nss-systemd: don't synthesize root/nobody when iterating

Fixes: #15160

NEWS

@@ -280,7 +280,7 @@ CHANGES WITH 245:
           such files in version 243.
 
         * systemd-logind will now validate access to the operation of changing
-          the virtual terminal via a PolicyKit action. By default, only users
+          the virtual terminal via a polkit action. By default, only users
           with at least one session on a local VT are granted permission.
 
         * When systemd sets up PAM sessions that invoked service processes
@@ -2032,7 +2032,7 @@ CHANGES WITH 239:
           lookup is likely to trigger nss-ldap which in turn might use NSS to
           ask systemd-resolved for hostname lookups. This will hence result in
           a deadlock: a user name lookup in order to start
-          systemd-resolved.service will result in a host name lookup for which
+          systemd-resolved.service will result in a hostname lookup for which
           systemd-resolved.service needs to be started already. There are
           multiple ways to work around this problem: pre-allocate the
           "systemd-resolve" user on such systems, so that nss-ldap won't be
@@ -3001,7 +3001,7 @@ CHANGES WITH 235:
           A/AAAA resource record for the "_gateway" hostname, pointing to the
           current default IP gateway. Previously it did that for the "gateway"
           name, hampering adoption, as some distributions wanted to leave that
-          host name open for local use. The old behaviour may still be
+          hostname open for local use. The old behaviour may still be
           requested at build time.
 
         * systemd-networkd's [Address] section in .network files gained a new
@@ -4342,7 +4342,7 @@ CHANGES WITH 230:
           again don't consider turning this on in your stable, LTS or
           production release just yet. (Note that you have to enable
           nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
-          and its DNSSEC mode for host name resolution from local
+          and its DNSSEC mode for hostname resolution from local
           applications.)
 
         * systemd-resolve conveniently resolves DANE records with the --tlsa
@@ -6160,14 +6160,14 @@ CHANGES WITH 218:
           for a unit, as declared in the (usually vendor-supplied)
           system preset files.
 
-        * nss-myhostname will now resolve the single-label host name
+        * nss-myhostname will now resolve the single-label hostname
           "gateway" to the locally configured default IP routing
           gateways, ordered by their metrics. This assigns a stable
           name to the used gateways, regardless which ones are
           currently configured. Note that the name will only be
           resolved after all other name sources (if nss-myhostname is
           configured properly) and should hence not negatively impact
-          systems that use the single-label host name "gateway" in
+          systems that use the single-label hostname "gateway" in
           other contexts.
 
         * systemd-inhibit now allows filtering by mode when listing
@@ -7595,7 +7595,7 @@ CHANGES WITH 210:
           reported by uname()'s "machine" field.
 
         * systemd-networkd now supports matching on the system
-          virtualization, architecture, kernel command line, host name
+          virtualization, architecture, kernel command line, hostname
           and machine ID.
 
         * logind is now a lot more aggressive when suspending the
@@ -7913,12 +7913,12 @@ CHANGES WITH 209:
           example, a line that creates /run/nologin).
 
         * A new API "sd-resolve.h" has been added which provides a simple
-          asynchronous wrapper around glibc NSS host name resolution
+          asynchronous wrapper around glibc NSS hostname resolution
           calls, such as getaddrinfo(). In contrast to glibc's
           getaddrinfo_a(), it does not use signals. In contrast to most
           other asynchronous name resolution libraries, this one does
           not reimplement DNS, but reuses NSS, so that alternate
-          host name resolution systems continue to work, such as mDNS,
+          hostname resolution systems continue to work, such as mDNS,
           LDAP, etc. This API is based on libasyncns, but it has been
           cleaned up for inclusion in systemd.
 
@@ -9702,7 +9702,7 @@ CHANGES WITH 190:
           when he over-mounts a non-empty directory.
 
         * There are new specifiers that are resolved in unit files,
-          for the host name (%H), the machine ID (%m) and the boot ID
+          for the hostname (%H), the machine ID (%m) and the boot ID
           (%b).
 
         Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,

TODO

@@ -1170,7 +1170,7 @@ Features:
      a carrier is lost on a link. It should be removed instantly.
    - expose in the API the following bits:
          - option 15, domain name and/or option 119, search list
-         - option 12, host name and/or option 81, fqdn
+         - option 12, hostname and/or option 81, fqdn
          - option 123, 144, geolocation
          - option 252, configure http proxy (PAC/wpad)
    - provide a way to define a per-network interface default metric value

docs/CODING_STYLE.md

@@ -424,7 +424,7 @@ layout: default
 
 ## Deadlocks
 
-- Do not issue NSS requests (that includes user name and host name lookups)
+- Do not issue NSS requests (that includes user name and hostname lookups)
   from PID 1 as this might trigger deadlocks when those lookups involve
   synchronously talking to services that we would need to start up.
 

docs/PORTABILITY_AND_STABILITY.md

@@ -87,7 +87,7 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
 | [Boot Loader interface](https://systemd.io/BOOT_LOADER_INTERFACE) | EFI variables | yes | yes | gummiboot | yes | - | no |
 | [Service bus API](https://www.freedesktop.org/wiki/Software/systemd/dbus) | D-Bus | yes | yes | system-config-services | no | - | no |
 | [logind](https://www.freedesktop.org/wiki/Software/systemd/logind) | D-Bus | yes | yes | GNOME | no | - | no |
-| [sd-login.h API](https://www.freedesktop.org/software/systemd/man/sd-login.html) | C Library | yes | yes | GNOME, PolicyKit, ... | no | - | no |
+| [sd-login.h API](https://www.freedesktop.org/software/systemd/man/sd-login.html) | C Library | yes | yes | GNOME, polkit, ... | no | - | no |
 | [sd-daemon.h API](https://www.freedesktop.org/software/systemd/man/sd-daemon.html) | C Library or Drop-in | yes | yes | numerous | yes | - | yes |
 | [sd-id128.h API](https://www.freedesktop.org/software/systemd/man/sd-id128.html) | C Library | yes | yes | - | yes | - | no |
 | [sd-journal.h API](https://www.freedesktop.org/software/systemd/man/sd-journal.html) | C Library | yes | yes | - | maybe | - | no |

docs/USERDB_AND_DESKTOPS.md

@@ -77,7 +77,8 @@ supports is directly available in these JSON records. Hence it makes sense for
 any user management UI to expose them directly.
 
 `systemd-homed` exposes APIs to add, remove and make changes to local users via
-D-Bus, with full PolicyKit hook-up. On the command line this is exposed via the
+D-Bus, with full [polkit](https://www.freedesktop.org/software/polkit/docs/latest/)
+hook-up. On the command line this is exposed via the
 `homectl` command. A graphical UI that exposes similar functionality would be
 very useful, exposing the various new account settings, and in particular
 providing a stream-lined UI for enrolling new-style authentication tokens such

man/hostnamectl.xml

@@ -57,7 +57,7 @@
 
     <para>Use
     <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-    to initialize the system host name for mounted (but not booted)
+    to initialize the system hostname for mounted (but not booted)
     system images.</para>
   </refsect1>
 
@@ -84,7 +84,7 @@
         simplified in regards to the character set used before the latter are updated. This is done by removing special
         characters and spaces. This ensures that the pretty and the static hostname are always closely related while
         still following the validity rules of the specific name. This simplification of the hostname string is not done
-        if only the transient and/or static host names are set, and the pretty host name is left untouched.</para>
+        if only the transient and/or static hostnames are set, and the pretty hostname is left untouched.</para>
 
         <para>Pass the empty string <literal></literal> as the
         hostname to reset the selected hostnames to their default

man/machine-info.xml

@@ -70,7 +70,7 @@
         <literal>Lennart's Computer</literal> an Internet hostname of
         <literal>lennarts-computer</literal> might be a good choice.
         If this parameter is not set, an application should fall back
-        to the Internet host name for presentation
+        to the Internet hostname for presentation
         purposes.</para></listitem>
       </varlistentry>
 

man/machinectl.xml

@@ -56,7 +56,7 @@
     </itemizedlist>
 
     <para>Machines are identified by names that follow the same rules
-    as UNIX and DNS host names. For details, see below.</para>
+    as UNIX and DNS hostnames. For details, see below.</para>
 
     <para>Machines are instantiated from disk or file system images that
     frequently — but not necessarily — carry the same name as machines running
@@ -383,7 +383,7 @@
         image is optimized for file systems that support copy-on-write, and might not be efficient on others, due to
         file system limitations.</para>
 
-        <para>Note that this command leaves host name, machine ID and
+        <para>Note that this command leaves hostname, machine ID and
         all other settings that could identify the instance
         unmodified. The original image and the cloned copy will hence
         share these credentials, and it might be necessary to manually
@@ -851,7 +851,7 @@
 
     <para>The <command>machinectl</command> tool operates on machines
     and images whose names must be chosen following strict
-    rules. Machine names must be suitable for use as host names
+    rules. Machine names must be suitable for use as hostnames
     following a conservative subset of DNS and UNIX/Linux
     semantics. Specifically, they must consist of one or more
     non-empty label strings, separated by dots. No leading or trailing

man/nss-resolve.xml

@@ -29,7 +29,7 @@
     <title>Description</title>
 
     <para><command>nss-resolve</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of the
-    GNU C Library (<command>glibc</command>) enabling it to resolve host names via the
+    GNU C Library (<command>glibc</command>) enabling it to resolve hostnames via the
     <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> local network
     name resolution service. It replaces the <command>nss-dns</command> plug-in module that traditionally resolves
     hostnames via DNS.</para>

man/org.freedesktop.hostname1.xml

@@ -89,38 +89,6 @@ node /org/freedesktop/hostname1 {
 };
     </programlisting>
 
-    <!--method SetDeployment is not documented!-->
-
-    <!--method SetLocation is not documented!-->
-
-    <!--method GetProductUUID is not documented!-->
-
-    <!--property Hostname is not documented!-->
-
-    <!--property StaticHostname is not documented!-->
-
-    <!--property PrettyHostname is not documented!-->
-
-    <!--property IconName is not documented!-->
-
-    <!--property Chassis is not documented!-->
-
-    <!--property Deployment is not documented!-->
-
-    <!--property Location is not documented!-->
-
-    <!--property KernelName is not documented!-->
-
-    <!--property KernelRelease is not documented!-->
-
-    <!--property KernelVersion is not documented!-->
-
-    <!--property OperatingSystemPrettyName is not documented!-->
-
-    <!--property OperatingSystemCPEName is not documented!-->
-
-    <!--property HomeURL is not documented!-->
-
     <!--Autogenerated cross-references for systemd.directives, do not edit-->
 
     <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.hostname1"/>
@@ -173,7 +141,8 @@ node /org/freedesktop/hostname1 {
 
     <para>Whenever the hostname or other metadata is changed via the daemon,
     <function>PropertyChanged</function> signals are sent out to subscribed clients. Changing a hostname
-    using this interface is authenticated via PolicyKit.</para>
+    using this interface is authenticated via
+    <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>.</para>
   </refsect1>
 
   <refsect1>
@@ -219,10 +188,6 @@ node /org/freedesktop/hostname1 {
     it could not be auto-detected. Set this property to the empty string to reenable the automatic detection of
     the chassis type from firmware information.</para>
 
-    <para>A client that wants to change the local hostname for DHCP/mDNS should invoke
-    <code>SetHostname("newname", false)</code> as soon as the name is available and afterwards reset it via
-    <code>SetHostname("")</code>.</para>
-
     <para>Note that <filename>systemd-hostnamed</filename> starts only on request and terminates after a
     short idle period. This effectively means that <function>PropertyChanged</function> messages are not sent
     out for changes made directly on the files (as in: administrator edits the files with vi). This is
@@ -244,33 +209,91 @@ node /org/freedesktop/hostname1 {
     <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     for that. For more information on these files and syscalls see the respective man pages.</para>
 
-    <para>The <varname>user_interaction</varname> boolean parameters can be used to control whether PolicyKit
-    should interactively ask the user for authentication credentials if required.</para>
+    <refsect2>
+      <title>Methods and Properties</title>
 
-    <para>The PolicyKit action for <function>SetHostname()</function> is
-    <interfacename>org.freedesktop.hostname1.set-hostname</interfacename>. For
-    <function>SetStaticHostname()</function> and <function>SetPrettyHostname()</function> it is
-    <interfacename>org.freedesktop.hostname1.set-static-hostname</interfacename>. For
-    <function>SetIconName()</function> and <function>SetChassis()</function> it is
-    <interfacename>org.freedesktop.hostname1.set-machine-info</interfacename>.</para>
+      <para><function>SetHostname()</function> sets the transient (dynamic) hostname which is exposed by the
+      <varname>Hostname</varname> property. If empty, the transient hostname is set to the static hostname.
+      </para>
 
-    <para>Here are three examples show how the pretty hostname and the icon name should be used:
+      <para><function>SetStaticHostname()</function> sets the static hostname which is exposed by the
+      <varname>StaticHostname</varname> property. If empty, the built-in default of
+      <literal>&FALLBACK_HOSTNAME;</literal> is used.</para>
+
+      <para><function>SetPrettyHostname()</function> sets the pretty hostname which is exposed by the
+      <varname>PrettyHostname</varname> property.</para>
+
+      <para><function>SetIconName()</function>, <function>SetChassis()</function>,
+      <function>SetDeployment()</function>, and <function>SetLocation()</function> set the properties
+      <varname>IconName</varname> (the name of the icon representing for the machine),
+      <varname>Chassis</varname> (the machine form factor), <varname>Deployment</varname> (the system
+      deployment environment), and <varname>Location</varname> (physical system location), respectively.
+      </para>
+
+      <para><varname>PrettyHostname</varname>, <varname>IconName</varname>, <varname>Chassis</varname>,
+      <varname>Deployment</varname>, and <varname>Location</varname> are stored in
+      <filename>/etc/machine-info</filename>. See
+      <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+      the semantics of those settings.</para>
+
+      <para><function>GetProductUUID()</function> returns the "product uuid" as exposed by the kernel based
+      on DMI information in <filename>/sys/class/dmi/id/product_uuid</filename>. Reading the file directly
+      requires root privileges, and this method allows access to unprivileged clients through the polkit
+      framework.</para>
+
+      <para><varname>KernelName</varname>, <varname>KernelRelease</varname>, and
+      <varname>KernelVersion</varname> expose the kernel name (e.g. <literal>Linux</literal>), release
+      (e.g. <literal>5.0.0-11</literal>, and version (i.e. the build number, e.g. <literal>#11</literal>) as
+      reported by
+      <citerefentry project="man-pages"><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
+      <varname>OperatingSystemPrettyName</varname>, <varname>OperatingSystemCPEName</varname>, and
+      <varname>HomeURL</varname> expose the <varname>PRETTY_NAME=</varname>, <varname>CPE_NAME=</varname> and
+      <varname>HOME_URL=</varname> fields from
+      <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
+      purpose of those properties is to allow remote clients to access this information over D-Bus. Local
+      clients can access the information directly.</para>
+    </refsect2>
+
+    <refsect2>
+      <title>Security</title>
+
+      <para>The <varname>interactive</varname> boolean parameters can be used to control whether polkit
+      should interactively ask the user for authentication credentials if required.</para>
+
+      <para>The polkit action for <function>SetHostname()</function> is
+      <interfacename>org.freedesktop.hostname1.set-hostname</interfacename>. For
+      <function>SetStaticHostname()</function> and <function>SetPrettyHostname()</function> it is
+      <interfacename>org.freedesktop.hostname1.set-static-hostname</interfacename>. For
+      <function>SetIconName()</function> and <function>SetChassis()</function> it is
+      <interfacename>org.freedesktop.hostname1.set-machine-info</interfacename>.</para>
+    </refsect2>
+  </refsect1>
+
+  <refsect1>
+    <title>Recommendations</title>
+
+    <para>Here are three examples that show how the pretty hostname and the icon name should be used:
     <itemizedlist>
-      <listitem><para>When registering DNS-SD services: use the pretty hostname in the service name, and
-      pass the icon name in the TXT data, if there is an icon name. Browsing clients can then show the server
-      icon on each service. This is especially useful for WebDAV applications or UPnP media sharing.
+      <listitem><para>When registering DNS-SD services: use the pretty hostname in the service name, and pass
+      the icon name in the TXT data, if there is an icon name. Browsing clients can then show the server icon
+      on each service. This is especially useful for WebDAV applications or UPnP media sharing.
       </para></listitem>
 
