTrustAnchor *d) {
         else {
                 _cleanup_free_ char **l = NULL, *j = NULL;
 
-                l = set_get_strv(d->negative_by_name);
-                if (!l)
+                if (set_dump_sorted(d->negative_by_name, (void***) &l, /* ret_n = */ NULL) < 0)
                         return log_oom();
 
-                typesafe_qsort(l, set_size(d->negative_by_name), domain_name_cmp);
-
                 j = strv_join(l, " ");
                 if (!j)
                         return log_oom();

src/resolve/resolved-link.c

@@ -39,7 +39,7 @@ int link_new(Manager *m, Link **ret, int ifindex) {
                 .ifindex = ifindex,
                 .default_route = -1,
                 .llmnr_support = RESOLVE_SUPPORT_YES,
-                .mdns_support = RESOLVE_SUPPORT_YES,
+                .mdns_support = RESOLVE_SUPPORT_NO,
                 .dnssec_mode = _DNSSEC_MODE_INVALID,
                 .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
                 .operstate = IF_OPER_UNKNOWN,

src/shared/bus-get-properties.c

@@ -6,6 +6,9 @@
 #include "stdio-util.h"
 #include "string-util.h"
 
+BUS_DEFINE_PROPERTY_GET_GLOBAL(bus_property_get_bool_false, "b", 0);
+BUS_DEFINE_PROPERTY_GET_GLOBAL(bus_property_get_uint64_max, "t", UINT64_MAX);
+
 int bus_property_get_bool(
                 sd_bus *bus,
                 const char *path,

src/shared/bus-get-properties.h

@@ -5,6 +5,10 @@
 
 #include "macro.h"
 
+/* For deprecated properties. */
+int bus_property_get_bool_false(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
+int bus_property_get_uint64_max(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
+
 int bus_property_get_bool(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
 int bus_property_set_bool(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *value, void *userdata, sd_bus_error *error);
 int bus_property_get_tristate(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);

src/shared/bus-unit-util.c

@@ -126,8 +126,6 @@ DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, ioprio_parse_priority);
 DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, parse_nice);
 DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, safe_atoi);
 DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, nsec_t, parse_nsec);
-DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, uint64_t, cg_blkio_weight_parse);
-DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, uint64_t, cg_cpu_shares_parse);
 DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, uint64_t, cg_weight_parse);
 DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, uint64_t, cg_cpu_weight_parse);
 DEFINE_BUS_APPEND_PARSE_PTR("t", uint64_t, unsigned long, mount_propagation_flag_from_string);
@@ -572,7 +570,6 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                               "MemoryAccounting",
                               "MemoryZSwapWriteback",
                               "IOAccounting",
-                              "BlockIOAccounting",
                               "TasksAccounting",
                               "IPAccounting",
                               "CoredumpReceive"))
@@ -586,10 +583,6 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                               "StartupIOWeight"))
                 return bus_append_cg_weight_parse(m, field, eq);
 
-        if (STR_IN_SET(field, "CPUShares",
-                              "StartupCPUShares"))
-                return bus_append_cg_cpu_shares_parse(m, field, eq);
-
         if (STR_IN_SET(field, "AllowedCPUs",
                               "StartupAllowedCPUs",
                               "AllowedMemoryNodes",
@@ -609,10 +602,6 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                 return bus_append_byte_array(m, field, array, allocated);
         }
 
-        if (STR_IN_SET(field, "BlockIOWeight",
-                              "StartupBlockIOWeight"))
-                return bus_append_cg_blkio_weight_parse(m, field, eq);
-
         if (streq(field, "DisableControllers"))
                 return bus_append_strv(m, "DisableControllers", eq, /* separator= */ NULL, EXTRACT_UNQUOTE);
 
@@ -636,7 +625,6 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                               "MemoryMax",
                               "MemorySwapMax",
                               "MemoryZSwapMax",
-                              "MemoryLimit",
                               "TasksMax")) {
 
                 if (streq(eq, "infinity")) {
@@ -735,9 +723,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                 return 1;
         }
 
