2026-03-19 11:34:46 +01:00
84 changed files with 413 additions and 460 deletions
--- a/.clang-tidy
+++ b/.clang-tidy
@ -2,33 +2,10 @@
 ---
 Checks: '
    -*,
    bugprone-argument-comment,
    bugprone-chained-comparison,
    bugprone-integer-division,
    bugprone-misplaced-operator-in-strlen-in-alloc,
    bugprone-misplaced-pointer-arithmetic-in-alloc,
    bugprone-posix-return,
    bugprone-redundant-branch-condition,
    bugprone-sizeof-expression,
    bugprone-suspicious-enum-usage,
    bugprone-suspicious-semicolon,
    bugprone-suspicious-string-compare,
    bugprone-swapped-arguments,
    bugprone-tautological-type-limits,
    bugprone-unused-return-value,
    misc-header-include-cycle,
    misc-include-cleaner,
    misc-misplaced-const,
    misc-use-internal-linkage,
    readability-avoid-const-params-in-decls,
    readability-const-return-type,
    readability-duplicate-include,
-    readability-inconsistent-declaration-parameter-name,
+    bugprone-argument-comment,
-    readability-misleading-indentation,
+    misc-include-cleaner
    readability-named-parameter,
    readability-redundant-casting,
    readability-redundant-declaration,
    readability-redundant-function-ptr-dereference
 '
 CheckOptions:
  misc-include-cleaner.MissingIncludes: 'false'
@ -51,9 +28,7 @@ CheckOptions:
    varlink-idl-common\.h;
    unistd\.h
 '
  misc-header-include-cycle.IgnoredFilesList: 'glib-2.0'
 WarningsAsErrors: '*'
 ExcludeHeaderFilterRegex: 'blkid\.h|gmessages\.h|gstring\.h'
 HeaderFileExtensions:
  - h
 ImplementationFileExtensions:
--- a/.github/workflows/build-test.sh
+++ b/.github/workflows/build-test.sh
@ -17,7 +17,6 @@ ARGS=(
    "--optimization=3 -Db_lto=false -Dtpm2=disabled -Dlibfido2=disabled -Dp11kit=disabled -Defi=false -Dbootloader=disabled"
    "--optimization=3 -Dfexecve=true -Dstandalone-binaries=true -Dstatic-libsystemd=true -Dstatic-libudev=true"
    "-Db_ndebug=true"
    "--auto-features=disabled -Dcompat-mutable-uid-boundaries=true"
 )
 PACKAGES=(
    cryptsetup-bin
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@ -77,7 +77,7 @@ jobs:
          mkosi box -- ruff check src/core/generate-bpf-delegate-configs.py src/boot/generate-hwids-section.py src/test/generate-sym-test.py src/ukify/ukify.py test/integration-tests/integration-test-wrapper.py
      - name: Configure meson
-        run: mkosi box -- env CC=clang CXX=clang++ meson setup build
+        run: mkosi box -- env CC=clang CXX=clang++ meson setup -Dlocalegen-path=/usr/bin/locale-gen -Dcompat-mutable-uid-boundaries=true build
      - name: Run clang-tidy
        run: mkosi box -- meson test -C build --suite=clang-tidy --print-errorlogs --no-stdsplit --quiet
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@ -1715,7 +1715,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
          <listitem>
            <para>Shut down and reboot the system.</para>
-            <para>This command is mostly equivalent to <command>systemctl start reboot.target
+            <para>This command mostly equivalent to <command>systemctl start reboot.target
            --job-mode=replace-irreversibly --no-block</command>, but also prints a wall message to all
            users. This command is asynchronous; it will return after the reboot operation is enqueued,
            without waiting for it to complete.</para>
--- a/src/basic/cleanup-util.h
+++ b/src/basic/cleanup-util.h
@ -28,6 +28,7 @@ typedef void* (*mfree_func_t)(void *p);
        })
 #define _DEFINE_TRIVIAL_REF_FUNC(type, name, scope)                                     \
        /* NOLINTNEXTLINE (readability-inconsistent-declaration-parameter-name) */      \
        scope type *name##_ref(type *p) {                                               \
                if (!p)                                                                 \
                        return NULL;                                                    \
@ -42,6 +43,7 @@ typedef void* (*mfree_func_t)(void *p);
        }
 #define _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, scope)                        \
        /* NOLINTNEXTLINE (readability-inconsistent-declaration-parameter-name) */      \
        scope type *name##_unref(type *p) {                                             \
                if (!p)                                                                 \
                        return NULL;                                                    \
--- a/src/basic/filesystems.h
+++ b/src/basic/filesystems.h
@ -38,4 +38,4 @@ int fs_type_from_string(const char *name, const statfs_f_type_t **ret);