       <listitem><para>Set the bluetooth name to the pretty hostname.</para></listitem>
 
-      <listitem><para>When your file browser has a "Computer" icon, replace the name with the pretty hostname if set, and the icon with the icon name, if it is set.</para></listitem>
+      <listitem><para>When your file browser has a "Computer" icon, replace the name with the pretty hostname
+      if set, and the icon with the icon name, if it is set.</para></listitem>
     </itemizedlist></para>
 
     <para>To properly handle name lookups with changing local hostnames without having to edit
-    <filename>/etc/hosts</filename>, we recommend using <filename>systemd-hostnamed</filename> in
-    combination with <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+    <filename>/etc/hosts</filename>, we recommend using <filename>systemd-hostnamed</filename> in combination
+    with <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
     </para>
 
+    <para>A client that wants to change the local hostname for DHCP/mDNS should invoke
+    <code>SetHostname("newname", false)</code> as soon as the name is available and afterwards reset it via
+    <code>SetHostname("")</code>.</para>
+
     <para>Here are some recommendations to follow when generating a static (internet) hostname from a pretty
     name:
     <itemizedlist>
@@ -314,7 +337,7 @@ node /org/freedesktop/hostname1 {
     </itemizedlist></para>
 
     <para>Of course, an already valid internet hostname label you enter and pass through this
-    conversion should stay unmodified, so that users have direct control of it, if they want -- by simply
+    conversion should stay unmodified, so that users have direct control of it, if they want — by simply
     ignoring the fact that the pretty hostname is pretty and just edit it as if it was the normal internet
     name.</para>
   </refsect1>

man/org.freedesktop.locale1.xml

@@ -126,7 +126,8 @@ node /org/freedesktop/locale1 {
 
       <para>Use the empty string for the keymap parameters you wish not to set.</para>
 
-      <para>The <varname>interactive</varname> boolean parameters can be used to control whether PolicyKit
+      <para>The <varname>interactive</varname> boolean parameters can be used to control whether
+      <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
       should interactively ask the user for authentication credentials if required.</para>
     </refsect2>
 
@@ -160,9 +161,9 @@ node /org/freedesktop/locale1 {
     <refsect2>
       <title>Security</title>
 
-      <para>Changing the system locale or keymap using this interface is authenticated via PolicyKit. The
-      PolicyKit action for <function>SetLocale()</function> is
-      <constant>org.freedesktop.locale1.set-locale</constant>. The PolicyKit action for
+      <para>Changing the system locale or keymap using this interface is authenticated via polkit. The
+      polkit action for <function>SetLocale()</function> is
+      <constant>org.freedesktop.locale1.set-locale</constant>. The polkit action for
       <function>SetX11Keyboard()</function> and <function>SetVConsoleKeyboard()</function> is
       <constant>org.freedesktop.locale1.set-keyboard</constant>.</para>
     </refsect2>

man/org.freedesktop.login1.xml

@@ -496,22 +496,24 @@ node /org/freedesktop/login1 {
       and seat are identified by their respective IDs.</para>
 
       <para><function>SetUserLinger()</function> enables or disables user lingering. If enabled, the runtime
-      directory of a user is kept around and he may continue to run processes while he is logged out. If
+      directory of a user is kept around and they may continue to run processes while logged out. If
       disabled, the runtime directory goes away as soon as they log out. <function>SetUserLinger()</function>
       expects three arguments: the UID, a boolean whether to enable/disable and a boolean controlling the
-      PolicyKit authorization interactivity (see below). Note that the user linger state is persistently
+      <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
+      authorization interactivity (see below). Note that the user linger state is persistently
       stored on disk.</para>
 
       <para><function>AttachDevice()</function> may be used to assign a specific device to a specific
-      seat. The device is identified by its /sys path and must be eligible for seat assignments. <function>AttachDevice()</function> takes three
-      arguments: the seat id, the sysfs path, and a boolean for controlling PolicyKit interactivity (see
-      below). Device assignments are persistently stored on disk. To create a new seat, simply specify a
-      previously unused seat id. For more information about the seat assignment logic see
+      seat. The device is identified by its <filename>/sys</filename> path and must be eligible for seat
+      assignments. <function>AttachDevice()</function> takes three arguments: the seat id, the sysfs path,
+      and a boolean for controlling polkit interactivity (see below). Device assignments are persistently
+      stored on disk. To create a new seat, simply specify a previously unused seat id. For more information
+      about the seat assignment logic see
       <ulink url="https://www.freedesktop.org/wiki/Software/systemd/multiseat">Multi-Seat for Linux</ulink>.
       </para>
 
       <para><function>FlushDevices()</function> removes all explicit seat assignments for devices, resetting
-      all assignments to the automatic defaults. The only argument it takes is the PolicyKit interactivity
+      all assignments to the automatic defaults. The only argument it takes is the polkit interactivity
       boolean (see below).</para>
 
       <para><function>PowerOff()</function>, <function>Reboot()</function>, <function>Halt()</function>,
@@ -521,9 +523,9 @@ node /org/freedesktop/login1 {
       the machine is powered down). <function>HybridSleep()</function> results in the system entering a
       hybrid-sleep mode, i.e. the system is both hibernated and suspended.
       <function>SuspendThenHibernate()</function> results in the system being suspended, then later woken
-      using an RTC timer and hibernated. The only argument is the PolicyKit interactivity boolean
+      using an RTC timer and hibernated. The only argument is the polkit interactivity boolean
       <varname>interactive</varname> (see below). The main purpose of these calls is that they enforce
-      PolicyKit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged
+      polkit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged
       users. They also enforce inhibition locks. UIs should expose these calls as the primary mechanism to
       poweroff/reboot/suspend/hibernate the machine.</para>
 
@@ -678,7 +680,7 @@ node /org/freedesktop/login1 {
     <refsect2>
       <title>Security</title>
 
-      <para>A number of operations are protected via the PolicyKit privilege
+      <para>A number of operations are protected via the polkit privilege
       system. <function>SetUserLinger()</function> requires the
       <interfacename>org.freedesktop.login1.set-user-linger</interfacename>
       privilege. <function>AttachDevice()</function> requires
@@ -731,7 +733,7 @@ node /org/freedesktop/login1 {
       <interfacename>org.freedesktop.login1.inhibit-handle-lid-switch</interfacename> depending on the lock
       type and mode taken.</para>
 
-      <para>The <varname>interactive</varname> boolean parameters can be used to control whether PolicyKit
+      <para>The <varname>interactive</varname> boolean parameters can be used to control whether polkit
       should interactively ask the user for authentication credentials if required.</para>
     </refsect2>
   </refsect1>
@@ -846,8 +848,8 @@ node /org/freedesktop/login1/seat/seat0 {
       encoded in a structure consisting of the ID and the object path.</para>
 
       <para>The <varname>IdleHint</varname>, <varname>IdleSinceHint</varname>, and
-      <varname>IdleSinceHint</varname> properties encode the idle state, similar to the one exposed on the
-      Manager object, but specific for this seat.</para>
+      <varname>IdleSinceHintMonotonic</varname> properties encode the idle state, similar to the ones exposed
+      on the <interfacename>Manager</interfacename> object, but specific for this seat.</para>
     </refsect2>
   </refsect1>
 

man/org.freedesktop.resolve1.xml

@@ -394,7 +394,7 @@ node /org/freedesktop/resolve1 {
       default LLMNR setting is used. If <literal>yes</literal>, LLMNR is used for resolution of single-label
       names and the local hostname is registered on all local LANs for LLMNR resolution by peers. If
       <literal>no</literal>, LLMNR is turned off fully on this interface. If <literal>resolve</literal>, LLMNR
-      is only enabled for resolving names, but the local host name is not registered for other peers to
+      is only enabled for resolving names, but the local hostname is not registered for other peers to
       use.</para>
 
       <para>Similarly, the <function>SetLinkMulticastDNS()</function> method enables or disables MulticastDNS

man/org.freedesktop.systemd1.xml

@@ -40,9 +40,10 @@
     <para>Properties exposing time values are usually encoded in microseconds (usec) on the bus, even if
     their corresponding settings in the unit files are in seconds.</para>
 
-    <para>In contrast to most of the other services of the systemd suite, PID 1 does not use PolicyKit for
-    controlling access to privileged operations, but relies exclusively on the low-level D-Bus policy
-    language. (This is done in order to avoid a cyclic dependency between PolicyKit and systemd/PID 1.) This
+    <para>In contrast to most of the other services of the systemd suite, PID 1 does not use
+    <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
+    for controlling access to privileged operations, but relies exclusively on the low-level D-Bus policy
+    language. (This is done in order to avoid a cyclic dependency between polkit and systemd/PID 1.) This
     means that sensitive operations exposed by PID 1 on the bus are generally not available to unprivileged
     processes directly. However, some operations (such as shutdown/reboot/suspend) are made available through the D-Bus
     API of logind, see
@@ -1463,7 +1464,7 @@ node /org/freedesktop/systemd1 {
       <title>Security</title>
 
       <para>Read access is generally granted to all clients. Additionally, for unprivileged clients, some
-      operations are allowed through the PolicyKit privilege system. Operations which modify unit state
+      operations are allowed through the polkit privilege system. Operations which modify unit state
       (<function>StartUnit()</function>, <function>StopUnit()</function>, <function>KillUnit()</function>,
       <function>RestartUnit()</function> and similar, <function>SetProperty</function>) require
       <interfacename>org.freedesktop.systemd1.manage-units</interfacename>. Operations which modify unit file
@@ -2127,7 +2128,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
       allowed for everyone. All operations are allowed for clients with the
       <constant>CAP_SYS_ADMIN</constant> capability or when the
       <interfacename>org.freedesktop.systemd1.manage-units</interfacename> privilege is granted by
-      PolicyKit.</para>
+      polkit.</para>
     </refsect2>
   </refsect1>
 

man/org.freedesktop.timedate1.xml

@@ -72,22 +72,6 @@ node /org/freedesktop/timedate1 {
 };
     </programlisting>
 
-    <!--method ListTimezones is not documented!-->
-
-    <!--property Timezone is not documented!-->
-
-    <!--property LocalRTC is not documented!-->
-
-    <!--property CanNTP is not documented!-->
-
-    <!--property NTP is not documented!-->
-
-    <!--property NTPSynchronized is not documented!-->
-
-    <!--property TimeUSec is not documented!-->
-
-    <!--property RTCTimeUSec is not documented!-->
-
     <!--Autogenerated cross-references for systemd.directives, do not edit-->
 
     <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.timedate1"/>
@@ -148,25 +132,51 @@ node /org/freedesktop/timedate1 {
       network using <filename>systemd-timesyncd</filename>. This will enable and start or disable and stop
       the chosen time synchronization service.</para>
 
-      <para>Whenever the timezone and local_rtc settings are changed via the daemon,
-      <function>PropertyChanged</function> signals are sent out to which clients can subscribe. Changing the
-      time settings using this interface is authenticated via PolicyKit.</para>
+      <para><function>ListTimezones()</function> returns a list of time zones known on the local system as an
+      array of names (<literal>["Africa/Abidjan", "Africa/Accra", ..., "UTC"]</literal>).</para>
+    </refsect2>
+
+    <refsect2>
+      <title>Properties</title>
+
+      <para><varname>Timezone</varname> shows the currently configured time zone.
+      <varname>LocalRTC</varname> shows whether the RTC is configured to use UTC (false), or the local time
+      zone (true). <varname>CanNTP</varname> shows whether a service to perform time synchronization over the
+      network is available, and <varname>NTP</varname> shows whether such a service is enabled.</para>
+
+      <para><varname>NTPSynchronized</varname> shows whether the kernel reports the time as synchronized
+      (c.f.
+      <citerefentry project="man-pages"><refentrytitle>adjtimex</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
+      <varname>TimeUSec</varname> and <varname>RTCTimeUSec</varname> show the current time on the system and
+      in the RTC. The purpose of those three properties is to allow remote clients to access this information
+      over D-Bus. Local clients can access the information directly.</para>
+
+      <para>Whenever the <varname>Timezone</varname> and <varname>LocalRTC</varname> settings are changed via
+      the daemon, <function>PropertyChanged</function> signals are sent out to which clients can subscribe.
+      </para>
 
       <para>Note that this service will not inform you about system time changes. Use
       <citerefentry project="man-pages"><refentrytitle>timerfd</refentrytitle><manvolnum>3</manvolnum></citerefentry>
       with <constant>CLOCK_REALTIME</constant> and <constant>TFD_TIMER_CANCEL_ON_SET</constant> for that.
       </para>
+    </refsect2>
 
-      <para>The <varname>user_interaction</varname> boolean parameters can be used to control whether
-      PolicyKit should interactively ask the user for authentication credentials if required.</para>
+    <refsect2>
+      <title>Security</title>
 
-      <para>The PolicyKit action for <function>SetTimezone()</function> is
+      <para>The <varname>interactive</varname> boolean parameters can be used to control whether
+      <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
+      should interactively ask the user for authentication credentials if required.</para>
+
+      <para>The polkit action for <function>SetTimezone()</function> is
       <interfacename>org.freedesktop.timedate1.set-timezone</interfacename>. For
       <function>SetLocalRTC()</function> it is
       <interfacename>org.freedesktop.timedate1.set-local-rtc</interfacename>, for
       <function>SetTime()</function> it is <interfacename>org.freedesktop.timedate1.set-time</interfacename>
       and for <function>SetNTP()</function> it is
-      <interfacename>org.freedesktop.timedate1.set-ntp</interfacename>.</para>
+      <interfacename>org.freedesktop.timedate1.set-ntp</interfacename>.
+      <function>ListTimezones()</function> does not require any privileges.
+      </para>
     </refsect2>
   </refsect1>
 

man/resolvectl.xml

@@ -45,7 +45,7 @@
     interface the data was discovered. It also contains information on whether the information could be
     authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data
     originating from local, trusted sources is also reported authenticated, including resolution of the local host
-    name, the <literal>localhost</literal> host name or all data from <filename>/etc/hosts</filename>.</para>
+    name, the <literal>localhost</literal> hostname or all data from <filename>/etc/hosts</filename>.</para>
   </refsect1>
 