-        if (cgroup_io_limit_type_from_string(field) >= 0 ||
-            STR_IN_SET(field, "BlockIOReadBandwidth",
-                              "BlockIOWriteBandwidth")) {
+        if (cgroup_io_limit_type_from_string(field) >= 0) {
 
                 if (isempty(eq))
                         r = sd_bus_message_append(m, "(sv)", field, "a(st)", 0);
@@ -771,8 +757,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                 return 1;
         }
 
-        if (STR_IN_SET(field, "IODeviceWeight",
-                              "BlockIODeviceWeight")) {
+        if (streq(field, "IODeviceWeight")) {
                 if (isempty(eq))
                         r = sd_bus_message_append(m, "(sv)", field, "a(st)", 0);
                 else {

src/shared/cgroup-setup.c

@@ -51,52 +51,6 @@ int cg_cpu_weight_parse(const char *s, uint64_t *ret) {
         return cg_weight_parse(s, ret);
 }
 
-int cg_cpu_shares_parse(const char *s, uint64_t *ret) {
-        uint64_t u;
-        int r;
-
-        assert(s);
-        assert(ret);
-
-        if (isempty(s)) {
-                *ret = CGROUP_CPU_SHARES_INVALID;
-                return 0;
-        }
-
-        r = safe_atou64(s, &u);
-        if (r < 0)
-                return r;
-
-        if (u < CGROUP_CPU_SHARES_MIN || u > CGROUP_CPU_SHARES_MAX)
-                return -ERANGE;
-
-        *ret = u;
-        return 0;
-}
-
-int cg_blkio_weight_parse(const char *s, uint64_t *ret) {
-        uint64_t u;
-        int r;
-
-        assert(s);
-        assert(ret);
-
-        if (isempty(s)) {
-                *ret = CGROUP_BLKIO_WEIGHT_INVALID;
-                return 0;
-        }
-
-        r = safe_atou64(s, &u);
-        if (r < 0)
-                return r;
-
-        if (u < CGROUP_BLKIO_WEIGHT_MIN || u > CGROUP_BLKIO_WEIGHT_MAX)
-                return -ERANGE;
-
-        *ret = u;
-        return 0;
-}
-
 static int trim_cb(
                 RecurseDirEvent event,
                 const char *path,
@@ -116,13 +70,11 @@ static int trim_cb(
         return RECURSE_DIR_CONTINUE;
 }
 
-int cg_trim(const char *controller, const char *path, bool delete_root) {
+int cg_trim(const char *path, bool delete_root) {
         _cleanup_free_ char *fs = NULL;
-        int r, q;
+        int r;
 
-        assert(controller);
-
-        r = cg_get_path(controller, path, NULL, &fs);
+        r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, path, NULL, &fs);
         if (r < 0)
                 return r;
 
@@ -149,25 +101,17 @@ int cg_trim(const char *controller, const char *path, bool delete_root) {
                 RET_GATHER(r, -errno);
         }
 
-        q = cg_hybrid_unified();
-        if (q < 0)
-                return q;
-        if (q > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER))
-                (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, delete_root);
-
         return r;
 }
 
 /* Create a cgroup in the hierarchy of controller.
  * Returns 0 if the group already existed, 1 on success, negative otherwise.
  */
-int cg_create(const char *controller, const char *path) {
+int cg_create(const char *path) {
         _cleanup_free_ char *fs = NULL;
         int r;
 
-        assert(controller);
-
-        r = cg_get_path_and_check(controller, path, NULL, &fs);
+        r = cg_get_path_and_check(SYSTEMD_CGROUP_CONTROLLER, path, NULL, &fs);
         if (r < 0)
                 return r;
 
@@ -181,28 +125,18 @@ int cg_create(const char *controller, const char *path) {
         if (r < 0)
                 return r;
 
-        r = cg_hybrid_unified();
-        if (r < 0)
-                return r;
-        if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
-                r = cg_create(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to create compat systemd cgroup '%s', ignoring: %m", path);
-        }
-
         return 1;
 }
 
-int cg_attach(const char *controller, const char *path, pid_t pid) {
+int cg_attach(const char *path, pid_t pid) {
         _cleanup_free_ char *fs = NULL;
         char c[DECIMAL_STR_MAX(pid_t) + 2];
         int r;
 
-        assert(controller);
         assert(path);
         assert(pid >= 0);
 