 bool fs_in_group(const struct statfs *s, enum FilesystemGroups fs_group);
 /* gperf prototypes */
-const struct FilesystemMagic* filesystems_gperf_lookup(const char *str, GPERF_LEN_TYPE length);
+const struct FilesystemMagic* filesystems_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@ -1135,17 +1135,17 @@ bool oom_score_adjust_is_valid(int oa) {
        return oa >= OOM_SCORE_ADJ_MIN && oa <= OOM_SCORE_ADJ_MAX;
 }
-unsigned long personality_from_string(const char *s) {
+unsigned long personality_from_string(const char *p) {
        Architecture architecture;
-        if (!s)
+        if (!p)
                return PERSONALITY_INVALID;
        /* Parse a personality specifier. We use our own identifiers that indicate specific ABIs, rather than just
         * hints regarding the register size, since we want to keep things open for multiple locally supported ABIs for
         * the same register size. */
-        architecture = architecture_from_string(s);
+        architecture = architecture_from_string(p);
        if (architecture < 0)
                return PERSONALITY_INVALID;
@ -1247,8 +1247,8 @@ bool nice_is_valid(int n) {
        return n >= PRIO_MIN && n < PRIO_MAX;
 }
-bool sched_policy_is_valid(int policy) {
+bool sched_policy_is_valid(int i) {
-        return IN_SET(policy, SCHED_OTHER, SCHED_BATCH, SCHED_IDLE, SCHED_FIFO, SCHED_RR, SCHED_EXT);
+        return IN_SET(i, SCHED_OTHER, SCHED_BATCH, SCHED_IDLE, SCHED_FIFO, SCHED_RR, SCHED_EXT);
 }
 bool sched_policy_supported(int policy) {
@ -1407,7 +1407,7 @@ int pidref_safe_fork_full(
                int except_fds[],
                size_t n_except_fds,
                ForkFlags flags,
-                PidRef *ret) {
+                PidRef *ret_pid) {
        pid_t original_pid, pid;
        sigset_t saved_ss, ss;
@ -1421,7 +1421,7 @@ int pidref_safe_fork_full(
               (flags & (FORK_WAIT|FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGINT|FORK_DEATHSIG_SIGKILL)) == 0);
        /* A wrapper around fork(), that does a couple of important initializations in addition to mere
-         * forking. If provided, ret is initialized in both the parent and the child process, both times
+         * forking. If provided, ret_pid is initialized in both the parent and the child process, both times
         * referencing the child process. Returns == 0 in the child and > 0 in the parent. */
        prio = flags & FORK_LOG ? LOG_ERR : LOG_DEBUG;
@ -1465,7 +1465,7 @@ int pidref_safe_fork_full(
                if (!r) {
                        /* Not a reaper process, hence do a double fork() so we are reparented to one */
-                        if (ret && socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, pidref_transport_fds) < 0)
+                        if (ret_pid && socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, pidref_transport_fds) < 0)
                                return log_full_errno(prio, errno, "Failed to allocate pidref socket: %m");
                        pid = fork();
@ -1499,7 +1499,7 @@ int pidref_safe_fork_full(
                                        if (n < 0)
                                                return log_full_errno(prio, n, "Failed to receive child pidref: %m");
-                                        *ret = (PidRef) { .pid = pid, .fd = pidfd };
+                                        *ret_pid = (PidRef) { .pid = pid, .fd = pidfd };
                                }
                                return 1; /* return in the parent */
@ -1569,16 +1569,20 @@ int pidref_safe_fork_full(
                                return -EPROTO;
                        /* If we are in the parent and successfully waited, then the process doesn't exist anymore. */
-                        if (ret)
+                        if (ret_pid)
-                                *ret = PIDREF_NULL;
+                                *ret_pid = PIDREF_NULL;
                        return 1;
                }
-                if (ret) {
+                if (ret_pid) {
-                        r = pidref_set_pid(ret, pid);
+                        if (FLAGS_SET(flags, _FORK_PID_ONLY))
                                *ret_pid = PIDREF_MAKE_FROM_PID(pid);
                        else {
                                r = pidref_set_pid(ret_pid, pid);
                                if (r < 0) /* Let's not fail for this, no matter what, the process exists after all, and that's key */
-                                *ret = PIDREF_MAKE_FROM_PID(pid);
+                                        *ret_pid = PIDREF_MAKE_FROM_PID(pid);
                        }
                }