   <refsect1>

man/resolved.conf.xml

@@ -68,7 +68,7 @@
       <varlistentry>
         <term><varname>Domains=</varname></term>
         <listitem><para>A space-separated list of domains. These domains are used as search suffixes when resolving
-        single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified
+        single-label hostnames (domain names which contain no dot), in order to qualify them into fully-qualified
         domain names (FQDNs). Search domains are strictly processed in the order they are specified, until the name
         with the suffix appended is found. For compatibility reasons, if this setting is not specified, the search
         domains listed in <filename>/etc/resolv.conf</filename> are used instead, if that file exists and any domains

man/rules/meson.build

@@ -262,6 +262,7 @@ manpages = [
   ['sd_bus_get_events', 'sd_bus_get_timeout', 'sd_bus_set_fd'],
   ''],
  ['sd_bus_get_n_queued_read', '3', ['sd_bus_get_n_queued_write'], ''],
+ ['sd_bus_get_name_machine_id', '3', [], ''],
  ['sd_bus_is_open', '3', ['sd_bus_is_ready'], ''],
  ['sd_bus_list_names', '3', [], ''],
  ['sd_bus_message_append', '3', ['sd_bus_message_appendv'], ''],
@@ -291,7 +292,8 @@ manpages = [
   ''],
  ['sd_bus_message_get_type',
   '3',
-  ['sd_bus_message_get_errno',
+  ['sd_bus_message_get_creds',
+   'sd_bus_message_get_errno',
    'sd_bus_message_get_error',
    'sd_bus_message_is_method_call',
    'sd_bus_message_is_method_error',
@@ -319,7 +321,16 @@ manpages = [
    'sd_bus_message_new_method_errorf'],
   ''],
  ['sd_bus_message_new_signal', '3', [], ''],
- ['sd_bus_message_read', '3', ['sd_bus_message_readv'], ''],
+ ['sd_bus_message_open_container',
+  '3',
+  ['sd_bus_message_close_container',
+   'sd_bus_message_enter_container',
+   'sd_bus_message_exit_container'],
+  ''],
+ ['sd_bus_message_read',
+  '3',
+  ['sd_bus_message_peek_type', 'sd_bus_message_readv'],
+  ''],
  ['sd_bus_message_read_array', '3', [], ''],
  ['sd_bus_message_read_basic', '3', [], ''],
  ['sd_bus_message_read_strv', '3', [], ''],
@@ -379,7 +390,7 @@ manpages = [
    'sd_bus_release_name_async',
    'sd_bus_request_name_async'],
   ''],
- ['sd_bus_send', '3', [], ''],
+ ['sd_bus_send', '3', ['sd_bus_send_to'], ''],
  ['sd_bus_set_address', '3', ['sd_bus_get_address', 'sd_bus_set_exec'], ''],
  ['sd_bus_set_close_on_exit', '3', ['sd_bus_get_close_on_exit'], ''],
  ['sd_bus_set_connected_signal', '3', ['sd_bus_get_connected_signal'], ''],

man/sd-bus-container-append.c

@@ -0,0 +1,17 @@
+#include <systemd/sd-bus.h>
+
+int append_strings_to_message(sd_bus_message *m, const char *const *arr) {
+  int r;
+
+  r = sd_bus_message_open_container(m, 'a', "s");
+  if (r < 0)
+    return r;
+
+  for (const char *s = *arr; *s; s++) {
+    r = sd_bus_message_append(m, "s", s);
+    if (r < 0)
+      return r;
+  }
+
+  return sd_bus_message_close_container(m);
+}

man/sd-bus-container-read.c

@@ -0,0 +1,25 @@
+#include <stdio.h>
+
+#include <systemd/sd-bus.h>
+
+int read_strings_from_message(sd_bus_message *m) {
+  int r;
+
+  r = sd_bus_message_enter_container(m, 'a', "s");
+  if (r < 0)
+    return r;
+
+  for (;;) {
+    const char *s;
+
+    r = sd_bus_message_read(m, "s", &s);
+    if (r < 0)
+      return r;
+    if (r == 0)
+      break;
+
+    printf("%s\n", s);
+  }
+
+  return sd_bus_message_exit_container(m);
+}

man/sd-bus.xml

@@ -82,6 +82,7 @@
 <citerefentry><refentrytitle>sd_bus_get_fd</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_method_call_timeout</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_n_queued_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+<citerefentry><refentrytitle>sd_bus_get_name_machine_id</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_scope</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_tid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_unique_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
@@ -95,10 +96,14 @@
 <citerefentry><refentrytitle>sd_bus_message_append_string_memfd</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_append_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_at_end</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+<citerefentry><refentrytitle>sd_bus_message_close_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_copy</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_dump</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+<citerefentry><refentrytitle>sd_bus_message_enter_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+<citerefentry><refentrytitle>sd_bus_message_exit_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_cookie</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+<citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_monotonic_usec</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
@@ -113,6 +118,8 @@
 <citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_new_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_new_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+<citerefentry><refentrytitle>sd_bus_message_open_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+<citerefentry><refentrytitle>sd_bus_message_peek_type</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_read_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_read_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
@@ -133,6 +140,7 @@
 <citerefentry><refentrytitle>sd_bus_reply_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_request_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+<citerefentry><refentrytitle>sd_bus_send_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_set_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_set_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_set_bus_client</refentrytitle><manvolnum>3</manvolnum></citerefentry>,

man/sd_bus_get_name_machine_id.xml

@@ -0,0 +1,98 @@
+<?xml version='1.0'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
+
+<refentry id="sd_bus_get_name_machine_id" xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <refentryinfo>
+    <title>sd_bus_get_name_machine_id</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>sd_bus_get_name_machine_id</refentrytitle>
+    <manvolnum>3</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>sd_bus_get_name_machine_id</refname>
+
+    <refpurpose>Retrieve a bus client's machine identity</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <funcsynopsis>
+      <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
+
+      <funcprototype>
+        <funcdef>int <function>sd_bus_get_name_machine_id</function></funcdef>
+        <paramdef>sd_bus *<parameter>bus</parameter></paramdef>
+        <paramdef>const char *<parameter>name</parameter></paramdef>
+        <paramdef>sd_id128_t *<parameter>machine</parameter></paramdef>
+      </funcprototype>
+    </funcsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><function>sd_bus_get_name_machine_id()</function> retrieves the D-Bus machine identity of the
+    machine that the bus client identified by <parameter>name</parameter> is running on. Internally, it calls
+    the <function>GetMachineId</function> method of the <constant>org.freedesktop.DBus.Peer</constant>
+    interface. The D-Bus machine identity is a 128-bit UUID. On Linux systems running systemd, this
+    corresponds to the contents of <filename>/etc/machine-id</filename>. On success, the machine identity is
+    stored in <parameter>machine</parameter>.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Return Value</title>
+
+    <para>On success, this function returns a non-negative integer. On failure, it returns a negative
+    errno-style error code.</para>
+
+    <refsect2>
+      <title>Errors</title>
+
+      <para>Returned errors may indicate the following problems:</para>
+
+      <variablelist>
+        <varlistentry>
+          <term><constant>-EINVAL</constant></term>
+
+          <listitem><para>An argument is invalid.</para></listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><constant>-ENOPKG</constant></term>
+
+          <listitem><para>The bus cannot be resolved.</para></listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><constant>-ECHILD</constant></term>
+
+          <listitem><para>The bus was created in a different process.</para></listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><constant>-ENOMEM</constant></term>
+
+          <listitem><para>Memory allocation failed.</para></listitem>
+        </varlistentry>
+      </variablelist>
+    </refsect2>
+  </refsect1>
+
+  <xi:include href="libsystemd-pkgconfig.xml" />
+
+  <refsect1>
+    <title>See Also</title>
+
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+
+</refentry>

man/sd_bus_message_append.xml

@@ -229,7 +229,8 @@ sd_bus_message_append(m, "ynqiuxtd", y, n, q, i, u, x, t, d);</programlisting>
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd_bus_message_append_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_message_append_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>sd_bus_message_append_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_open_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     </para>
   </refsect1>
 

man/sd_bus_message_append_array.xml

@@ -34,7 +34,7 @@
         <funcdef>int sd_bus_message_append_array</funcdef>
         <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
         <paramdef>char <parameter>type</parameter></paramdef>
-        <paramdef>char void *<parameter>ptr</parameter></paramdef>
+        <paramdef>void *<parameter>ptr</parameter></paramdef>
         <paramdef>size_t <parameter>size</parameter></paramdef>
       </funcprototype>
 

man/sd_bus_message_get_type.xml

@@ -19,11 +19,12 @@
     <refname>sd_bus_message_get_type</refname>
     <refname>sd_bus_message_get_error</refname>
     <refname>sd_bus_message_get_errno</refname>
+    <refname>sd_bus_message_get_creds</refname>
     <refname>sd_bus_message_is_signal</refname>
     <refname>sd_bus_message_is_method_call</refname>
     <refname>sd_bus_message_is_method_error</refname>
 
-    <refpurpose>Query bus message addressing metadata</refpurpose>
+    <refpurpose>Query bus message addressing/credentials metadata</refpurpose>
   </refnamediv>
 
   <refsynopsisdiv>
@@ -46,6 +47,11 @@
         <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
       </funcprototype>
 
+      <funcprototype>
+        <funcdef>sd_bus_creds* <function>sd_bus_message_get_creds</function></funcdef>
+        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
+      </funcprototype>
+
       <funcprototype>
         <funcdef>int <function>sd_bus_message_is_signal</function></funcdef>
         <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
@@ -93,6 +99,11 @@
     <citerefentry><refentrytitle>sd_bus_error_add_map</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
     </para>
 
+    <para><function>sd_bus_message_get_creds()</function> returns the message credentials attached to the
+    message <parameter>m</parameter>. If no credentials are attached to the message, it returns
+    <constant>NULL</constant>. Ownership of the credentials instance is not transferred to the caller and
+    hence should not be freed.</para>
+
     <para><function>sd_bus_message_is_signal()</function> checks if message <parameter>m</parameter> is a
     signal message. If <parameter>interface</parameter> is non-null, it also checks if the message has the
     same interface set. If <parameter>member</parameter> is non-null, it also checks if the message has the
@@ -117,9 +128,10 @@
   <refsect1>
     <title>Return Value</title>
 
-    <para>On success, these functions return a non-negative integer. On failure, they return a negative
-    errno-style error code. <function>sd_bus_message_get_errno()</function> always returns a non-negative
-    integer, even on failure.</para>
+    <para>On success, these functions (except <function>sd_bus_message_get_error()</function> and
+    <function>sd_bus_message_get_creds()</function>) return a non-negative integer. On failure, they return a
+    negative errno-style error code. <function>sd_bus_message_get_errno()</function> always returns a
+    non-negative integer, even on failure.</para>
 
     <refsect2>
       <title>Errors</title>

man/sd_bus_message_open_container.xml

@@ -0,0 +1,165 @@
+<?xml version='1.0'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
+
+<refentry id="sd_bus_message_open_container"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <refentryinfo>
+    <title>sd_bus_message_open_container</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>sd_bus_message_open_container</refentrytitle>
+    <manvolnum>3</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>sd_bus_message_open_container</refname>
+    <refname>sd_bus_message_close_container</refname>
+    <refname>sd_bus_message_enter_container</refname>
+    <refname>sd_bus_message_exit_container</refname>
+
+    <refpurpose>Create and move between containers in D-Bus messages</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <funcsynopsis>
+      <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
+
+      <funcprototype>
+        <funcdef>int sd_bus_message_open_container</funcdef>
+        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
+        <paramdef>char <parameter>type</parameter></paramdef>
+        <paramdef>const char *<parameter>contents</parameter></paramdef>
+      </funcprototype>
+
+      <funcprototype>
+        <funcdef>int sd_bus_message_close_container</funcdef>
+        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
+      </funcprototype>
+
+      <funcprototype>
+        <funcdef>int sd_bus_message_enter_container</funcdef>
+        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
+        <paramdef>char <parameter>type</parameter></paramdef>
+        <paramdef>const char *<parameter>contents</parameter></paramdef>
+      </funcprototype>
+
+      <funcprototype>
+        <funcdef>int sd_bus_message_exit_container</funcdef>
+        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
+      </funcprototype>
+    </funcsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><function>sd_bus_message_open_container()</function> appends a new container to the message
+    <parameter>m</parameter>. After opening a new container, it can be filled with content using
+    <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    and similar functions. Containers behave like a stack. To nest containers inside each other, call
+    <function>sd_bus_message_open_container()</function> multiple times without calling
+    <function>sd_bus_message_close_container()</function> inbetween. Each container will be nested inside the
+    previous container. <parameter>type</parameter> represents the container type and should be one of
+    <literal>r</literal>, <literal>a</literal>, <literal>v</literal> or <literal>e</literal> as described in
+    <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+    Instead of literals, the corresponding constants <constant>SD_BUS_TYPE_STRUCT</constant>,
+    <constant>SD_BUS_TYPE_ARRAY</constant>, <constant>SD_BUS_TYPE_VARIANT</constant> or
+    <constant>SD_BUS_TYPE_DICT_ENTRY</constant> can also be used. <parameter>contents</parameter> describes
+    the type of the container's elements and should be a D-Bus type string following the rules described in
+    <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+    </para>
+
+    <para><function>sd_bus_message_close_container()</function> closes the last container opened with
+    <function>sd_bus_message_open_container()</function>. On success, the write pointer of the message
+    <parameter>m</parameter> is positioned after the closed container in its parent container or in
+    <parameter>m</parameter> itself if there is no parent container.</para>
+
+    <para><function>sd_bus_message_enter_container()</function> enters the next container of the message
+    <parameter>m</parameter>. It behaves mostly the same as
+    <function>sd_bus_message_open_container()</function>. Entering a container allows reading its contents
+    with
+    <citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    and similar functions. <parameter>type</parameter> and <parameter>contents</parameter> are the same as in
+    <function>sd_bus_message_open_container()</function>.</para>
+
+    <para><function>sd_bus_message_exit_container()</function> exits the scope of the last container entered
+    with <function>sd_bus_message_enter_container()</function>. It behaves mostly the same as
+    <function>sd_bus_message_close_container()</function>.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Return Value</title>
+
+    <para>On success, these functions return a non-negative integer. On failure, they return a negative
+    errno-style error code.</para>
+
+    <refsect2>
+      <title>Errors</title>
+
+      <para>Returned errors may indicate the following problems:</para>
+
+      <variablelist>
+        <varlistentry>
+          <term><constant>-EINVAL</constant></term>
+
+          <listitem><para><parameter>m</parameter> or <parameter>contents</parameter> are
+          <constant>NULL</constant> or <parameter>type</parameter> is invalid.</para></listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><constant>-EPERM</constant></term>
+
+          <listitem><para>The message <parameter>m</parameter> is already sealed.</para></listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><constant>-ESTALE</constant></term>
+
+          <listitem><para>The message <parameter>m</parameter> is in an invalid state.</para></listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><constant>-ENOMEM</constant></term>
+
+          <listitem><para>Memory allocation failed.</para></listitem>
+        </varlistentry>
+      </variablelist>
+    </refsect2>
+  </refsect1>
+
+  <xi:include href="libsystemd-pkgconfig.xml" />
+
+  <refsect1>
+    <title>Examples</title>
+
+    <example>
+      <title>Append an array of strings to a message</title>
+
+      <programlisting><xi:include href="sd-bus-container-append.c" parse="text" /></programlisting>
+    </example>
+
+    <example>
+      <title>Read an array of strings from a message</title>
+
+      <programlisting><xi:include href="sd-bus-container-read.c" parse="text" /></programlisting>
+    </example>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <ulink url="https://dbus.freedesktop.org/doc/dbus-specification.html">The D-Bus specification</ulink>
+    </para>
+  </refsect1>
+
+</refentry>

man/sd_bus_message_read.xml

@@ -19,6 +19,7 @@
   <refnamediv>
     <refname>sd_bus_message_read</refname>
     <refname>sd_bus_message_readv</refname>
+    <refname>sd_bus_message_peek_type</refname>
 