-        r = cg_get_path_and_check(controller, path, "cgroup.procs", &fs);
+        r = cg_get_path_and_check(SYSTEMD_CGROUP_CONTROLLER, path, "cgroup.procs", &fs);
         if (r < 0)
                 return r;
 
@@ -218,15 +152,6 @@ int cg_attach(const char *controller, const char *path, pid_t pid) {
         if (r < 0)
                 return r;
 
-        r = cg_hybrid_unified();
-        if (r < 0)
-                return r;
-        if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
-                r = cg_attach(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, pid);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to attach "PID_FMT" to compat systemd cgroup '%s', ignoring: %m", pid, path);
-        }
-
         return 0;
 }
 
@@ -244,43 +169,18 @@ int cg_fd_attach(int fd, pid_t pid) {
         return write_string_file_at(fd, "cgroup.procs", c, WRITE_STRING_FILE_DISABLE_BUFFER);
 }
 
-int cg_attach_fallback(const char *controller, const char *path, pid_t pid) {
-        int r;
-
-        assert(controller);
-        assert(path);
-        assert(pid >= 0);
-
-        r = cg_attach(controller, path, pid);
-        if (r < 0) {
-                char prefix[strlen(path) + 1];
-
-                /* This didn't work? Then let's try all prefixes of the destination */
-
-                PATH_FOREACH_PREFIX(prefix, path) {
-                        int q;
-
-                        q = cg_attach(controller, prefix, pid);
-                        if (q >= 0)
-                                return q;
-                }
-        }
-
-        return r;
-}
-
-int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
+int cg_create_and_attach(const char *path, pid_t pid) {
         int r, q;
 
         /* This does not remove the cgroup on failure */
 
         assert(pid >= 0);
 
-        r = cg_create(controller, path);
+        r = cg_create(path);
         if (r < 0)
                 return r;
 
-        q = cg_attach(controller, path, pid);
+        q = cg_attach(path, pid);
         if (q < 0)
                 return q;
 
@@ -288,54 +188,31 @@ int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
 }
 
 int cg_set_access(
-                const char *controller,
                 const char *path,
                 uid_t uid,
                 gid_t gid) {
 
-        struct Attribute {
+        static const struct {
                 const char *name;
                 bool fatal;
-        };
-
-        /* cgroup v1, aka legacy/non-unified */
-        static const struct Attribute legacy_attributes[] = {
-                { "cgroup.procs",           true  },
-                { "tasks",                  false },
-                { "cgroup.clone_children",  false },
-                {},
-        };
-
-        /* cgroup v2, aka unified */
-        static const struct Attribute unified_attributes[] = {
+        } attributes[] = {
                 { "cgroup.procs",           true  },
                 { "cgroup.subtree_control", true  },
                 { "cgroup.threads",         false },
                 { "memory.oom.group",       false },
                 { "memory.reclaim",         false },
-                {},
-        };
-
-        static const struct Attribute* const attributes[] = {
-                [false] = legacy_attributes,
-                [true]  = unified_attributes,
         };
 
         _cleanup_free_ char *fs = NULL;
-        const struct Attribute *i;
-        int r, unified;
+        int r;
 
         assert(path);
 
         if (uid == UID_INVALID && gid == GID_INVALID)
                 return 0;
 
-        unified = cg_unified_controller(controller);
-        if (unified < 0)
-                return unified;
-
         /* Configure access to the cgroup itself */
-        r = cg_get_path(controller, path, NULL, &fs);
+        r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, path, NULL, &fs);
         if (r < 0)
                 return r;
 
@@ -344,31 +221,17 @@ int cg_set_access(
                 return r;
 
         /* Configure access to the cgroup's attributes */
-        for (i = attributes[unified]; i->name; i++) {
-                fs = mfree(fs);
+        FOREACH_ELEMENT(i, attributes) {
+                _cleanup_free_ char *a = path_join(fs, i->name);
+                if (!a)
+                        return -ENOMEM;
 
-                r = cg_get_path(controller, path, i->name, &fs);
-                if (r < 0)
-                        return r;
-
-                r = chmod_and_chown(fs, 0644, uid, gid);
+                r = chmod_and_chown(a, 0644, uid, gid);
                 if (r < 0) {
                         if (i->fatal)
                                 return r;
 