                return 1;
@ -1759,17 +1763,45 @@ int pidref_safe_fork_full(
        if (FLAGS_SET(flags, FORK_FREEZE))
                freeze();
-        if (ret) {
+        if (ret_pid) {
-                r = pidref_set_self(ret);
+                if (FLAGS_SET(flags, _FORK_PID_ONLY))
                        *ret_pid = PIDREF_MAKE_FROM_PID(getpid_cached());
                else {
                        r = pidref_set_self(ret_pid);
                        if (r < 0) {
                                log_full_errno(prio, r, "Failed to acquire PID reference on ourselves: %m");
                                _exit(EXIT_FAILURE);
                        }
                }
        }
        return 0;
 }
 int safe_fork_full(
                const char *name,
                const int stdio_fds[3],
                int except_fds[],
                size_t n_except_fds,
                ForkFlags flags,
                pid_t *ret_pid) {
        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
        int r;
        /* Getting the detached child process pid without pidfd is racy, so don't allow it if not returning
         * a pidref to the caller. */
        assert(!FLAGS_SET(flags, FORK_DETACH) || !ret_pid);
        r = pidref_safe_fork_full(name, stdio_fds, except_fds, n_except_fds, flags|_FORK_PID_ONLY, ret_pid ? &pidref : NULL);
        if (r < 0 || !ret_pid)
                return r;
        *ret_pid = pidref.pid;
        return r;
 }
 int namespace_fork_full(
                const char *outer_name,
                const char *inner_name,
--- a/src/basic/process-util.h
+++ b/src/basic/process-util.h
@ -101,8 +101,8 @@ bool oom_score_adjust_is_valid(int oa);
 * personality we're interested in. */
 #define OPINIONATED_PERSONALITY_MASK 0xFFUL
-unsigned long personality_from_string(const char *s);
+unsigned long personality_from_string(const char *p);
-const char* personality_to_string(unsigned long p);
+const char* personality_to_string(unsigned long);
 int safe_personality(unsigned long p);
 int opinionated_personality(unsigned long *ret);
@ -124,10 +124,10 @@ int pid_compare_func(const pid_t *a, const pid_t *b);
 bool nice_is_valid(int n) _const_;
-bool sched_policy_is_valid(int policy) _const_;
+bool sched_policy_is_valid(int i) _const_;
-bool sched_policy_supported(int policy);
+bool sched_policy_supported(int i);
-int sched_get_priority_min_safe(int policy);
+int sched_get_priority_min_safe(int i);
-int sched_get_priority_max_safe(int policy);
+int sched_get_priority_max_safe(int i);
 #define PID_AUTOMATIC ((pid_t) INT_MIN) /* special value indicating "acquire pid from connection peer" */
@ -176,6 +176,8 @@ typedef enum ForkFlags {
        FORK_NEW_PIDNS          = 1 << 21, /* Run child in its own PID namespace                                 💣 DO NOT USE IN THREADED PROGRAMS! 💣 */
        FORK_FREEZE             = 1 << 22, /* Don't return in child, just call freeze() instead */
        FORK_ALLOW_DLOPEN       = 1 << 23, /* Do not block dlopen() in child */
        _FORK_PID_ONLY          = 1 << 24, /* Don't open a pidfd referencing the child process */
 } ForkFlags;
 int pidref_safe_fork_full(
@ -184,10 +186,22 @@ int pidref_safe_fork_full(
                int except_fds[],
                size_t n_except_fds,
                ForkFlags flags,
-                PidRef *ret);
+                PidRef *ret_pid);
-static inline int pidref_safe_fork(const char *name, ForkFlags flags, PidRef *ret) {
+static inline int pidref_safe_fork(const char *name, ForkFlags flags, PidRef *ret_pid) {
-        return pidref_safe_fork_full(name, NULL, NULL, 0, flags, ret);
+        return pidref_safe_fork_full(name, NULL, NULL, 0, flags, ret_pid);
 }
 int safe_fork_full(
                const char *name,
                const int stdio_fds[3],
                int except_fds[],
                size_t n_except_fds,
                ForkFlags flags,
                pid_t *ret_pid);
 static inline int safe_fork(const char *name, ForkFlags flags, pid_t *ret_pid) {
        return safe_fork_full(name, NULL, NULL, 0, flags, ret_pid);
 }
 int namespace_fork_full(
--- a/src/basic/string-table.h
+++ b/src/basic/string-table.h
@ -15,6 +15,7 @@ ssize_t string_table_lookup_from_string_fallback(const char * const *table, size
 /* For basic lookup tables with strictly enumerated entries */
 #define _DEFINE_STRING_TABLE_LOOKUP_TO_STRING(name, type, scope)                                        \
        /* NOLINTNEXTLINE (readability-inconsistent-declaration-parameter-name) */                      \
        scope const char* name##_to_string(type i) {                                                    \