     <refpurpose>Read a sequence of values from a message</refpurpose>
   </refnamediv>
@@ -40,38 +41,42 @@
         <paramdef>const char *<parameter>types</parameter></paramdef>
         <paramdef>va_list <parameter>ap</parameter></paramdef>
       </funcprototype>
+
+      <funcprototype>
+        <funcdef>int <function>sd_bus_message_peek_type</function></funcdef>
+        <paramdef>char *<parameter>type</parameter></paramdef>
+        <paramdef>const char **<parameter>contents</parameter></paramdef>
+      </funcprototype>
     </funcsynopsis>
   </refsynopsisdiv>
 
   <refsect1>
     <title>Description</title>
 
-    <para><function>sd_bus_message_read()</function> reads a sequence of fields from
-    the D-Bus message object <parameter>m</parameter> and advances the read position
-    in the message. The type string <parameter>types</parameter> describes the types
-    of items expected in the message and the field arguments that follow. The type
-    string may be <constant>NULL</constant> or empty, in which case nothing is
-    read.</para>
+    <para><function>sd_bus_message_read()</function> reads a sequence of fields from the D-Bus message object
+    <parameter>m</parameter> and advances the read position in the message. The type string
+    <parameter>types</parameter> describes the types of items expected in the message and the field arguments
+    that follow. The type string may be <constant>NULL</constant> or empty, in which case nothing is read.
+    </para>
 
     <para>The type string is composed of the elements described in
     <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-    i.e. basic and container types. It must contain zero or more single "complete
-    types". The type string is <constant>NUL</constant>-terminated.</para>
+    i.e. basic and container types. It must contain zero or more single "complete types". The type string is
+    <constant>NUL</constant>-terminated.</para>
 
-    <para>For each type specified in the type string, one or more arguments need to be specified
-    after the <parameter>types</parameter> parameter, in the same order. The arguments must be
-    pointers to appropriate types (a pointer to <type>int8_t</type> for a <literal>y</literal> in
-    the type string, a pointer to <type>int32_t</type> for an <literal>i</literal>, a pointer to
-    <type>const char*</type> for an <literal>s</literal>, ...)  which are set based on the values in
-    the message. As an exception, in case of array and variant types, the first argument is an
-    "input" argument that further specifies how the message should be read. See the table below for
-    a complete list of allowed arguments and their types. Note that, if the basic type is a pointer
-    (e.g., <type>const char *</type> in the case of a string), the argument is a pointer to a
-    pointer, and also the pointer value that is written is only borrowed and the contents must be
-    copied if they are to be used after the end of the messages lifetime.</para>
+    <para>For each type specified in the type string, one or more arguments need to be specified after the
+    <parameter>types</parameter> parameter, in the same order. The arguments must be pointers to appropriate
+    types (a pointer to <type>int8_t</type> for a <literal>y</literal> in the type string, a pointer to
+    <type>int32_t</type> for an <literal>i</literal>, a pointer to <type>const char*</type> for an
+    <literal>s</literal>, ...)  which are set based on the values in the message. As an exception, in case of
+    array and variant types, the first argument is an "input" argument that further specifies how the message
+    should be read. See the table below for a complete list of allowed arguments and their types. Note that,
+    if the basic type is a pointer (e.g., <type>const char *</type> in the case of a string), the argument is
+    a pointer to a pointer, and also the pointer value that is written is only borrowed and the contents must
+    be copied if they are to be used after the end of the messages lifetime.</para>
 
-    <para>Each argument may also be <constant>NULL</constant>, in which case the value is read and
-    ignored.</para>
+    <para>Each argument may also be <constant>NULL</constant>, in which case the value is read and ignored.
+    </para>
 
     <table>
       <title>Item type specifiers</title>
@@ -139,24 +144,29 @@
       </tgroup>
     </table>
 
-    <para>If objects of the specified types are not present at the current position
-    in the message, an error is returned.
-    </para>
+    <para>If objects of the specified types are not present at the current position in the message, an error
+    is returned.</para>
 
     <para>The <function>sd_bus_message_readv()</function> is equivalent to the
-    <function>sd_bus_message_read()</function>, except that it is called with a
-    <literal>va_list</literal> instead of a variable number of arguments. This
-    function does not call the <function>va_end()</function> macro. Because it
-    invokes the <function>va_arg()</function> macro, the value of
-    <parameter>ap</parameter> is undefined after the call.</para>
+    <function>sd_bus_message_read()</function>, except that it is called with a <literal>va_list</literal>
+    instead of a variable number of arguments. This function does not call the <function>va_end()</function>
+    macro. Because it invokes the <function>va_arg()</function> macro, the value of <parameter>ap</parameter>
+    is undefined after the call.</para>
+
+    <para><function>sd_bus_message_peek_type()</function> determines the type of the next element in
+    <parameter>m</parameter> to be read by <function>sd_bus_message_read()</function> or similar functions.
+    On success, the type is stored in <parameter>type</parameter>, if it is not <constant>NULL</constant>.
+    If the type is a container type, the type of its elements is stored in <parameter>contents</parameter>,
+    if it is not <constant>NULL</constant>. If this function successfully determines the type of the next
+    element in <parameter>m</parameter>, it returns a positive integer. If there are no more elements to be
+    read, it returns zero.</para>
   </refsect1>
 
   <refsect1>
     <title>Return Value</title>
 
-    <para>On success, <function>sd_bus_message_read()</function> and
-    <function>sd_bus_message_readv()</function> return 0 or a positive integer. On failure, they return a
-    negative errno-style error code.</para>
+    <para>On success, these functions return a non-negative integer. On failure, they return a negative
+    errno-style error code.</para>
 
     <xi:include href="sd_bus_message_read_basic.xml" xpointer="errors" />
   </refsect1>
@@ -228,7 +238,8 @@ sd_bus_message_read(m, "a{is}", 3, &amp;i, &amp;s, &amp;j, &amp;t, &amp;k, &amp;
       <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd_bus_message_read_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd_bus_message_skip</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_enter_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     </para>
   </refsect1>
 

man/sd_bus_send.xml

@@ -18,6 +18,7 @@
 
   <refnamediv>
     <refname>sd_bus_send</refname>
+    <refname>sd_bus_send_to</refname>
 
     <refpurpose>Queue a D-Bus message for transfer</refpurpose>
   </refnamediv>
@@ -32,35 +33,48 @@
         <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
         <paramdef>uint64_t *<parameter>cookie</parameter></paramdef>
       </funcprototype>
+
+      <funcprototype>
+        <funcdef>int <function>sd_bus_send_to</function></funcdef>
+        <paramdef>sd_bus *<parameter>bus</parameter></paramdef>
+        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
+        <paramdef>const char *<parameter>destination</parameter></paramdef>
+        <paramdef>uint64_t *<parameter>cookie</parameter></paramdef>
+      </funcprototype>
     </funcsynopsis>
   </refsynopsisdiv>
 
   <refsect1>
     <title>Description</title>
 
-    <para><function>sd_bus_send()</function> queues the bus message object <parameter>m</parameter>
-    for transfer. If <parameter>bus</parameter> is <constant>NULL</constant>, the bus that
-    <parameter>m</parameter> is attached to is used. <parameter>bus</parameter> only needs to be set
-    when the message is sent to a different bus than the one it's attached to, for example when
-    forwarding messages. If the output parameter <parameter>cookie</parameter> is not
-    <constant>NULL</constant>, it is set to the message identifier. This value can later be used to
-    match incoming replies to their corresponding messages. If <parameter>cookie</parameter> is set
-    to <constant>NULL</constant> and the message is not sealed, <function>sd_bus_send()</function>
-    assumes the message <parameter>m</parameter> doesn't expect a reply and adds the necessary
-    headers to indicate this.</para>
+    <para><function>sd_bus_send()</function> queues the bus message object <parameter>m</parameter> for
+    transfer. If <parameter>bus</parameter> is <constant>NULL</constant>, the bus that
+    <parameter>m</parameter> is attached to is used. <parameter>bus</parameter> only needs to be set when the
+    message is sent to a different bus than the one it's attached to, for example when forwarding messages.
+    If the output parameter <parameter>cookie</parameter> is not <constant>NULL</constant>, it is set to the
+    message identifier. This value can later be used to match incoming replies to their corresponding
+    messages. If <parameter>cookie</parameter> is set to <constant>NULL</constant> and the message is not
+    sealed, <function>sd_bus_send()</function> assumes the message <parameter>m</parameter> doesn't expect a
+    reply and adds the necessary headers to indicate this.</para>
 
     <para>Note that in most scenarios, <function>sd_bus_send()</function> should not be called
     directly. Instead, use higher level functions such as
     <citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry> and
     <citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     which call <function>sd_bus_send()</function> internally.</para>
+
+    <para><function>sd_bus_send_to()</function> is a shorthand for sending a message to a specific
+    destination. It's main use case is to simplify sending unicast signal messages (signals that only have a
+    single receiver). It's behavior is similar to calling
+    <citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    followed by calling <function>sd_bus_send()</function>.</para>
   </refsect1>
 
   <refsect1>
     <title>Return Value</title>
 
-    <para>On success, this function returns a non-negative integer. On failure, it returns a
-    negative errno-style error code.</para>
+    <para>On success, these functions return a non-negative integer. On failure, they return a negative
+    errno-style error code.</para>
 
     <refsect2 id='errors'>
       <title>Errors</title>
@@ -85,8 +99,8 @@
         <varlistentry>
           <term><constant>-ECHILD</constant></term>
 
-          <listitem><para>The bus connection was allocated in a parent process and is being reused
-          in a child process after <function>fork()</function>.</para></listitem>
+          <listitem><para>The bus connection was allocated in a parent process and is being reused in a child
+          process after <function>fork()</function>.</para></listitem>
         </varlistentry>
 
         <varlistentry>
@@ -128,8 +142,7 @@
       <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_send_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     </para>
   </refsect1>
 

man/systemd-binfmt.service.xml

@@ -41,6 +41,14 @@
 
   <refsect1><title>Options</title>
     <variablelist>
+
+      <varlistentry>
+        <term><option>--unregister</option></term>
+        <listitem><para>If passed, instead of registering configured binary formats in the kernel, the
+        reverse operation is executed: all currently registered binary formats are unregistered from the
+        kernel.</para></listitem>
+      </varlistentry>
+
       <xi:include href="standard-options.xml" xpointer="cat-config" />
       <xi:include href="standard-options.xml" xpointer="no-pager" />
       <xi:include href="standard-options.xml" xpointer="help" />

man/systemd-firstboot.xml

@@ -54,7 +54,7 @@
 
       <listitem><para>The system time zone</para></listitem>
 
-      <listitem><para>The system host name</para></listitem>
+      <listitem><para>The system hostname</para></listitem>
 
       <listitem><para>The machine ID of the system</para></listitem>
 
@@ -133,7 +133,7 @@
         <term><option>--hostname=<replaceable>HOSTNAME</replaceable></option></term>
 
         <listitem><para>Sets the system hostname. The argument should
-        be a host name, compatible with DNS. This controls the
+        be a hostname, compatible with DNS. This controls the
         <citerefentry><refentrytitle>hostname</refentrytitle><manvolnum>5</manvolnum></citerefentry>
         configuration file.</para></listitem>
       </varlistentry>

man/systemd-nspawn.xml

@@ -238,7 +238,7 @@
         all subdirectories and subvolumes below it, but excluding any sub-mounts. May not be specified
         together with <option>--image=</option> or <option>--ephemeral</option>.</para>
 
-        <para>Note that this switch leaves host name, machine ID and
+        <para>Note that this switch leaves hostname, machine ID and
         all other settings that could identify the instance
         unmodified.</para></listitem>
       </varlistentry>
@@ -250,7 +250,7 @@
         <listitem><para>If specified, the container is run with a temporary snapshot of its file system that is removed
         immediately when the container terminates. May not be specified together with
         <option>--template=</option>.</para>
-        <para>Note that this switch leaves host name, machine ID and all other settings that could identify
+        <para>Note that this switch leaves hostname, machine ID and all other settings that could identify
         the instance unmodified. Please note that — as with <option>--template=</option> — taking the
         temporary snapshot is more efficient on file systems that support subvolume snapshots or 'reflinks'
         natively (<literal>btrfs</literal> or new <literal>xfs</literal>) than on more traditional file

man/systemd-resolved.service.xml

@@ -53,7 +53,7 @@
       (<citerefentry project='man-pages'><refentrytitle>nss</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
       Usage of the glibc NSS module
       <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry> is
-      required in order to allow glibc's NSS resolver functions to resolve host names via
+      required in order to allow glibc's NSS resolver functions to resolve hostnames via
       <command>systemd-resolved</command>.</para></listitem>
 
       <listitem><para>Additionally, <command>systemd-resolved</command> provides a local DNS stub listener on
@@ -69,7 +69,7 @@
     <filename>/etc/systemd/resolved.conf</filename>, the per-link static settings in
     <filename>/etc/systemd/network/*.network</filename> files (in case
     <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-    is used), the per-link dynamic settings received over DHCP, user request made via
+    is used), the per-link dynamic settings received over DHCP, information provided via
     <citerefentry><refentrytitle>resolvectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, and any
     DNS server information made available by other system services. See
     <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
@@ -104,6 +104,8 @@
 
       <listitem><para>The mappings defined in <filename>/etc/hosts</filename> are resolved to their
       configured addresses and back, but they will not affect lookups for non-address types (like MX).
+      Support for <filename>/etc/hosts</filename> may be disabled with <varname>ReadEtcHosts=no</varname>,
+      see <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
       </para></listitem>
     </itemizedlist>
   </refsect1>
@@ -111,32 +113,48 @@
   <refsect1>
     <title>Protocols and Routing</title>
 