-                        log_debug_errno(r, "Failed to set access on cgroup %s, ignoring: %m", fs);
-                }
-        }
-
-        if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
-                r = cg_hybrid_unified();
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        /* Always propagate access mode from unified to legacy controller */
-                        r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, uid, gid);
-                        if (r < 0)
-                                log_debug_errno(r, "Failed to set access on compatibility systemd cgroup %s, ignoring: %m", path);
+                        log_debug_errno(r, "Failed to set access on cgroup %s, ignoring: %m", a);
                 }
         }
 
@@ -405,7 +268,6 @@ static int access_callback(
 }
 
 int cg_set_access_recursive(
-                const char *controller,
                 const char *path,
                 uid_t uid,
                 gid_t gid) {
@@ -414,7 +276,6 @@ int cg_set_access_recursive(
         _cleanup_free_ char *fs = NULL;
         int r;
 
-        assert(controller);
         assert(path);
 
         /* A recursive version of cg_set_access(). But note that this one changes ownership of *all* files,
@@ -424,7 +285,7 @@ int cg_set_access_recursive(
         if (!uid_is_valid(uid) && !gid_is_valid(gid))
                 return 0;
 
-        r = cg_get_path(controller, path, NULL, &fs);
+        r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, path, NULL, &fs);
         if (r < 0)
                 return r;
 
@@ -452,20 +313,16 @@ int cg_set_access_recursive(
 }
 
 int cg_migrate(
-                const char *cfrom,
-                const char *pfrom,
-                const char *cto,
-                const char *pto,
+                const char *from,
+                const char *to,
                 CGroupFlags flags) {
 
         _cleanup_set_free_ Set *s = NULL;
         bool done;
         int r, ret = 0;
 
-        assert(cfrom);
-        assert(pfrom);
-        assert(cto);
-        assert(pto);
+        assert(from);
+        assert(to);
 
         do {
                 _cleanup_fclose_ FILE *f = NULL;
@@ -473,7 +330,7 @@ int cg_migrate(
 
                 done = true;
 
-                r = cg_enumerate_processes(cfrom, pfrom, &f);
+                r = cg_enumerate_processes(SYSTEMD_CGROUP_CONTROLLER, from, &f);
                 if (r < 0)
                         return RET_GATHER(ret, r);
 
@@ -493,7 +350,7 @@ int cg_migrate(
                         if (pid_is_kernel_thread(pid) > 0)
                                 continue;
 
-                        r = cg_attach(cto, pto, pid);
+                        r = cg_attach(to, pid);
                         if (r < 0) {
                                 if (r != -ESRCH)
                                         RET_GATHER(ret, r);
@@ -513,112 +370,7 @@ int cg_migrate(
         return ret;
 }
 
-int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path) {
-        CGroupController c;
-        CGroupMask done;
-        bool created;
-        int r;
-
-        /* This one will create a cgroup in our private tree, but also
-         * duplicate it in the trees specified in mask, and remove it
-         * in all others.
-         *
-         * Returns 0 if the group already existed in the systemd hierarchy,
-         * 1 on success, negative otherwise.
-         */
-
-        /* First create the cgroup in our own hierarchy. */
-        r = cg_create(SYSTEMD_CGROUP_CONTROLLER, path);
-        if (r < 0)
-                return r;
-        created = r;
-
-        /* If we are in the unified hierarchy, we are done now */
-        r = cg_all_unified();
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return created;
-
-        supported &= CGROUP_MASK_V1;
-        mask = CGROUP_MASK_EXTEND_JOINED(mask);
-        done = 0;
-
-        /* Otherwise, do the same in the other hierarchies */
-        for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
-                CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
-                const char *n;
-
-                if (!FLAGS_SET(supported, bit))
-                        continue;
-
-                if (FLAGS_SET(done, bit))
-                        continue;
-
-                n = cgroup_controller_to_string(c);
-                if (FLAGS_SET(mask, bit))
-                        (void) cg_create(n, path);
-
-                done |= CGROUP_MASK_EXTEND_JOINED(bit);
-        }
-
-        return created;
-}
-
-int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid) {
-        int r;
-
-        assert(path);
-        assert(pid >= 0);
-
-        r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, path, pid);
-        if (r < 0)
-                return r;
-
-        r = cg_all_unified();
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return 0;
-
-        supported &= CGROUP_MASK_V1;
-        CGroupMask done = 0;
-
-        for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
-                CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
-
-                if (!FLAGS_SET(supported, bit))
-                        continue;
-
-                if (FLAGS_SET(done, bit))
-                        continue;
-
-                (void) cg_attach_fallback(cgroup_controller_to_string(c), path, pid);
-                done |= CGROUP_MASK_EXTEND_JOINED(bit);
-        }
-
-        return 0;
-}
-
-int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) {
-        int r, q;
-
-        assert(path);
-
-        r = cg_trim(SYSTEMD_CGROUP_CONTROLLER, path, delete_root);
-        if (r < 0)
-                return r;
-
-        q = cg_all_unified();
-        if (q < 0)
-                return q;
-        if (q > 0)
-                return r;
-
-        return cg_trim_v1_controllers(supported, _CGROUP_MASK_ALL, path, delete_root);
-}
-
-int cg_enable_everywhere(
+int cg_enable(
                 CGroupMask supported,
                 CGroupMask mask,
                 const char *p,
@@ -638,26 +390,6 @@ int cg_enable_everywhere(
                 return 0;
         }
 