                return string_table_lookup_to_string(name##_table, ELEMENTSOF(name##_table), i);        \
        }
@ -30,6 +31,7 @@ ssize_t string_table_lookup_from_string_fallback(const char * const *table, size
        }
 #define _DEFINE_STRING_TABLE_LOOKUP_TO_STRING_FALLBACK(name, type, max, scope)                          \
        /* NOLINTNEXTLINE (readability-inconsistent-declaration-parameter-name) */                      \
        scope int name##_to_string_alloc(type i, char **ret) {                                          \
                return string_table_lookup_to_string_fallback(name##_table, ELEMENTSOF(name##_table), i, max, ret); \
        }
--- a/src/basic/terminal-util.h
+++ b/src/basic/terminal-util.h
@ -124,7 +124,7 @@ bool terminal_is_dumb(void);
 bool dev_console_colors_enabled(void);
 int get_ctty_devnr(pid_t pid, dev_t *ret);
-int get_ctty(pid_t pid, dev_t *ret_devnr, char **ret);
+int get_ctty(pid_t, dev_t *ret_devnr, char **ret);
 int getttyname_malloc(int fd, char **ret);
 int getttyname_harder(int fd, char **ret);
--- a/src/basic/time-util.h
+++ b/src/basic/time-util.h
@ -173,7 +173,7 @@ char* save_timezone(void);
 bool clock_supported(clockid_t clock);
-usec_t usec_shift_clock(usec_t x, clockid_t from, clockid_t to);
+usec_t usec_shift_clock(usec_t, clockid_t from, clockid_t to);
 int get_timezone(char **ret);
 const char* etc_localtime(void);
--- a/src/basic/uid-classification.c
+++ b/src/basic/uid-classification.c
@ -1,6 +1,5 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
 #include <threads.h>
 #include "chase.h"
@ -8,8 +7,6 @@
 #include "fileio.h"
 #include "log.h"
 #include "string-util.h"
 #endif
 #include "uid-classification.h"
 #include "user-util.h"
--- a/src/boot/efi-string-table.h
+++ b/src/boot/efi-string-table.h
@ -5,6 +5,7 @@
 #include "macro-fundamental.h"
 #define _DEFINE_STRING_TABLE_LOOKUP_TO_STRING(name,type,scope)                          \
        /* NOLINTNEXTLINE (readability-inconsistent-declaration-parameter-name) */      \
        scope const char* name##_to_string(type i) {                                    \
                assert(i >= 0 && i < (type) ELEMENTSOF(name##_table));                  \
                return name##_table[i];                                                 \
--- a/src/core/automount.c
+++ b/src/core/automount.c
@ -655,13 +655,12 @@ static int asynchronous_expire(int dev_autofs_fd, int ioctl_fd) {
         * child's PID, we are PID1/autoreaper after all, hence when it dies we'll automatically clean it up
         * anyway. */
-        r = pidref_safe_fork_full(
+        r = safe_fork_full("(sd-expire)",
                        "(sd-expire)",
                           /* stdio_fds= */ NULL,
                           (int[]) { dev_autofs_fd, ioctl_fd },
                           /* n_except_fds= */ 2,
                           FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG,
-                        /* ret= */ NULL);
+                           /* ret_pid= */ NULL);
        if (r != 0)
                return r;
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@ -1416,7 +1416,7 @@ static int setup_pam(
        parent_pid = getpid_cached();
-        r = pidref_safe_fork("(sd-pam)", /* flags= */ 0, /* ret= */ NULL);
+        r = safe_fork("(sd-pam)", 0, NULL);
        if (r < 0)
                goto fail;
        if (r == 0) {
--- a/src/core/manager.c
+++ b/src/core/manager.c
@ -4133,7 +4133,7 @@ static int manager_run_generators(Manager *m) {
        if (is_dir("/tmp", /* follow= */ false) > 0 && !MANAGER_IS_TEST_RUN(m))
                flags |= FORK_PRIVATE_TMP;
-        r = pidref_safe_fork("(sd-gens)", flags, /* ret= */ NULL);
+        r = safe_fork("(sd-gens)", flags, NULL);
        if (r == 0) {
                r = manager_execute_generators(m, paths, /* remount_ro= */ true);
                _exit(r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE);
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -3502,6 +3502,7 @@ static int is_extension_overlay(const char *path, int fd) {
 static int unpeel_get_fd(const char *mount_path, int *ret_fd) {
        _cleanup_close_pair_ int pipe_fds[2] = EBADF_PAIR;
        _cleanup_close_ int fs_fd = -EBADF;
        pid_t pid;
        int r;
        assert(mount_path);
@ -3512,7 +3513,7 @@ static int unpeel_get_fd(const char *mount_path, int *ret_fd) {
                return log_debug_errno(errno, "Failed to create socket pair: %m");
        /* Clone mount namespace here to unpeel without affecting live process */