-    <para>Lookup requests are routed to the available DNS servers, LLMNR and MulticastDNS interfaces
+    <para>Lookup requests are routed to the available DNS servers, LLMNR, and MulticastDNS interfaces
     according to the following rules:</para>
 
     <itemizedlist>
-      <listitem><para>Lookups for the special hostname <literal>localhost</literal> are never routed to the
-      network. (A few other, special domains are handled the same way.)</para></listitem>
+      <listitem><para>Names for which synthetic records are generated (as listed in the previous section) are
+      never routed to the network and a reply is sent immediately. In particular this means that lookups for
+      <literal>localhost</literal> are never routed to the network.</para></listitem>
 
-      <listitem><para>Single-label names are routed to all local interfaces capable of IP multicasting, using
-      the LLMNR protocol. Lookups for IPv4 addresses are only sent via LLMNR on IPv4, and lookups for IPv6
-      addresses are only sent via LLMNR on IPv6. Lookups for the locally configured host name and the
-      <literal>_gateway</literal> host name are never routed to LLMNR.</para></listitem>
+      <listitem><para>Single-label names are routed to all local interfaces capable of IP multicasting, where
+      LLMNR is not disabled, using the LLMNR protocol. Lookups for IPv4 addresses are only sent via LLMNR on
+      IPv4, and lookups for IPv6 addresses are only sent via LLMNR on IPv6. Lookups for the locally
+      configured hostname and the <literal>_gateway</literal> hostname are never routed to LLMNR.
+      </para></listitem>
 
       <listitem><para>Multi-label names with the domain suffix <literal>.local</literal> are routed to all
-      local interfaces capable of IP multicasting, using the MulticastDNS protocol. As with LLMNR IPv4
-      address lookups are sent via IPv4 and IPv6 address lookups are sent via IPv6.</para></listitem>
+      local interfaces capable of IP multicasting, where MulticastDNS is not disabled, using the MulticastDNS
+      protocol. As with LLMNR, IPv4 address lookups are sent via IPv4 and IPv6 address lookups are sent via
+      IPv6.</para></listitem>
+
+      <listitem><para>Resolution of address records (A and AAAA) via unicast DNS (i.e. not LLMNR or
+      MulticastDNS) for non-synthesized single-label names is only allowed for non-top-level domains. This
+      means that such records can only be resolved when search domains are defined. For any interface which
+      defines search domains, such look-ups are routed to that interface, suffixed with each of the search
+      domains defined on that interface in turn. When global search domains are defined, such look-ups are
+      routed to all interfaces, suffixed by each of the global search domains in turn. The details of which
+      servers are queried and how the final reply is chosen are described below. Note that this means that
+      address queries for single-label names are never sent out to remote DNS servers, and if no search
+      domains are defined, resolution will fail.</para></listitem>
 
       <listitem><para>Other multi-label names are routed to all local interfaces that have a DNS server
-      configured, plus the globally configured DNS server if there is one. Address lookups from the
-      link-local address range are never routed to DNS. Note that by default lookups for domains with the
-      <literal>.local</literal> suffix are not routed to DNS servers, unless the domain is specified
-      explicitly as routing or search domain for the DNS server and interface. This means that on networks
-      where the <literal>.local</literal> domain is defined in a site-specific DNS server, explicit search or
-      routing domains need to be configured to make lookups within this DNS domain work. Note that today it's
-      generally recommended to avoid defining <literal>.local</literal> in a DNS server, as <ulink
-      url="https://tools.ietf.org/html/rfc6762">RFC6762</ulink> reserves this domain for exclusive
+      configured, plus the globally configured DNS servers if there are any. Note that by default, lookups for
+      domains with the <literal>.local</literal> suffix are not routed to DNS servers, unless the domain is
+      specified explicitly as routing or search domain for the DNS server and interface. This means that on
+      networks where the <literal>.local</literal> domain is defined in a site-specific DNS server, explicit
+      search or routing domains need to be configured to make lookups within this DNS domain work. Note that
+      these days, it's generally recommended to avoid defining <literal>.local</literal> in a DNS server, as
+      <ulink url="https://tools.ietf.org/html/rfc6762">RFC6762</ulink> reserves this domain for exclusive
       MulticastDNS use.</para></listitem>
+
+      <listitem><para>Address lookups are routed similarly to multi-label names, with the exception that
+      addresses from the link-local address range are never routed to unicast DNS and are only resolved using
+      LLMNR and MulticastDNS (when enabled).</para></listitem>
     </itemizedlist>
 
     <para>If lookups are routed to multiple interfaces, the first successful response is returned (thus
@@ -151,12 +169,18 @@
 
     <itemizedlist>
       <listitem><para>If a name to look up matches (that is: is equal to or has as suffix) any of the
-      configured search or route-only domains of any link (or the globally configured DNS settings), the
+      configured search or route-only domains of any link (see
+      <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
+      or the globally configured DNS settings (see the discussion of <varname>Domains=</varname> in
+      <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
       "best matching" search/route-only domain is determined: the matching one with the most labels. The
       query is then sent to all DNS servers of any links or the globally configured DNS servers associated
       with this "best matching" search/route-only domain. (Note that more than one link might have this same
       "best matching" search/route-only domain configured, in which case the query is sent to all of them in
-      parallel).</para></listitem>
+      parallel).</para>
+
+      <para>In case of single-label names, when search domains are defined, the same logic applies, except
+      that the name is first suffixed by the search domain.</para></listitem>
 
       <listitem><para>If a query does not match any configured search/route-only domain (neither per-link nor
       global), it is sent to all DNS servers that are configured on links with the "DNS default route" option
@@ -174,14 +198,15 @@
     configured DNS domains for a link: if there's any route-only domain (not matching <literal>~.</literal>)
     it defaults to false, otherwise to true.</para>
 
-    <para>Effectively this means: in order to preferably route all DNS queries not explicitly matched by
-    search/route-only domain configuration to a specific link, configure a <literal>~.</literal> route-only
-    domain on it. This will ensure that other links will not be considered for the queries (unless they too
-    carry such a route-only domain). In order to route all such DNS queries to a specific link only in case
-    no other link is preferable, then set the "DNS default route" option for the link to true, and do not
-    configure a <literal>~.</literal> route-only domain on it. Finally, in order to ensure that a specific
-    link never receives any DNS traffic not matching any of its configured search/route-only domains, set the
-    "DNS default route" option for it to false.</para>
+    <para>Effectively this means: in order to support single-label non-synthetized names, define appropriate
+    search domains. In order to preferably route all DNS queries not explicitly matched by search/route-only
+    domain configuration to a specific link, configure a <literal>~.</literal> route-only domain on it. This
+    will ensure that other links will not be considered for these queries (unless they too carry such a
+    route-only domain). In order to route all such DNS queries to a specific link only if no other link
+    is preferable, set the "DNS default route" option for the link to true and do not configure a
+    <literal>~.</literal> route-only domain on it. Finally, in order to ensure that a specific link never
+    receives any DNS traffic not matching any of its configured search/route-only domains, set the "DNS
+    default route" option for it to false.</para>
 
     <para>See the <ulink url="https://www.freedesktop.org/wiki/Software/systemd/resolved">resolved D-Bus API
     Documentation</ulink> for information about the APIs <filename>systemd-resolved</filename> provides.

man/systemd.network.xml

@@ -441,7 +441,7 @@
             <literal>nearest-bridge</literal>, <literal>non-tpmr-bridge</literal> and
             <literal>customer-bridge</literal>.  Defaults to false, which turns off LLDP packet emission. If not false,
             a short LLDP packet with information about the local system is sent out in regular intervals on the
-            link. The LLDP packet will contain information about the local host name, the local machine ID (as stored
+            link. The LLDP packet will contain information about the local hostname, the local machine ID (as stored
             in <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and the
             local interface name, as well as the pretty hostname of the system (as set in
             <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry>). LLDP
@@ -521,12 +521,12 @@
             this link. Each item in the list should be a domain name, optionally prefixed with a tilde
             (<literal>~</literal>). The domains with the prefix are called "routing-only domains". The
             domains without the prefix are called "search domains" and are first used as search suffixes for
-            extending single-label host names (host names containing no dots) to become fully qualified
-            domain names (FQDNs). If a single-label host name is resolved on this interface, each of the
+            extending single-label hostnames (hostnames containing no dots) to become fully qualified
+            domain names (FQDNs). If a single-label hostname is resolved on this interface, each of the
             specified search domains are appended to it in turn, converting it into a fully qualified domain
             name, until one of them may be successfully resolved.</para>
 
-            <para>Both "search" and "routing-only" domains are used for routing of DNS queries: look-ups for host names
+            <para>Both "search" and "routing-only" domains are used for routing of DNS queries: look-ups for hostnames
             ending in those domains (hence also single label names, if any "search domains" are listed), are routed to
             the DNS servers configured for this interface. The domain routing logic is particularly useful on
             multi-homed hosts with DNS servers serving particular private DNS zones on each interface.</para>
@@ -1470,7 +1470,7 @@
             false.</para>
 
             <para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
-            of all host names, in particular of single-label names. It is generally safer to use the supplied domain
+            of all hostnames, in particular of single-label names. It is generally safer to use the supplied domain
             only as routing domain, rather than as search domain, in order to not have it affect local resolution of
             single-label names.</para>
 
@@ -1780,7 +1780,7 @@
             <literal>~</literal>. Defaults to false.</para>
 
             <para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
-            of all host names, in particular of single-label names. It is generally safer to use the supplied domain
+            of all hostnames, in particular of single-label names. It is generally safer to use the supplied domain
             only as routing domain, rather than as search domain, in order to not have it affect local resolution of
             single-label names.</para>
 

meson_options.txt

@@ -289,7 +289,7 @@ option('libcryptsetup', type : 'combo', choices : ['auto', 'true', 'false'],
 option('libcurl', type : 'combo', choices : ['auto', 'true', 'false'],
        description : 'libcurl support')
 option('idn', type : 'boolean',
-       description : 'use IDN when printing host names')
+       description : 'use IDN when printing hostnames')
 option('libidn2', type : 'combo', choices : ['auto', 'true', 'false'],
        description : 'libidn2 support')
 option('libidn', type : 'combo', choices : ['auto', 'true', 'false'],

po/be.po

@@ -70,21 +70,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Неабходна аўтэнтыфікацыя для перачытання стану systemd."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Усталяваць імя вузла"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Неабходна аўтэнтыфікацыя для ўсталявання імя вузла."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Усталяваць статычнае імя вузла"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Неабходна аўтэнтыфікацыя для ўсталявання як статычнага так і прыгожага імя "
 "вузла."

po/be@latin.po

@@ -70,21 +70,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Nieabchodna aŭtentyfikacyja dlia pieračytannia stanu systemd."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Ustaliavać imia vuzla"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Nieabchodna aŭtentyfikacyja dlia ŭstaliavannia imia vuzla."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Ustaliavać statyčnaje imia vuzla"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Nieabchodna aŭtentyfikacyja dlia ŭstaliavannia jak statyčnaha tak i "
 "pryhožaha imia vuzla."

po/bg.po

@@ -69,21 +69,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "За презареждане на състоянието на systemd е необходима идентификация."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Задаване на име на машината"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "За задаване на име на локалната машина е необходима идентификация."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Задаване на статично име на машината"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "За задаване на статично име на локалната машина е необходима идентификация."
 

po/ca.po

@@ -73,21 +73,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Es requereix autenticació per tornar a carregar l'estat de systemd."
 
 #: src/hostname/org.freedesktop.hostname1.policy:22
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Estableix el nom d'amfitrió"
 
 #: src/hostname/org.freedesktop.hostname1.policy:23
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Es requereix autenticació per establir el nom d'amfitrió local."
 
 #: src/hostname/org.freedesktop.hostname1.policy:32
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Estableix el nom d'amfitrió estàtic"
 
 #: src/hostname/org.freedesktop.hostname1.policy:33
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Es requereix autenticació per establir el nom d'amfitrió local configurat "
 "estàticament, així com el nom bonic d'amfitrió."

po/cs.po

@@ -120,21 +120,21 @@ msgid ""
 msgstr "Pro změnu hesla domovského adresáře uživatele je vyžadováno ověření."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Nastavit název stroje"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Pro nastavení lokálního názvu stroje je vyžadováno ověření."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Nastavit statický název stroje"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Pro nastavení staticky konfigurovaného názvu lokálního stroje, stejně tak "
 "pro změnu uživatelsky přívětivého jména je vyžadováno ověření."

po/da.po

@@ -66,21 +66,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Autentificering er nødvendig for at genindlæse systemd tilstanden."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Sæt værtsnavn"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Autentificering er nødvendig for at sætte værtsnavn."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Sæt statisk værstnavn"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Autentificering er nødvendig for at sætte det statisk konfigurerede lokale "
 "værtsnavn, lige så vel som det pæne værtsnavn."

po/de.po

@@ -71,21 +71,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Legitimierung ist zum erneuten Laden des systemd-Zustands notwendig."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Rechnername festlegen"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Legitimierung ist zum Festlegen des lokalen Rechnernamens notwendig"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Statischen Rechnernamen festlegen"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Authentifizierung ist erforderlich, um den statisch geänderten, lokalen "
 "Rechnernamen, sowie den beschönigten Rechnernamen festzulegen."

po/el.po

@@ -76,21 +76,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Ορισμός ονόματος οικοδεσπότη"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Απαιτείται πιστοποίηση για να ορίσετε τοπικά όνομα οικοδεσπότη."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Ορισμός στατικού ονόματος οικοδεσπότη"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Απαιτείται πιστοποίηση για να ορίσετε το στατικά ρυθμισμένο όνομα τοπικού "
 "οικοδεσπότη, καθώς και το pretty όνομα οικοδεσπότη."

po/es.po

@@ -71,21 +71,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Se requiere autenticación para recargar el estado de systemd."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Establecer el nombre del equipo"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Se requiere autenticación para establecer el nombre del equipo local."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Establecer nombre estático del equipo"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Se requiere autenticación para establecer el nombre estático de equipo "
 "local, así como el nombre visible del equipo."

po/fr.po

@@ -125,21 +125,21 @@ msgstr ""
 "d'un utilisateur."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Définir le nom d'hôte"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Authentification requise pour définir le nom d'hôte local."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Définir le nom d'hôte statique"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Authentification requise pour définir le nom d'hôte local de manière "
 "statique, tout comme le nom d'hôte familier."

po/gl.po

@@ -70,21 +70,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Requírese autenticación para recargar o estado de systemd."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Estabelecer o nome do equipo"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Requírese autenticación para estabelecer o nome local do equiupo."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Estabelecer o nome do equipo estático"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Requírese autenticación para estabelecer de forma o nome do equipo local "
 "estabelecido de forma estática, así como o nome do equipo lexíbel por "

po/hr.po

@@ -118,21 +118,21 @@ msgid ""
 msgstr "Potrebna je ovjera za promjenu lozinke osobnog prostora korisnika."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Postavi naziv računala"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Potrebna je ovjera za postavljanje naziva lokalnog računala."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Postavi nepromjenjivi naziv račumala"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Potrebna je ovjera za postavljenje nepromjenjivog naziva lokalnog računala, "
 "kao i prijatnog naziva računala."

po/hu.po

@@ -71,21 +71,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Hitelesítés szükséges a systemd állapotának újratöltéséhez."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Gépnév beállítása"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Hitelesítés szükséges a helyi gépnév beállításához."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Statikus gépnév beállítása"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Hitelesítés szükséges a statikusan megadott helyi gépnév, valamint a szép "
 "gépnév beállításához."

po/id.po

@@ -66,21 +66,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Otentikasi diperlukan untuk memuat ulang keadaan systemd."
 