-        r = cg_all_unified();
-        if (r < 0)
-                return r;
-        if (r == 0) {
-                /* On the legacy hierarchy there's no concept of "enabling" controllers in cgroups defined. Let's claim
-                 * complete success right away. (If you wonder why we return the full mask here, rather than zero: the
-                 * caller tends to use the returned mask later on to compare if all controllers where properly joined,
-                 * and if not requeues realization. This use is the primary purpose of the return value, hence let's
-                 * minimize surprises here and reduce triggers for re-realization by always saying we fully
-                 * succeeded.) */
-                if (ret_result_mask)
-                        *ret_result_mask = mask & supported & CGROUP_MASK_V2; /* If you wonder why we mask this with
-                                                                               * CGROUP_MASK_V2: The 'supported' mask
-                                                                               * might contain pure-V1 or BPF
-                                                                               * controllers, and we never want to
-                                                                               * claim that we could enable those with
-                                                                               * cgroup.subtree_control */
-                return 0;
-        }
-
         r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, p, "cgroup.subtree_control", &fs);
         if (r < 0)
                 return r;
@@ -726,148 +458,6 @@ int cg_enable_everywhere(
         return 0;
 }
 
-int cg_migrate_recursive(
-                const char *cfrom,
-                const char *pfrom,
-                const char *cto,
-                const char *pto,
-                CGroupFlags flags) {
-
-        _cleanup_closedir_ DIR *d = NULL;
-        int r, ret = 0;
-        char *fn;
-
-        assert(cfrom);
-        assert(pfrom);
-        assert(cto);
-        assert(pto);
-
-        ret = cg_migrate(cfrom, pfrom, cto, pto, flags);
-
-        r = cg_enumerate_subgroups(cfrom, pfrom, &d);
-        if (r < 0) {
-                if (ret >= 0 && r != -ENOENT)
-                        return r;
-
-                return ret;
-        }
-
-        while ((r = cg_read_subgroup(d, &fn)) > 0) {
-                _cleanup_free_ char *p = NULL;
-
-                p = path_join(empty_to_root(pfrom), fn);
-                free(fn);
-                if (!p)
-                        return -ENOMEM;
-
-                r = cg_migrate_recursive(cfrom, p, cto, pto, flags);
-                if (r != 0 && ret >= 0)
-                        ret = r;
-        }
-
-        if (r < 0 && ret >= 0)
-                ret = r;
-
-        return ret;
-}
-
-int cg_migrate_recursive_fallback(
-                const char *cfrom,
-                const char *pfrom,
-                const char *cto,
-                const char *pto,
-                CGroupFlags flags) {
-
-        int r;
-
-        assert(cfrom);
-        assert(pfrom);
-        assert(cto);
-        assert(pto);
-
-        r = cg_migrate_recursive(cfrom, pfrom, cto, pto, flags);
-        if (r < 0) {
-                char prefix[strlen(pto) + 1];
-
-                /* This didn't work? Then let's try all prefixes of the destination */
-
-                PATH_FOREACH_PREFIX(prefix, pto) {
-                        int q;
-
-                        q = cg_migrate_recursive(cfrom, pfrom, cto, prefix, flags);
-                        if (q >= 0)
-                                return q;
-                }
-        }
-
-        return r;
-}
-