-        r = pidref_safe_fork("(sd-ns-unpeel)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE, /* ret= */ NULL);
+        r = safe_fork("(sd-ns-unpeel)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
@ -3902,10 +3903,9 @@ int refresh_extensions_in_namespace(
         *    overlays to obtain FDs the underlying directories, over which we will reapply the overlays
         * 3. In the child again, receive the FDs and reapply the overlays
         */
-        r = pidref_safe_fork(
+        r = safe_fork("(sd-ns-refresh-exts)",
                        "(sd-ns-refresh-exts)",
                      FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE,
-                        /* ret= */ NULL);
+                      NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/core/unit.c
+++ b/src/core/unit.c
@ -5540,6 +5540,7 @@ int unit_set_exec_params(Unit *u, ExecParameters *p) {
 int unit_fork_helper_process_full(Unit *u, const char *name, bool into_cgroup, ForkFlags flags, PidRef *ret) {
        CGroupRuntime *crt = NULL;
        pid_t pid;
        int r;
        assert(u);
@ -5547,8 +5548,8 @@ int unit_fork_helper_process_full(Unit *u, const char *name, bool into_cgroup, F
        assert(ret);
        /* Forks off a helper process and makes sure it is a member of the unit's cgroup, if configured to
-         * do so. Returns == 0 in the child, and > 0 in the parent. The pidref parameter is always filled in
+         * do so. Returns == 0 in the child, and > 0 in the parent. The pid parameter is always filled in
-         * with the child's PID reference. */
+         * with the child's PID. */
        if (into_cgroup) {
                r = unit_realize_cgroup(u);
@ -5558,11 +5559,19 @@ int unit_fork_helper_process_full(Unit *u, const char *name, bool into_cgroup, F
                crt = unit_get_cgroup_runtime(u);
        }
-        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+        r = safe_fork(name, FORK_REOPEN_LOG|FORK_DEATHSIG_SIGTERM|flags, &pid);
        r = pidref_safe_fork(name, FORK_REOPEN_LOG|FORK_DEATHSIG_SIGTERM|flags, &pidref);
        if (r < 0)
                return r;
        if (r > 0) {
                _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
                int q;
                /* Parent */
                q = pidref_set_pid(&pidref, pid);
                if (q < 0)
                        return q;
                *ret = TAKE_PIDREF(pidref);
                return r;
        }
@ -5580,7 +5589,6 @@ int unit_fork_helper_process_full(Unit *u, const char *name, bool into_cgroup, F
                }
        }
        *ret = TAKE_PIDREF(pidref);
        return 0;
 }
--- a/src/dissect/dissect.c
+++ b/src/dissect/dissect.c
@ -1785,7 +1785,7 @@ static int action_with(DissectedImage *m, LoopDevice *d) {
                        return log_error_errno(r, "Failed to unlock loopback block device: %m");
        }
-        rcode = pidref_safe_fork("(with)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, /* ret= */ NULL);
+        rcode = safe_fork("(with)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL);
        if (rcode == 0) {
                /* Child */
--- a/src/fundamental/macro-fundamental.h
+++ b/src/fundamental/macro-fundamental.h
@ -398,7 +398,7 @@ assert_cc(sizeof(long long) == sizeof(intmax_t));
 #define STRLEN(x) (sizeof(""x"") - sizeof(typeof(x[0])))
 DISABLE_WARNING_REDUNDANT_DECLS;
-void free(void *p); /* NOLINT (readability-redundant-declaration) */
+void free(void *p);
 REENABLE_WARNING;
 #define mfree(memory)                           \
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@ -2233,10 +2233,9 @@ int home_killall(Home *h) {
        assert(h->uid > 0); /* We never should be UID 0 */
        /* Let's kill everything matching the specified UID */
-        r = pidref_safe_fork(
+        r = safe_fork("(sd-killer)",
                        "(sd-killer)",
                      FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGKILL|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
-                        /* ret= */ NULL);
+                      NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/home/homework-fscrypt.c
+++ b/src/home/homework-fscrypt.c
@ -115,10 +115,9 @@ int home_flush_keyring_fscrypt(UserRecord *h) {
        if (!uid_is_valid(h->uid))
                return 0;
-        r = pidref_safe_fork(
+        r = safe_fork("(sd-delkey)",
                        "(sd-delkey)",
                      FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_REOPEN_LOG,
-                        /* ret= */ NULL);
+                      NULL);
        if (r < 0)