 #: src/hostname/org.freedesktop.hostname1.policy:22
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Setel nama host"
 
 #: src/hostname/org.freedesktop.hostname1.policy:23
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Otentikasi diperlukan untuk menata nama host lokal."
 
 #: src/hostname/org.freedesktop.hostname1.policy:32
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Setel nama host statik"
 
 #: src/hostname/org.freedesktop.hostname1.policy:33
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Otentikasi diperlukan untuk menata nama host lokal yang dikonfigurasi "
 "statik, maupun nama host cantik."

po/it.po

@@ -124,21 +124,21 @@ msgstr ""
 "dell'utente."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Configura il nome host"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Autenticazione richiesta per configurare il nome host locale."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Configura il nome host statico"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Autenticazione richiesta per configurare staticamente il nome host locale e "
 "il nome host descrittivo."

po/ja.po

@@ -110,21 +110,21 @@ msgid "Authentication is required to change the password of a user's home area."
 msgstr "ユーザのホーム領域のパスワードを変更するには認証が必要です。"
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "ホスト名の設定"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "ホスト名を設定するには認証が必要です。"
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "静的なホスト名の設定"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr "静的なホスト名を設定するには認証が必要です。"
 
 #: src/hostname/org.freedesktop.hostname1.policy:41

po/ko.po

@@ -66,21 +66,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "systemd 상태를 다시 불러오려면 인증이 필요합니다."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "호스트 이름 설정"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "로컬 호스트 이름을 설정하려면 인증이 필요합니다."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "정적 호스트 이름 설정"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "로컬 호스트 이름을 모양새를 갖춘 호스트 이름 처럼  정적으로 설정하려면 인증"
 "이 필요합니다."

po/lt.po

@@ -68,22 +68,22 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Norint iš naujo įkelti systemd būseną, reikia patvirtinti tapatybę."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Nustatyti serverio pavadinimą"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr ""
 "Norint nustatyti vietinio serverio pavadinimą, reikia nustatyti tapatybę."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Nustatyti statinį serverio pavadinimą"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Norint nustatyti statiškai sukonfigūruotą serverio pavadinimą, o taip pat "
 "lengvai įsimenamą serverio pavadinimą, reikia nustatyti tapatybę."

po/pl.po

@@ -130,21 +130,21 @@ msgstr ""
 "użytkownika."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Ustawienie nazwy komputera"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Wymagane jest uwierzytelnienie, aby ustawić nazwę lokalnego komputera."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Ustawienie statycznej nazwy komputera"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Wymagane jest uwierzytelnienie, aby ustawić statycznie skonfigurowaną nazwę "
 "lokalnego komputera, a także jego nazwę czytelną dla człowieka."

po/pt_BR.po

@@ -74,21 +74,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "É necessária autenticação para recarregar o estado do sistema."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Definir nome de máquina"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "É necessária autenticação para definir nome de máquina local."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Definir nome estático de máquina"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "É necessária autenticação para definir o nome de máquina local configurado "
 "estaticamente, assim como o nome apresentável de máquina."

po/ro.po

@@ -73,21 +73,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Autentificarea este necesară pentru a reîncărca starea systemd."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Stabilește numele de server"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Autentificarea este necesară pentru a stabili numele de server local."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Stabilește numele de server static"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Autentificarea este necesara pentru a stabili numele de server static "
 "configurat local, precum și numele lung de server."

po/ru.po

@@ -134,21 +134,21 @@ msgstr ""
 " пройти аутентификацию."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Настроить имя компьютера"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Чтобы настроить имя компьютера, необходимо пройти аутентификацию."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Настроить статическое имя компьютера"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Чтобы настроить статическое имя компьютера, а также его «красивое» имя, "
 "необходимо пройти аутентификацию."

po/sk.po

@@ -72,21 +72,21 @@ msgstr ""
 "Vyžaduje sa overenie totožnosti na znovu načítanie stavu systému systemd."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Nastavenie názvu hostiteľa"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Vyžaduje sa overenie totožnosti na nastavenie názvu hostiteľa."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Nastavenie nemenného názvu hostiteľa"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Vyžaduje sa overenie totožnosti na nastavenie pevne určeného názvu miestneho "
 "hostiteľa, známeho ako zrozumiteľný názov hostiteľa."

po/sr.po

@@ -72,21 +72,21 @@ msgstr ""
 "Потребно је да се идентификујете да бисте поново учитали стање систем-деа."
 
 #: src/hostname/org.freedesktop.hostname1.policy.in:22
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Постави назив машине"
 
 #: src/hostname/org.freedesktop.hostname1.policy.in:23
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Потребно је да се идентификујете да бисте поставили назив машине."
 
 #: src/hostname/org.freedesktop.hostname1.policy.in:32
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Постави статички назив машине"
 
 #: src/hostname/org.freedesktop.hostname1.policy.in:33
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Потребно је да се идентификујете да бисте поставили статички назив машине и "
 "да бисте поставили леп назив машине."

po/sv.po

@@ -68,21 +68,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "Autentisering krävs för att läsa om tillståndet för systemd."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Ange värdnamn"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Autentisering krävs för att ställa in lokalt värdnamn."
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Ange statiskt värdnamn"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Autentisering krävs för att ställa in det statiskt konfigurerade lokala "
 "värdnamnet såväl som det stiliga värdnamnet."

po/tr.po

@@ -70,21 +70,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "systemd durumunu yeniden yüklemek kimlik doğrulaması gerektiriyor."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Makine adını ayarla"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Yerel makine adını ayarlamak kimlik doğrulaması gerektiriyor."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Statik makine adı ayarla"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Statik olarak yapılandırılmış konak makine adını ve yerel makine adını "
 "ayarlamak kimlik doğrulaması gerektiriyor."

po/uk.po

@@ -126,21 +126,21 @@ msgstr ""
 "розпізнавання."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "Встановити назву вузла"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "Потрібна автентифікація, щоб встановити назву локального вузла."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "Встановити статичну назву вузла"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr ""
 "Потрібна автентифікація, щоб вказати статично налаштовану назву локального "
 "вузла, так само й форматовану."

po/zh_CN.po

@@ -64,15 +64,15 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "重新载入 systemd 状态需要认证。"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "设置主机名"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "设置本地主机名需要认证。"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "设置静态主机名"
 
 # For pretty hostname, the zh_CN/zh_TW translation should be discussed again.
@@ -81,8 +81,8 @@ msgstr "设置静态主机名"
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
 #, fuzzy
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr "设置静态本地主机名或美观主机名需要认证。"
 
 #: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5

po/zh_TW.po

@@ -62,21 +62,21 @@ msgid "Authentication is required to reload the systemd state."
 msgstr "重新載入 systemd 狀態需要驗證。"
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
-msgid "Set host name"
+msgid "Set hostname"
 msgstr "設定主機名稱"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
-msgid "Authentication is required to set the local host name."
+msgid "Authentication is required to set the local hostname."
 msgstr "設定主機名稱需要驗證。"
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
-msgid "Set static host name"
+msgid "Set static hostname"
 msgstr "設定靜態主機名稱"
 
 #: src/hostname/org.freedesktop.hostname1.policy:31
 msgid ""
-"Authentication is required to set the statically configured local host name, "
-"as well as the pretty host name."
+"Authentication is required to set the statically configured local hostname, "
+"as well as the pretty hostname."
 msgstr "設定靜態預先設定或 pretty 本地主機名稱需要身份驗證。"
 
 #: src/hostname/org.freedesktop.hostname1.policy:41

src/basic/hostname-util.c

@@ -21,7 +21,7 @@ bool hostname_is_set(void) {
         if (isempty(u.nodename))
                 return false;
 
-        /* This is the built-in kernel default host name */
+        /* This is the built-in kernel default hostname */
         if (streq(u.nodename, "(none)"))
                 return false;
 
@@ -77,7 +77,7 @@ bool valid_ldh_char(char c) {
 }
 
 /**
- * Check if s looks like a valid host name or FQDN. This does not do
+ * Check if s looks like a valid hostname or FQDN. This does not do
  * full DNS validation, but only checks if the name is composed of
  * allowed characters and the length is not above the maximum allowed
  * by Linux (c.f. dns_name_is_valid()). Trailing dot is allowed if

src/basic/socket-util.c

@@ -901,9 +901,9 @@ ssize_t receive_one_fd_iov(
          * combination with send_one_fd().
          */
 
-        k = recvmsg(transport_fd, &mh, MSG_CMSG_CLOEXEC | flags);
+        k = recvmsg_safe(transport_fd, &mh, MSG_CMSG_CLOEXEC | flags);
         if (k < 0)
-                return (ssize_t) -errno;
+                return k;
 
         CMSG_FOREACH(cmsg, &mh) {
                 if (cmsg->cmsg_level == SOL_SOCKET &&
@@ -915,12 +915,13 @@ ssize_t receive_one_fd_iov(
                 }
         }
 
-        if (!found)
+        if (!found) {
                 cmsg_close_all(&mh);
 
-        /* If didn't receive an FD or any data, return an error. */
-        if (k == 0 && !found)
-                return -EIO;
+                /* If didn't receive an FD or any data, return an error. */
+                if (k == 0)
+                        return -EIO;
+        }
 
         if (found)
                 *ret_fd = *(int*) CMSG_DATA(found);
@@ -1171,3 +1172,24 @@ int socket_bind_to_ifindex(int fd, int ifindex) {
 
         return socket_bind_to_ifname(fd, ifname);
 }
+
+ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags) {
+        ssize_t n;
+
+        /* A wrapper around recvmsg() that checks for MSG_CTRUNC, and turns it into an error, in a reasonably
+         * safe way, closing any SCM_RIGHTS fds in the error path.
+         *
+         * Note that unlike our usual coding style this might modify *msg on failure. */
+
+        n = recvmsg(sockfd, msg, flags);
+        if (n < 0)
+                return -errno;
+
+        if (FLAGS_SET(msg->msg_flags, MSG_CTRUNC)) {
+                cmsg_close_all(msg);
+                return -EXFULL; /* a recognizable error code */
+        }
+
+        return n;
+
+}

src/basic/socket-util.h

@@ -199,3 +199,5 @@ static inline int setsockopt_int(int fd, int level, int optname, int value) {
 
 int socket_bind_to_ifname(int fd, const char *ifname);
 int socket_bind_to_ifindex(int fd, int ifindex);
+
+ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags);

src/binfmt/binfmt.c

@@ -10,6 +10,7 @@
 #include <sys/types.h>
 
 #include "alloc-util.h"
+#include "binfmt-util.h"
 #include "conf-files.h"
 #include "def.h"
 #include "fd-util.h"
@@ -24,6 +25,7 @@
 
 static bool arg_cat_config = false;
 static PagerFlags arg_pager_flags = 0;
+static bool arg_unregister = false;
 
 static int delete_rule(const char *rule) {
         _cleanup_free_ char *x = NULL, *fn = NULL;
@@ -32,18 +34,17 @@ static int delete_rule(const char *rule) {
         assert(rule);
         assert(rule[0]);
 
-        x = strdup(rule);
+        e = strchrnul(rule + 1, rule[0]);
+        x = strndup(rule + 1, e - rule - 1);
         if (!x)
                 return log_oom();
 
-        e = strchrnul(x+1, x[0]);
-        *e = 0;
-
-        if (!filename_is_valid(x + 1))
+        if (!filename_is_valid(x) ||
+            STR_IN_SET(x, "register", "status"))
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Rule file name '%s' is not valid, refusing.", x + 1);
+                                       "Rule file name '%s' is not valid, refusing.", x);
 
-        fn = path_join("/proc/sys/fs/binfmt_misc", x+1);
+        fn = path_join("/proc/sys/fs/binfmt_misc", x);
         if (!fn)
                 return log_oom();
 
@@ -116,6 +117,7 @@ static int help(void) {
                "     --version          Show package version\n"
                "     --cat-config       Show configuration files\n"
                "     --no-pager         Do not pipe output into a pager\n"
+               "     --unregister       Unregister all existing entries\n"
                "\nSee the %s for details.\n"
                , program_invocation_short_name
                , link
@@ -129,6 +131,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_VERSION = 0x100,
                 ARG_CAT_CONFIG,
                 ARG_NO_PAGER,
+                ARG_UNREGISTER,
         };
 
         static const struct option options[] = {
@@ -136,6 +139,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "version",    no_argument, NULL, ARG_VERSION    },
                 { "cat-config", no_argument, NULL, ARG_CAT_CONFIG },
                 { "no-pager",   no_argument, NULL, ARG_NO_PAGER   },
+                { "unregister", no_argument, NULL, ARG_UNREGISTER },
                 {}
         };
 
@@ -162,6 +166,10 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_pager_flags |= PAGER_DISABLE;
                         break;
 
+                case ARG_UNREGISTER:
+                        arg_unregister = true;
+                        break;
+
                 case '?':
                         return -EINVAL;
 
@@ -169,9 +177,9 @@ static int parse_argv(int argc, char *argv[]) {
                         assert_not_reached("Unhandled option");
                 }
 
-        if (arg_cat_config && argc > optind)
+        if ((arg_unregister || arg_cat_config) && argc > optind)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Positional arguments are not allowed with --cat-config");
+                                       "Positional arguments are not allowed with --cat-config or --unregister");
 
         return 1;
 }
@@ -189,6 +197,9 @@ static int run(int argc, char *argv[]) {
 
         r = 0;
 
+        if (arg_unregister)
+                return disable_binfmt();
+
         if (argc > optind) {
                 int i;
 

src/core/execute.c

@@ -1647,8 +1647,6 @@ static int apply_lock_personality(const Unit* u, const ExecContext *c) {
 #endif
 
 static int apply_protect_hostname(const Unit *u, const ExecContext *c, int *ret_exit_status) {
-        int r;
-
         assert(u);
         assert(c);
 
@@ -1668,6 +1666,8 @@ static int apply_protect_hostname(const Unit *u, const ExecContext *c, int *ret_
                 log_unit_warning(u, "ProtectHostname=yes is configured, but the kernel does not support UTS namespaces, ignoring namespace setup.");
 
 #if HAVE_SECCOMP
+        int r;
+
         if (skip_seccomp_unavailable(u, "ProtectHostname="))
                 return 0;
 

src/core/manager.c

@@ -2360,20 +2360,20 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
                 return 0;
         }
 