-int cg_migrate_v1_controllers(CGroupMask supported, CGroupMask mask, const char *from, cg_migrate_callback_t to_callback, void *userdata) {
-        CGroupController c;
-        CGroupMask done;
-        int r = 0, q;
-
-        assert(to_callback);
-
-        supported &= CGROUP_MASK_V1;
-        mask = CGROUP_MASK_EXTEND_JOINED(mask);
-        done = 0;
-
-        for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
-                CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
-                const char *to = NULL;
-
-                if (!FLAGS_SET(supported, bit))
-                        continue;
-
-                if (FLAGS_SET(done, bit))
-                        continue;
-
-                if (!FLAGS_SET(mask, bit))
-                        continue;
-
-                to = to_callback(bit, userdata);
-
-                /* Remember first error and try continuing */
-                q = cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER, from, cgroup_controller_to_string(c), to, 0);
-                r = (r < 0) ? r : q;
-
-                done |= CGROUP_MASK_EXTEND_JOINED(bit);
-        }
-
-        return r;
-}
-
-int cg_trim_v1_controllers(CGroupMask supported, CGroupMask mask, const char *path, bool delete_root) {
-        CGroupController c;
-        CGroupMask done;
-        int r = 0, q;
-
-        supported &= CGROUP_MASK_V1;
-        mask = CGROUP_MASK_EXTEND_JOINED(mask);
-        done = 0;
-
-        for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
-                CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
-
-                if (!FLAGS_SET(supported, bit))
-                        continue;
-
-                if (FLAGS_SET(done, bit))
-                        continue;
-
-                if (FLAGS_SET(mask, bit)) {
-                        /* Remember first error and try continuing */
-                        q = cg_trim(cgroup_controller_to_string(c), path, delete_root);
-                        r = (r < 0) ? r : q;
-                }
-                done |= CGROUP_MASK_EXTEND_JOINED(bit);
-        }
-
-        return r;
-}
-
 int cg_has_legacy(void) {
         struct statfs fs;
 

src/shared/cgroup-setup.h

@@ -9,33 +9,19 @@
 
 int cg_weight_parse(const char *s, uint64_t *ret);
 int cg_cpu_weight_parse(const char *s, uint64_t *ret);
-int cg_cpu_shares_parse(const char *s, uint64_t *ret);
-int cg_blkio_weight_parse(const char *s, uint64_t *ret);
 
-int cg_trim(const char *controller, const char *path, bool delete_root);
+int cg_trim(const char *path, bool delete_root);
 
-int cg_create(const char *controller, const char *path);
-int cg_attach(const char *controller, const char *path, pid_t pid);
+int cg_create(const char *path);
+int cg_attach(const char *path, pid_t pid);
 int cg_fd_attach(int fd, pid_t pid);
-int cg_attach_fallback(const char *controller, const char *path, pid_t pid);
-int cg_create_and_attach(const char *controller, const char *path, pid_t pid);
+int cg_create_and_attach(const char *path, pid_t pid);
 
-int cg_set_access(const char *controller, const char *path, uid_t uid, gid_t gid);
-int cg_set_access_recursive(const char *controller, const char *path, uid_t uid, gid_t gid);
+int cg_set_access(const char *path, uid_t uid, gid_t gid);
+int cg_set_access_recursive(const char *path, uid_t uid, gid_t gid);
 
-int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path);
-int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid);
-int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root);
-int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p, CGroupMask *ret_result_mask);
+int cg_enable(CGroupMask supported, CGroupMask mask, const char *p, CGroupMask *ret_result_mask);
 