                return r;
        if (r == 0) {
@ -410,10 +409,9 @@ int home_setup_fscrypt(
        /* Also install the access key in the user's own keyring */
        if (uid_is_valid(h->uid)) {
-                r = pidref_safe_fork(
+                r = safe_fork("(sd-addkey)",
                                "(sd-addkey)",
                              FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_REOPEN_LOG,
-                                /* ret= */ NULL);
+                              NULL);
                if (r < 0)
                        return log_error_errno(r, "Failed to install encryption key in user's keyring: %m");
                if (r == 0) {
--- a/src/home/homework-luks.c
+++ b/src/home/homework-luks.c
@ -2665,7 +2665,7 @@ static int ext4_offline_resize_fs(
        r = pidref_safe_fork(
                        "(e2resize)",
                        FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/home/pam_systemd_home.c
+++ b/src/home/pam_systemd_home.c
@ -682,7 +682,7 @@ static int acquire_home(
                                                if (FLAGS_SET(flags, ACQUIRE_MUST_AUTHENTICATE))
                                                        pam_syslog(pamh, LOG_ERR, "Failed to prompt for password/prompt.");
-                                                else
+                                                else if (debug)
                                                        pam_debug_syslog(pamh, debug, "Failed to prompt for password/prompt.");
                                                return home_not_active || home_locked ? PAM_PERM_DENIED : PAM_CONV_ERR;
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@ -301,12 +301,12 @@ int import_mangle_os_tree_fd_foreign(
        assert(tree_fd >= 0);
        assert(userns_fd >= 0);
-        r = pidref_safe_fork_full(
+        r = safe_fork_full(
                        "mangle-tree",
                        /* stdio_fds= */ NULL,
                        (int[]) { userns_fd, tree_fd }, 2,
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_REOPEN_LOG|FORK_WAIT,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
@ -401,12 +401,12 @@ int import_copy_foreign(
        if (r < 0)
                return r;
-        r = pidref_safe_fork_full(
+        r = safe_fork_full(
                        "copy-tree",
                        /* stdio_fds= */ NULL,
                        (int[]) { *userns_fd, source_fd, target_fd }, 3,
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_REOPEN_LOG|FORK_WAIT,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
@ -459,12 +459,12 @@ int import_remove_tree_foreign(const char *path, int *userns_fd) {
        if (r < 0)
                return r;
-        r = pidref_safe_fork_full(
+        r = safe_fork_full(
                        "rm-tree",
                        /* stdio_fds= */ NULL,
                        (int[]) { *userns_fd, tree_fd }, 2,
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_REOPEN_LOG|FORK_WAIT,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/import/pull-tar.c
+++ b/src/import/pull-tar.c
@ -288,15 +288,12 @@ static int tar_pull_make_local_copy(TarPull *p) {
                                if (fstat(directory_fd, &st) < 0)
                                        return log_error_errno(errno, "Failed to stat '%s': %m", p->final_path);
-                                if (!uid_is_foreign(st.st_uid))
+                                if (uid_is_foreign(st.st_uid)) {
                                        return log_error_errno(
                                                        SYNTHETIC_ERRNO(EINVAL),
                                                        "Image tree '%s' is not owned by the foreign UID range, refusing.",
                                                        p->final_path);
                                        r = mountfsd_mount_directory_fd(directory_fd, p->userns_fd, DISSECT_IMAGE_FOREIGN_UID, &p->tree_fd);
                                        if (r < 0)
                                                return r;
                                } else
                                        p->tree_fd = TAKE_FD(directory_fd);
                        }
                        _cleanup_close_ int directory_fd = -EBADF;
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@ -125,17 +125,16 @@ DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
 **********************************************************************/
 static int spawn_child(const char *child, char **argv) {
        pid_t child_pid;
        int fd[2], r;
        if (pipe(fd) < 0)