-        n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC|MSG_TRUNC);
-        if (n < 0) {
-                if (IN_SET(errno, EAGAIN, EINTR))
-                        return 0; /* Spurious wakeup, try again */
-
-                /* If this is any other, real error, then let's stop processing this socket. This of course means we
-                 * won't take notification messages anymore, but that's still better than busy looping around this:
-                 * being woken up over and over again but being unable to actually read the message off the socket. */
-                return log_error_errno(errno, "Failed to receive notification message: %m");
-        }
+        n = recvmsg_safe(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC|MSG_TRUNC);
+        if (IN_SET(n, -EAGAIN, -EINTR))
+                return 0; /* Spurious wakeup, try again */
+        if (n < 0)
+                /* If this is any other, real error, then let's stop processing this socket. This of course
+                 * means we won't take notification messages anymore, but that's still better than busy
+                 * looping around this: being woken up over and over again but being unable to actually read
+                 * the message off the socket. */
+                return log_error_errno(n, "Failed to receive notification message: %m");
 
         CMSG_FOREACH(cmsg, &msghdr) {
                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
 
+                        assert(!fd_array);
                         fd_array = (int*) CMSG_DATA(cmsg);
                         n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
 
@@ -2381,6 +2381,7 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
                            cmsg->cmsg_type == SCM_CREDENTIALS &&
                            cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
 
+                        assert(!ucred);
                         ucred = (struct ucred*) CMSG_DATA(cmsg);
                 }
         }

src/core/unit-printf.c

@@ -186,7 +186,7 @@ int unit_name_printf(const Unit *u, const char* format, char **ret) {
          * %u: the username of the running user
          *
          * %m: the machine ID of the running system
-         * %H: the host name of the running system
+         * %H: the hostname of the running system
          * %b: the boot ID of the running system
          */
 

src/coredump/coredump.c

@@ -911,10 +911,10 @@ static int process_socket(int fd) {
 
                 mh.msg_iov = &iovec;
 
-                n = recvmsg(fd, &mh, MSG_CMSG_CLOEXEC);
+                n = recvmsg_safe(fd, &mh, MSG_CMSG_CLOEXEC);
                 if (n < 0)  {
                         free(iovec.iov_base);
-                        r = log_error_errno(errno, "Failed to receive datagram: %m");
+                        r = log_error_errno(n, "Failed to receive datagram: %m");
                         goto finish;
                 }
 
@@ -935,15 +935,17 @@ static int process_socket(int fd) {
                         }
 
                         if (!found) {
-                                log_error("Coredump file descriptor missing.");
-                                r = -EBADMSG;
+                                cmsg_close_all(&mh);
+                                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
+                                                    "Coredump file descriptor missing.");
                                 goto finish;
                         }
 
                         assert(input_fd < 0);
                         input_fd = *(int*) CMSG_DATA(found);
                         break;
-                }
+                } else
+                        cmsg_close_all(&mh);
 
                 /* Add trailing NUL byte, in case these are strings */
                 ((char*) iovec.iov_base)[n] = 0;
@@ -952,8 +954,6 @@ static int process_socket(int fd) {
                 r = iovw_put(&iovw, iovec.iov_base, iovec.iov_len);
                 if (r < 0)
                         goto finish;
-
-                cmsg_close_all(&mh);
         }
 
         /* Make sure we got all data we really need */

src/firstboot/firstboot.c

@@ -691,7 +691,7 @@ static int help(void) {
                "     --locale-messages=LOCALE  Set message locale (LC_MESSAGES=)\n"
                "     --keymap=KEYMAP           Set keymap\n"
                "     --timezone=TIMEZONE       Set timezone\n"
-               "     --hostname=NAME           Set host name\n"
+               "     --hostname=NAME           Set hostname\n"
                "     --machine-ID=ID           Set machine ID\n"
                "     --root-password=PASSWORD  Set root password\n"
                "     --root-password-file=FILE Set root password from file\n"

src/home/homed-manager.c

@@ -981,9 +981,9 @@ static ssize_t read_datagram(int fd, struct ucred *ret_sender, void **ret) {
                         .msg_controllen = sizeof(control),
                 };
 
-                m = recvmsg(fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+                m = recvmsg_safe(fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
                 if (m < 0)
-                        return -errno;
+                        return m;
 
                 cmsg_close_all(&mh);
 

src/home/pwquality-util.c

@@ -148,7 +148,7 @@ int suggest_passwords(void) {
 
         pwquality_maybe_disable_dictionary(pwq);
 
-        suggestions = new0(char*, N_SUGGESTIONS);
+        suggestions = new0(char*, N_SUGGESTIONS+1);
         if (!suggestions)
                 return log_oom();
 

src/hostname/hostnamed.c

@@ -281,7 +281,7 @@ static int context_update_kernel_hostname(Context *c) {
         if (hostname_is_useful(static_hn))
                 hn = static_hn;
 
-        /* ... the transient host name, (ie: DHCP) comes next ... */
+        /* ... the transient hostname, (ie: DHCP) comes next ... */
         else if (!isempty(c->data[PROP_HOSTNAME]))
                 hn = c->data[PROP_HOSTNAME];
 
@@ -455,11 +455,11 @@ static int method_set_hostname(sd_bus_message *m, void *userdata, sd_bus_error *
 
         r = context_update_kernel_hostname(c);
         if (r < 0) {
-                log_error_errno(r, "Failed to set host name: %m");
+                log_error_errno(r, "Failed to set hostname: %m");
                 return sd_bus_error_set_errnof(error, r, "Failed to set hostname: %m");
         }
 
-        log_info("Changed host name to '%s'", strna(c->data[PROP_HOSTNAME]));
+        log_info("Changed hostname to '%s'", strna(c->data[PROP_HOSTNAME]));
 
         (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/hostname1", "org.freedesktop.hostname1", "Hostname", NULL);
 
@@ -507,17 +507,17 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_
 
         r = context_update_kernel_hostname(c);
         if (r < 0) {
-                log_error_errno(r, "Failed to set host name: %m");
+                log_error_errno(r, "Failed to set hostname: %m");
                 return sd_bus_error_set_errnof(error, r, "Failed to set hostname: %m");
         }
 
         r = context_write_data_static_hostname(c);
         if (r < 0) {
-                log_error_errno(r, "Failed to write static host name: %m");
+                log_error_errno(r, "Failed to write static hostname: %m");
                 return sd_bus_error_set_errnof(error, r, "Failed to set static hostname: %m");
         }
 
-        log_info("Changed static host name to '%s'", strna(c->data[PROP_STATIC_HOSTNAME]));
+        log_info("Changed static hostname to '%s'", strna(c->data[PROP_STATIC_HOSTNAME]));
 
         (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/hostname1", "org.freedesktop.hostname1", "StaticHostname", NULL);
 
@@ -548,7 +548,7 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess
                 if (prop == PROP_ICON_NAME && !filename_is_valid(name))
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid icon name '%s'", name);
                 if (prop == PROP_PRETTY_HOSTNAME && string_has_cc(name, NULL))
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid pretty host name '%s'", name);
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid pretty hostname '%s'", name);
                 if (prop == PROP_CHASSIS && !valid_chassis(name))
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid chassis '%s'", name);
                 if (prop == PROP_DEPLOYMENT && !valid_deployment(name))
@@ -586,7 +586,7 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess
         }
 
         log_info("Changed %s to '%s'",
-                 prop == PROP_PRETTY_HOSTNAME ? "pretty host name" :
+                 prop == PROP_PRETTY_HOSTNAME ? "pretty hostname" :
                  prop == PROP_DEPLOYMENT ? "deployment" :
                  prop == PROP_LOCATION ? "location" :
                  prop == PROP_CHASSIS ? "chassis" : "icon name", strna(c->data[prop]));

src/hostname/org.freedesktop.hostname1.policy

@@ -17,8 +17,8 @@
         <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url>
 
         <action id="org.freedesktop.hostname1.set-hostname">
-                <description gettext-domain="systemd">Set host name</description>
-                <message gettext-domain="systemd">Authentication is required to set the local host name.</message>
+                <description gettext-domain="systemd">Set hostname</description>
+                <message gettext-domain="systemd">Authentication is required to set the local hostname.</message>
                 <defaults>
                         <allow_any>auth_admin_keep</allow_any>
                         <allow_inactive>auth_admin_keep</allow_inactive>
@@ -27,8 +27,8 @@
         </action>
 
         <action id="org.freedesktop.hostname1.set-static-hostname">
-                <description gettext-domain="systemd">Set static host name</description>
-                <message gettext-domain="systemd">Authentication is required to set the statically configured local host name, as well as the pretty host name.</message>
+                <description gettext-domain="systemd">Set static hostname</description>
+                <message gettext-domain="systemd">Authentication is required to set the statically configured local hostname, as well as the pretty hostname.</message>
                 <defaults>
                         <allow_any>auth_admin_keep</allow_any>
                         <allow_inactive>auth_admin_keep</allow_inactive>

src/import/importd.c

@@ -566,13 +566,11 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void
         ssize_t n;
         int r;
 
-        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (n < 0) {
-                if (IN_SET(errno, EAGAIN, EINTR))
-                        return 0;
-
-                return -errno;
-        }
+        n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        if (IN_SET(n, -EAGAIN, -EINTR))
+                return 0;
+        if (n < 0)
+                return (int) n;
 
         cmsg_close_all(&msghdr);
 

src/journal/journald-server.c

@@ -1317,29 +1317,35 @@ int server_process_datagram(
 
         iovec = IOVEC_MAKE(s->buffer, s->buffer_size - 1); /* Leave room for trailing NUL we add later */
 
-        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (n < 0) {
-                if (IN_SET(errno, EINTR, EAGAIN))
-                        return 0;
-
-                return log_error_errno(errno, "recvmsg() failed: %m");
+        n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        if (IN_SET(n, -EINTR, -EAGAIN))
+                return 0;
+        if (n == -EXFULL) {
+                log_warning("Got message with truncated control data (too many fds sent?), ignoring.");
+                return 0;
         }
+        if (n < 0)
+                return log_error_errno(n, "recvmsg() failed: %m");
 
         CMSG_FOREACH(cmsg, &msghdr)
                 if (cmsg->cmsg_level == SOL_SOCKET &&
                     cmsg->cmsg_type == SCM_CREDENTIALS &&
-                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
+                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
+                        assert(!ucred);
                         ucred = (struct ucred*) CMSG_DATA(cmsg);
-                else if (cmsg->cmsg_level == SOL_SOCKET &&
+                } else if (cmsg->cmsg_level == SOL_SOCKET &&
                          cmsg->cmsg_type == SCM_SECURITY) {
+                        assert(!label);
                         label = (char*) CMSG_DATA(cmsg);
                         label_len = cmsg->cmsg_len - CMSG_LEN(0);
                 } else if (cmsg->cmsg_level == SOL_SOCKET &&
                            cmsg->cmsg_type == SO_TIMESTAMP &&
-                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
+                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) {
+                        assert(!tv);
                         tv = (struct timeval*) CMSG_DATA(cmsg);
-                else if (cmsg->cmsg_level == SOL_SOCKET &&
+                } else if (cmsg->cmsg_level == SOL_SOCKET &&
                          cmsg->cmsg_type == SCM_RIGHTS) {
+                        assert(!fds);
                         fds = (int*) CMSG_DATA(cmsg);
                         n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
                 }
@@ -1746,7 +1752,7 @@ static int server_open_hostname(Server *s) {
 
         r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
         if (r < 0)
-                return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
+                return log_error_errno(r, "Failed to adjust priority of hostname event source: %m");
 
         return 0;
 }

src/journal/journald-stream.c

@@ -545,6 +545,7 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents,
                 if (cmsg->cmsg_level == SOL_SOCKET &&
                     cmsg->cmsg_type == SCM_CREDENTIALS &&
                     cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
+                        assert(!ucred);
                         ucred = (struct ucred *)CMSG_DATA(cmsg);
                         break;
                 }

src/libsystemd-network/sd-dhcp-lease.c

@@ -700,7 +700,7 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void
         case SD_DHCP_OPTION_HOST_NAME:
                 r = lease_parse_domain(option, len, &lease->hostname);
                 if (r < 0) {
-                        log_debug_errno(r, "Failed to parse host name, ignoring: %m");
+                        log_debug_errno(r, "Failed to parse hostname, ignoring: %m");
                         return 0;
                 }
 

src/libsystemd/sd-bus/bus-socket.c

@@ -557,17 +557,24 @@ static int bus_socket_read_auth(sd_bus *b) {
                 mh.msg_control = &control;
                 mh.msg_controllen = sizeof(control);
 
-                k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-                if (k < 0 && errno == ENOTSOCK) {
+                k = recvmsg_safe(b->input_fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+                if (k == -ENOTSOCK) {
                         b->prefer_readv = true;
                         k = readv(b->input_fd, &iov, 1);
+                        if (k < 0)
+                                k = -errno;
                 } else
                         handle_cmsg = true;
         }
+        if (k == -EAGAIN)
+                return 0;
         if (k < 0)
-                return errno == EAGAIN ? 0 : -errno;
-        if (k == 0)
+                return (int) k;
+        if (k == 0) {
+                if (handle_cmsg)
+                        cmsg_close_all(&mh); /* paranoia, we shouldn't have gotten any fds on EOF */
                 return -ECONNRESET;
+        }
 
         b->rbuffer_size += k;
 
@@ -1193,17 +1200,24 @@ int bus_socket_read_message(sd_bus *bus) {
                 mh.msg_control = &control;
                 mh.msg_controllen = sizeof(control);
 
-                k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-                if (k < 0 && errno == ENOTSOCK) {
+                k = recvmsg_safe(bus->input_fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+                if (k == -ENOTSOCK) {
                         bus->prefer_readv = true;
                         k = readv(bus->input_fd, &iov, 1);
+                        if (k < 0)
+                                k = -errno;
                 } else
                         handle_cmsg = true;
         }
+        if (k == -EAGAIN)
+                return 0;
         if (k < 0)
-                return errno == EAGAIN ? 0 : -errno;
-        if (k == 0)
+                return (int) k;
+        if (k == 0) {
+                if (handle_cmsg)
+                        cmsg_close_all(&mh); /* On EOF we shouldn't have gotten an fd, but let's make sure */
                 return -ECONNRESET;
+        }
 
         bus->rbuffer_size += k;
 

src/network/networkd-lldp-rx.c

@@ -12,6 +12,7 @@
 #include "networkd-network.h"
 #include "string-table.h"
 #include "string-util.h"
+#include "strv.h"
 #include "tmpfile-util.h"
 
 DEFINE_CONFIG_PARSE_ENUM(config_parse_lldp_mode, lldp_mode, LLDPMode, "Failed to parse LLDP= setting.");
@@ -36,10 +37,10 @@ bool link_lldp_rx_enabled(Link *link) {
         if (!link->network)
                 return false;
 