-int cg_migrate(const char *cfrom, const char *pfrom, const char *cto, const char *pto, CGroupFlags flags);
-
-typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata);
-
-/* CGroup V1 specific */
-int cg_migrate_recursive(const char *cfrom, const char *pfrom, const char *cto, const char *pto, CGroupFlags flags);
-int cg_migrate_recursive_fallback(const char *cfrom, const char *pfrom, const char *cto, const char *pto, CGroupFlags flags);
-int cg_migrate_v1_controllers(CGroupMask supported, CGroupMask mask, const char *from, cg_migrate_callback_t to_callback, void *userdata);
-int cg_trim_v1_controllers(CGroupMask supported, CGroupMask mask, const char *path, bool delete_root);
+int cg_migrate(const char *from, const char *to, CGroupFlags flags);
 
 int cg_has_legacy(void);

src/shared/tests.c

@@ -306,11 +306,7 @@ static int enter_cgroup(char **ret_cgroup, bool enter_subroot) {
         /* If this fails, then we don't mind as the later cgroup operations will fail too, and it's fine if
          * we handle any errors at that point. */
 
-        r = cg_create_everywhere(supported, _CGROUP_MASK_ALL, cgroup_subroot);
-        if (r < 0)
-                return r;
-
-        r = cg_attach_everywhere(supported, cgroup_subroot, 0);
+        r = cg_create_and_attach(cgroup_subroot, 0);
         if (r < 0)
                 return r;
 

src/shutdown/shutdown.c

@@ -466,7 +466,7 @@ int main(int argc, char *argv[]) {
                 /* Let's trim the cgroup tree on each iteration so that we leave an empty cgroup tree around,
                  * so that container managers get a nice notify event when we are down */
                 if (cgroup)
-                        (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, cgroup, false);
+                        (void) cg_trim(cgroup, false);
 
                 if (need_umount) {
                         log_info("Unmounting file systems.");

src/test/test-bpf-devices.c

@@ -299,8 +299,7 @@ int main(int argc, char *argv[]) {
         ASSERT_OK(path_extract_directory(cgroup, &parent));
 
         ASSERT_OK(cg_mask_supported(&supported));
-        r = cg_attach_everywhere(supported, parent, 0);
-        ASSERT_OK(r);
+        ASSERT_OK(cg_attach(parent, 0));
 
         return 0;
 }

src/test/test-cgroup.c

@@ -63,32 +63,32 @@ TEST(cg_create) {
         log_info("Paths for test:\n%s\n%s", test_a, test_b);
 
         /* Possibly clean up left-overs from aboted previous runs */
-        (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, test_a, /* delete_root= */ true);
-        (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, test_b, /* delete_root= */ true);
+        (void) cg_trim(test_a, /* delete_root= */ true);
+        (void) cg_trim(test_b, /* delete_root= */ true);
 
-        r = cg_create(SYSTEMD_CGROUP_CONTROLLER, test_a);
+        r = cg_create(test_a);
         if (IN_SET(r, -EPERM, -EACCES, -EROFS)) {
                 log_info_errno(r, "Skipping %s: %m", __func__);
                 return;
         }
 
         ASSERT_OK_EQ(r, 1);
-        ASSERT_OK_ZERO(cg_create(SYSTEMD_CGROUP_CONTROLLER, test_a));
-        ASSERT_OK_EQ(cg_create(SYSTEMD_CGROUP_CONTROLLER, test_b), 1);
-        ASSERT_OK_EQ(cg_create(SYSTEMD_CGROUP_CONTROLLER, test_c), 1);
-        ASSERT_OK_ZERO(cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, test_b, 0));
+        ASSERT_OK_ZERO(cg_create(test_a));
+        ASSERT_OK_EQ(cg_create(test_b), 1);
+        ASSERT_OK_EQ(cg_create(test_c), 1);
+        ASSERT_OK_ZERO(cg_create_and_attach(test_b, 0));
 
         ASSERT_OK_ZERO(cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, getpid_cached(), &path));
         ASSERT_STREQ(path, test_b);
         free(path);
 
-        ASSERT_OK_ZERO(cg_attach(SYSTEMD_CGROUP_CONTROLLER, test_a, 0));
+        ASSERT_OK_ZERO(cg_attach(test_a, 0));
 
         ASSERT_OK_ZERO(cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, getpid_cached(), &path));
         ASSERT_TRUE(path_equal(path, test_a));
         free(path);
 