                return log_error_errno(errno, "Failed to create pager pipe: %m");
-        r = pidref_safe_fork_full(
+        r = safe_fork_full("(remote)",
                        "(remote)",
                           (int[]) {STDIN_FILENO, fd[1], STDERR_FILENO },
                           NULL, 0,
-                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE,
+                           FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &child_pid);
                        /* ret= */ NULL);
        if (r < 0) {
                safe_close_pair(fd);
                return r;
--- a/src/journal/journalctl-show.c
+++ b/src/journal/journalctl-show.c
@ -342,7 +342,7 @@ static int on_first_event(sd_event_source *s, void *userdata) {
                return r;
        if (arg_follow && !c->has_cursor && !arg_since_set) {
-                r = sd_journal_get_cursor(c->journal, /* ret= */ NULL);
+                r = sd_journal_get_cursor(c->journal, /* ret_cursor= */ NULL);
                if (r == -EADDRNOTAVAIL) {
                        /* If we shall operate in --follow mode, and we are unable to get a cursor after
                         * doing our first round of output, then this means there was no data to show
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@ -1026,10 +1026,7 @@ static int connect_as(int fd, const struct sockaddr *sa, socklen_t salen, uid_t
        if (pipe2(pfd, O_CLOEXEC) < 0)
                return -errno;
-        r = pidref_safe_fork(
+        r = safe_fork("(sd-setresuid)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_WAIT, /* ret_pid= */ NULL);
                        "(sd-setresuid)",
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_WAIT,
                        /* ret= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/libsystemd/sd-bus/test-bus-cleanup.c
+++ b/src/libsystemd/sd-bus/test-bus-cleanup.c
@ -26,7 +26,7 @@ static void test_bus_fork(void) {
        assert_se(bus->n_ref == 1);
        /* Check that after a fork the cleanup functions return NULL */
-        r = pidref_safe_fork("(bus-fork-test)", FORK_WAIT|FORK_LOG, NULL);
+        r = safe_fork("(bus-fork-test)", FORK_WAIT|FORK_LOG, NULL);
        if (r == 0) {
                assert_se(bus);
                ASSERT_RETURN_EXPECTED_SE(sd_bus_is_ready(bus) == -ECHILD);
--- a/src/libsystemd/sd-device/test-sd-device.c
+++ b/src/libsystemd/sd-device/test-sd-device.c
@ -39,10 +39,7 @@ TEST(mdio_bus) {
        if (running_in_chroot() > 0)
                return (void) log_tests_skipped("Running in chroot");
-        r = ASSERT_OK(pidref_safe_fork(
+        ASSERT_OK(r = safe_fork("(mdio_bus)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REOPEN_LOG|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE, NULL));
                        "(mdio_bus)",
                        FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REOPEN_LOG|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE,
                        NULL));
        if (r == 0) {
                const char *syspath = "/sys/bus/mdio_bus/drivers/Qualcomm Atheros AR8031!AR8033";
                const char *id = "+drivers:mdio_bus:Qualcomm Atheros AR8031!AR8033";
--- a/src/libsystemd/sd-event/test-event.c
+++ b/src/libsystemd/sd-event/test-event.c
@ -851,7 +851,7 @@ TEST(fork) {
        ASSERT_OK_ZERO(sd_event_prepare(e));
        /* Check that after a fork the cleanup functions return NULL */
-        r = pidref_safe_fork("(bus-fork-test)", FORK_WAIT|FORK_LOG, NULL);
+        r = safe_fork("(bus-fork-test)", FORK_WAIT|FORK_LOG, NULL);
        if (r == 0) {
                ASSERT_NOT_NULL(e);
                ASSERT_NULL(sd_event_ref(e));
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@ -1232,7 +1232,7 @@ _public_ int sd_journal_previous_skip(sd_journal *j, uint64_t skip) {
        return real_journal_next_skip(j, DIRECTION_UP, skip);
 }
-_public_ int sd_journal_get_cursor(sd_journal *j, char **ret) {
+_public_ int sd_journal_get_cursor(sd_journal *j, char **ret_cursor) {
        Object *o;
        int r;
@ -1246,10 +1246,10 @@ _public_ int sd_journal_get_cursor(sd_journal *j, char **ret) {
        if (r < 0)
                return r;
-        if (!ret)
+        if (!ret_cursor)
                return 0;
-        if (asprintf(ret,
+        if (asprintf(ret_cursor,
                     "s=%s;i=%"PRIx64";b=%s;m=%"PRIx64";t=%"PRIx64";x=%"PRIx64,
                     SD_ID128_TO_STRING(j->current_file->header->seqnum_id), le64toh(o->entry.seqnum),
                     SD_ID128_TO_STRING(o->entry.boot_id), le64toh(o->entry.monotonic),