-        /* LLDP should be handled on bridge slaves as those have a direct
-         * connection to their peers not on the bridge master. Linux doesn't
-         * even (by default) forward lldp packets to the bridge master.*/
-        if (streq_ptr("bridge", link->kind))
+        /* LLDP should be handled on bridge and bond slaves as those have a direct connection to their peers,
+         * not on the bridge/bond master. Linux doesn't even (by default) forward lldp packets to the bridge
+         * master.*/
+        if (link->kind && STR_IN_SET(link->kind, "bridge", "bond"))
                 return false;
 
         return link->network->lldp_mode != LLDP_MODE_NO;

src/network/networkd-lldp-tx.c

@@ -6,8 +6,8 @@
 #include <net/if_arp.h>
 
 #include "alloc-util.h"
-#include "escape.h"
 #include "env-file.h"
+#include "escape.h"
 #include "fd-util.h"
 #include "hostname-util.h"
 #include "missing_network.h"
@@ -18,6 +18,7 @@
 #include "random-util.h"
 #include "socket-util.h"
 #include "string-util.h"
+#include "strv.h"
 #include "unaligned.h"
 #include "web-util.h"
 
@@ -54,6 +55,9 @@ bool link_lldp_emit_enabled(Link *link) {
         if (!link->network)
                 return false;
 
+        if (link->kind && STR_IN_SET(link->kind, "bridge", "bond"))
+                return false;
+
         return link->network->lldp_emit != LLDP_EMIT_NO;
 }
 

src/nspawn/nspawn.c

@@ -3713,13 +3713,12 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
                 return 0;
         }
 
-        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (n < 0) {
-                if (IN_SET(errno, EAGAIN, EINTR))
-                        return 0;
+        n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        if (IN_SET(n, -EAGAIN, -EINTR))
+                return 0;
+        if (n < 0)
+                return log_warning_errno(n, "Couldn't read notification socket: %m");
 
-                return log_warning_errno(errno, "Couldn't read notification socket: %m");
-        }
         cmsg_close_all(&msghdr);
 
         CMSG_FOREACH(cmsg, &msghdr) {

src/nss-myhostname/nss-myhostname.c

@@ -77,7 +77,7 @@ enum nss_status _nss_myhostname_gethostbyname4_r(
                         return NSS_STATUS_TRYAGAIN;
                 }
 
-                /* We respond to our local host name, our hostname suffixed with a single dot. */
+                /* We respond to our local hostname, our hostname suffixed with a single dot. */
                 if (!streq(name, hn) && !streq_ptr(startswith(name, hn), "."))
                         goto not_found;
 

src/nss-systemd/nss-systemd.c

@@ -310,7 +310,12 @@ enum nss_status _nss_systemd_setpwent(int stayopen) {
         getpwent_data.iterator = userdb_iterator_free(getpwent_data.iterator);
         getpwent_data.by_membership = false;
 
-        r = userdb_all(nss_glue_userdb_flags(), &getpwent_data.iterator);
+        /* Don't synthesize root/nobody when iterating. Let nss-files take care of that. If the two records
+         * are missing there, then that's fine, after all getpwent() is known to be possibly incomplete
+         * (think: LDAP/NIS type situations), and our synthesizing of root/nobody is a robustness fallback
+         * only, which matters for getpwnam()/getpwuid() primarily, which are the main NSS entrypoints to the
+         * user database. */
+        r = userdb_all(nss_glue_userdb_flags() | USERDB_DONT_SYNTHESIZE, &getpwent_data.iterator);
         return r < 0 ? NSS_STATUS_UNAVAIL : NSS_STATUS_SUCCESS;
 }
 
@@ -329,7 +334,8 @@ enum nss_status _nss_systemd_setgrent(int stayopen) {
         getgrent_data.iterator = userdb_iterator_free(getgrent_data.iterator);
         getpwent_data.by_membership = false;
 
-        r = groupdb_all(nss_glue_userdb_flags(), &getgrent_data.iterator);
+        /* See _nss_systemd_setpwent() for an explanation why we use USERDB_DONT_SYNTHESIZE here */
+        r = groupdb_all(nss_glue_userdb_flags() | USERDB_DONT_SYNTHESIZE, &getgrent_data.iterator);
         return r < 0 ? NSS_STATUS_UNAVAIL : NSS_STATUS_SUCCESS;
 }
 

src/portable/portable.c

@@ -190,9 +190,9 @@ static int recv_item(
         assert(ret_name);
         assert(ret_fd);
 
-        n = recvmsg(socket_fd, &mh, MSG_CMSG_CLOEXEC);
+        n = recvmsg_safe(socket_fd, &mh, MSG_CMSG_CLOEXEC);
         if (n < 0)
-                return -errno;
+                return (int) n;
 
         CMSG_FOREACH(cmsg, &mh) {
                 if (cmsg->cmsg_level == SOL_SOCKET &&

src/resolve/resolved-bus.c

@@ -1116,7 +1116,7 @@ static void bus_method_resolve_service_complete(DnsQuery *q) {
 
         if (has_root_domain && found <= 0) {
                 /* If there's exactly one SRV RR and it uses
-                 * the root domain as host name, then the
+                 * the root domain as hostname, then the
                  * service is explicitly not offered on the
                  * domain. Report this as a recognizable
                  * error. See RFC 2782, Section "Usage

src/resolve/resolved-etc-hosts.c

@@ -100,7 +100,7 @@ static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) {
 
                 r = extract_first_word(&line, &name, NULL, EXTRACT_RELAX);
                 if (r < 0)
-                        return log_error_errno(r, "/etc/hosts:%u: couldn't extract host name: %m", nr);
+                        return log_error_errno(r, "/etc/hosts:%u: couldn't extract hostname: %m", nr);
                 if (r == 0)
                         break;
 
@@ -162,7 +162,7 @@ static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) {
         }
 
         if (!found)
-                log_warning("/etc/hosts:%u: line is missing any host names", nr);
+                log_warning("/etc/hosts:%u: line is missing any hostnames", nr);
 
         return 0;
 }

src/resolve/resolved-manager.c

@@ -341,7 +341,7 @@ static int determine_hostname(char **full_hostname, char **llmnr_hostname, char
         p = h;
         r = dns_label_unescape(&p, label, sizeof label, 0);
         if (r < 0)
-                return log_error_errno(r, "Failed to unescape host name: %m");
+                return log_error_errno(r, "Failed to unescape hostname: %m");
         if (r == 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Couldn't find a single label in hostname.");
@@ -371,7 +371,7 @@ static int determine_hostname(char **full_hostname, char **llmnr_hostname, char
 
         r = dns_label_escape_new(decoded, r, &n);
         if (r < 0)
-                return log_error_errno(r, "Failed to escape host name: %m");
+                return log_error_errno(r, "Failed to escape hostname: %m");
 
         if (is_localhost(n))
                 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
@@ -411,7 +411,7 @@ static int make_fallback_hostnames(char **full_hostname, char **llmnr_hostname,
         p = fallback_hostname();
         r = dns_label_unescape(&p, label, sizeof label, 0);
         if (r < 0)
-                return log_error_errno(r, "Failed to unescape fallback host name: %m");
+                return log_error_errno(r, "Failed to unescape fallback hostname: %m");
 
         assert(r > 0); /* The fallback hostname must have at least one label */
 
@@ -775,17 +775,14 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
 
         iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
 
-        l = recvmsg(fd, &mh, 0);
-        if (l < 0) {
-                if (IN_SET(errno, EAGAIN, EINTR))
-                        return 0;
-
-                return -errno;
-        }
+        l = recvmsg_safe(fd, &mh, 0);
+        if (IN_SET(l, -EAGAIN, -EINTR))
+                return 0;
+        if (l < 0)
+                return l;
         if (l == 0)
                 return 0;
 
-        assert(!(mh.msg_flags & MSG_CTRUNC));
         assert(!(mh.msg_flags & MSG_TRUNC));
 
         p->size = (size_t) l;

src/shared/ask-password-api.c

@@ -925,12 +925,11 @@ int ask_password_agent(
                 msghdr.msg_control = &control;
                 msghdr.msg_controllen = sizeof(control);
 
-                n = recvmsg(socket_fd, &msghdr, 0);
+                n = recvmsg_safe(socket_fd, &msghdr, 0);
+                if (IN_SET(n, -EAGAIN, -EINTR))
+                        continue;
                 if (n < 0) {
-                        if (IN_SET(errno, EAGAIN, EINTR))
-                                continue;
-
-                        r = -errno;
+                        r = (int) n;
                         goto finish;
                 }
 

src/shared/binfmt-util.c

@@ -0,0 +1,33 @@
+#include <sys/stat.h>
+#include <sys/statvfs.h>
+#include <sys/vfs.h>
+
+#include "binfmt-util.h"
+#include "fileio.h"
+#include "missing_magic.h"
+#include "stat-util.h"
+
+int disable_binfmt(void) {
+        int r;
+
+        /* Flush out all rules. This is important during shutdown to cover for rules using "F", since those
+         * might pin a file and thus block us from unmounting stuff cleanly.
+         *
+         * We are a bit careful here, since binfmt_misc might still be an autofs which we don't want to
+         * trigger. */
+
+        r = path_is_fs_type("/proc/sys/fs/binfmt_misc", BINFMTFS_MAGIC);
+        if (r == 0 || r == -ENOENT) {
+                log_debug("binfmt_misc is not mounted, not detaching entries.");
+                return 0;
+        }
+        if (r < 0)
+                return log_warning_errno(r, "Failed to determine whether binfmt_misc is mounted: %m");
+
+        r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m");
+
+        log_debug("Unregistered all remaining binfmt_misc entries.");
+        return 0;
+}

src/shared/binfmt-util.h

@@ -0,0 +1,4 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+int disable_binfmt(void);

src/shared/bus-wait-for-units.c

@@ -80,6 +80,15 @@ static WaitForItem *wait_for_item_free(WaitForItem *item) {
 
 DEFINE_TRIVIAL_CLEANUP_FUNC(WaitForItem*, wait_for_item_free);
 
+static void call_unit_callback_and_wait(BusWaitForUnits *d, WaitForItem *item, bool good) {
+        d->current = item;
+
+        if (item->unit_callback)
+                item->unit_callback(d, item->bus_path, good, item->userdata);
+
+        wait_for_item_free(item);
+}
+
 static void bus_wait_for_units_clear(BusWaitForUnits *d) {
         WaitForItem *item;
 
@@ -88,13 +97,8 @@ static void bus_wait_for_units_clear(BusWaitForUnits *d) {
         d->slot_disconnected = sd_bus_slot_unref(d->slot_disconnected);
         d->bus = sd_bus_unref(d->bus);
 
-        while ((item = hashmap_first(d->items))) {
-                d->current = item;
-
-                if (item->unit_callback)
-                        item->unit_callback(d, item->bus_path, false, item->userdata);
-                wait_for_item_free(item);
-        }
+        while ((item = hashmap_first(d->items)))
+                call_unit_callback_and_wait(d, item, false);
 
         d->items = hashmap_free(d->items);
 }
@@ -213,13 +217,7 @@ static void wait_for_item_check_ready(WaitForItem *item) {
                         return;
         }
 
-        if (item->unit_callback) {
-                d->current = item;
-                item->unit_callback(d, item->bus_path, true, item->userdata);
-        }
-
-        wait_for_item_free(item);
-
+        call_unit_callback_and_wait(d, item, true);
         bus_wait_for_units_check_ready(d);
 }
 
@@ -304,10 +302,7 @@ static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error
                 log_debug_errno(sd_bus_error_get_errno(error), "GetAll() failed for %s: %s",
                                 item->bus_path, error->message);
 
-                d->current = item;
-                item->unit_callback(d, item->bus_path, false, item->userdata);
-                wait_for_item_free(item);
-
+                call_unit_callback_and_wait(d, item, false);
                 bus_wait_for_units_check_ready(d);
                 return 0;
         }

src/shared/install-printf.c

@@ -115,7 +115,7 @@ int install_full_printf(const UnitFileInstallInfo *i, const char *format, char *
          * %U the UID of the running user
          * %u the username of running user
          * %m the machine ID of the running system
-         * %H the host name of the running system
+         * %H the hostname of the running system
          * %b the boot ID of the running system
          * %v `uname -r` of the running system
          */

src/shared/meson.build

@@ -12,6 +12,8 @@ shared_sources = files('''
         barrier.h
         base-filesystem.c
         base-filesystem.h
+        binfmt-util.c
+        binfmt-util.h
         bitmap.c
         bitmap.h
         blkid-util.h

src/shutdown/shutdown.c

@@ -16,6 +16,7 @@
 
 #include "alloc-util.h"
 #include "async.h"
+#include "binfmt-util.h"
 #include "cgroup-setup.h"
 #include "cgroup-util.h"
 #include "def.h"
@@ -386,6 +387,7 @@ int main(int argc, char *argv[]) {
                 sync_with_progress();
 
         disable_coredumps();
+        disable_binfmt();
 
         log_info("Sending SIGTERM to remaining processes...");
         broadcast_signal(SIGTERM, true, true, arg_timeout);

src/timesync/timesyncd-manager.c

@@ -438,12 +438,11 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re
                 return manager_connect(m);
         }
 
-        len = recvmsg(fd, &msghdr, MSG_DONTWAIT);
+        len = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT);
+        if (len == -EAGAIN)
+                return 0;
         if (len < 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                log_warning("Error receiving message. Disconnecting.");
+                log_warning_errno(len, "Error receiving message, disconnecting: %m");
                 return manager_connect(m);
         }
 

src/udev/udev-ctrl.c

@@ -212,13 +212,11 @@ static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32
         if (size == 0)
                 return 0; /* Client disconnects? */
 
-        size = recvmsg(fd, &smsg, 0);
-        if (size < 0) {
-                if (errno != EINTR)
-                        return log_error_errno(errno, "Failed to receive ctrl message: %m");
-
+        size = recvmsg_safe(fd, &smsg, 0);
+        if (size == -EINTR)
                 return 0;
-        }
+        if (size < 0)
+                return log_error_errno(size, "Failed to receive ctrl message: %m");
 
         cmsg_close_all(&smsg);
 

src/udev/udev-rules.c

@@ -1092,7 +1092,9 @@ static int rule_add_line(UdevRules *rules, const char *line_str, unsigned line_n
         if (isempty(line_str))
                 return 0;
 
-        line = strdup(line_str);
+        /* We use memdup_suffix0() here, since we want to add a second NUL byte to the end, since possibly
+         * some parsers might turn this into a "nulstr", which requires an extra NUL at the end. */
+        line = memdup_suffix0(line_str, strlen(line_str) + 1);
         if (!line)
                 return log_oom();
 
@@ -1328,11 +1330,7 @@ static bool token_match_string(UdevRuleToken *token, const char *str) {
                 match = isempty(str);
                 break;
         case MATCH_TYPE_SUBSYSTEM:
-                NULSTR_FOREACH(i, "subsystem\0class\0bus\0")
-                        if (streq(i, str)) {
-                                match = true;
-                                break;
-                        }
+                match = STR_IN_SET(str, "subsystem", "class", "bus");
                 break;
         case MATCH_TYPE_PLAIN_WITH_EMPTY:
                 if (isempty(str)) {