-        ASSERT_OK_EQ(cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, test_d, 0), 1);
+        ASSERT_OK_EQ(cg_create_and_attach(test_d, 0), 1);
 
         ASSERT_OK_ZERO(cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, getpid_cached(), &path));
         ASSERT_TRUE(path_equal(path, test_d));
@@ -114,15 +114,8 @@ TEST(cg_create) {
         ASSERT_OK_ZERO(cg_kill_recursive(test_a, 0, 0, NULL, NULL, NULL));
         ASSERT_OK_POSITIVE(cg_kill_recursive(test_b, 0, 0, NULL, NULL, NULL));
 
-        ASSERT_OK_POSITIVE(cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, test_b, SYSTEMD_CGROUP_CONTROLLER, test_a, 0));
-
-        ASSERT_OK_ZERO(cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, test_a));
-        ASSERT_OK_POSITIVE(cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, test_b));
-
-        ASSERT_OK_POSITIVE(cg_kill_recursive(test_a, 0, 0, NULL, NULL, NULL));
-        ASSERT_OK_ZERO(cg_kill_recursive(test_b, 0, 0, NULL, NULL, NULL));
-
-        ASSERT_OK(cg_trim(SYSTEMD_CGROUP_CONTROLLER, test_b, true));
+        ASSERT_OK(cg_trim(test_a, true));
+        ASSERT_ERROR(cg_trim(test_b, true), EBUSY);
 }
 
 TEST(id) {

test/test-network/conf/25-routing-policy-rule-test1.network

@@ -48,6 +48,24 @@ From=10.1.0.0/16
 Priority=104
 Table=12
 
+[RoutingPolicyRule]
+IncomingInterface=test1
+FirewallMark=0/1
+Priority=200
+Table=20
+
+[RoutingPolicyRule]
+IncomingInterface=test1
+FirewallMark=7/255
+Priority=201
+Table=21
+
+[RoutingPolicyRule]
+IncomingInterface=test1
+FirewallMark=9999
+Priority=202
+Table=22
+
 # The four routing policy rules below intentionally have the same config
 # excepts for their To= addresses. See issue #35874.
 [RoutingPolicyRule]

test/test-network/systemd-networkd-tests.py

@@ -3890,6 +3890,18 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
         print(output)
         self.assertIn('104:	from 10.1.0.0/16 iif test1 lookup 12 nop', output)
 
+        output = check_output('ip rule list iif test1 priority 200')
+        print(output)
+        self.assertIn('200:	from all fwmark 0/0x1 iif test1 lookup 20', output)
+
+        output = check_output('ip rule list iif test1 priority 201')
+        print(output)
+        self.assertIn('201:	from all fwmark 0x7/0xff iif test1 lookup 21', output)
+
+        output = check_output('ip rule list iif test1 priority 202')
+        print(output)
+        self.assertIn('202:	from all fwmark 0x270f iif test1 lookup 22', output)
+
         output = check_output('ip rule list to 192.0.2.0/26')
         print(output)
         self.assertIn('to 192.0.2.0/26 lookup 1001', output)

test/units/parent-deep.slice

@@ -3,4 +3,4 @@
 Description=Deeper Parent Slice
 
 [Slice]
-MemoryLimit=3G
+MemoryAccounting=yes

test/units/son.service

@@ -6,4 +6,4 @@ Description=Son Service
 Slice=parent.slice
 Type=oneshot
 ExecStart=true
-CPUShares=100
+CPUWeight=100

tools/elf2efi.py

@@ -611,7 +611,9 @@ def elf2efi(args: argparse.Namespace):
 
     coff.Machine = pe_arch
     coff.NumberOfSections = len(sections)
-    coff.TimeDateStamp = int(sde if (sde := os.environ.get("SOURCE_DATE_EPOCH")) else time.time())
+    coff.TimeDateStamp = int(
+        os.environ.get("SOURCE_DATE_EPOCH") if os.environ.get("SOURCE_DATE_EPOCH") else time.time()
+    )
     coff.SizeOfOptionalHeader = sizeof(opt)
     # EXECUTABLE_IMAGE|LINE_NUMS_STRIPPED|LOCAL_SYMS_STRIPPED|DEBUG_STRIPPED
     # and (32BIT_MACHINE or LARGE_ADDRESS_AWARE)