@ -2813,7 +2813,7 @@ static bool field_is_valid(const char *field) {
        return true;
 }
-_public_ int sd_journal_get_data(sd_journal *j, const char *field, const void **ret_data, size_t *ret_size) {
+_public_ int sd_journal_get_data(sd_journal *j, const char *field, const void **data, size_t *length) {
        JournalFile *f;
        size_t field_length;
        Object *o;
@ -2822,8 +2822,8 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void **
        assert_return(j, -EINVAL);
        assert_return(!journal_origin_changed(j), -ECHILD);
        assert_return(field, -EINVAL);
-        assert_return(ret_data, -EINVAL);
+        assert_return(data, -EINVAL);
-        assert_return(ret_size, -EINVAL);
+        assert_return(length, -EINVAL);
        assert_return(field_is_valid(field), -EINVAL);
        f = j->current_file;
@ -2856,8 +2856,8 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void **
                if (r < 0)
                        return r;
-                *ret_data = d;
+                *data = d;
-                *ret_size = l;
+                *length = l;
                return 0;
        }
@ -2865,15 +2865,15 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void **
        return -ENOENT;
 }
-_public_ int sd_journal_enumerate_data(sd_journal *j, const void **ret_data, size_t *ret_size) {
+_public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *length) {
        JournalFile *f;
        Object *o;
        int r;
        assert_return(j, -EINVAL);
        assert_return(!journal_origin_changed(j), -ECHILD);
-        assert_return(ret_data, -EINVAL);
+        assert_return(data, -EINVAL);
-        assert_return(ret_size, -EINVAL);
+        assert_return(length, -EINVAL);
        f = j->current_file;
        if (!f)
@ -2901,8 +2901,8 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **ret_data, siz
                        return r;
                assert(r > 0);
-                *ret_data = d;
+                *data = d;
-                *ret_size = l;
+                *length = l;
                j->current_field++;
@ -2912,11 +2912,11 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **ret_data, siz
        return 0;
 }
-_public_ int sd_journal_enumerate_available_data(sd_journal *j, const void **ret_data, size_t *ret_size) {
+_public_ int sd_journal_enumerate_available_data(sd_journal *j, const void **data, size_t *length) {
        for (;;) {
                int r;
-                r = sd_journal_enumerate_data(j, ret_data, ret_size);
+                r = sd_journal_enumerate_data(j, data, length);
                if (r >= 0)
                        return r;
                if (!JOURNAL_ERRNO_IS_UNAVAILABLE_FIELD(r))
@ -3469,11 +3469,11 @@ _public_ int sd_journal_enumerate_unique(
        }
 }
-_public_ int sd_journal_enumerate_available_unique(sd_journal *j, const void **ret_data, size_t *ret_size) {
+_public_ int sd_journal_enumerate_available_unique(sd_journal *j, const void **data, size_t *size) {
        for (;;) {
                int r;
-                r = sd_journal_enumerate_unique(j, ret_data, ret_size);
+                r = sd_journal_enumerate_unique(j, data, size);
                if (r >= 0)
                        return r;
                if (!JOURNAL_ERRNO_IS_UNAVAILABLE_FIELD(r))
@ -3492,12 +3492,12 @@ _public_ void sd_journal_restart_unique(sd_journal *j) {
        j->unique_file_lost = false;
 }
-_public_ int sd_journal_enumerate_fields(sd_journal *j, const char **ret) {
+_public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) {
        int r;
        assert_return(j, -EINVAL);
        assert_return(!journal_origin_changed(j), -ECHILD);
-        assert_return(ret, -EINVAL);
+        assert_return(field, -EINVAL);
        if (!j->fields_file) {
                if (j->fields_file_lost)
@ -3549,7 +3549,7 @@ _public_ int sd_journal_enumerate_fields(sd_journal *j, const char **ret) {
                                /* Proceed with next file */
                                j->fields_file = ordered_hashmap_next(j->files, f->path);
                                if (!j->fields_file) {
-                                        *ret = NULL;
+                                        *field = NULL;
                                        return 0;
                                }
@ -3629,7 +3629,7 @@ _public_ int sd_journal_enumerate_fields(sd_journal *j, const char **ret) {
                if (!field_is_valid(j->fields_buffer))
                        return -EBADMSG;
-                *ret = j->fields_buffer;
+                *field = j->fields_buffer;
                return 1;
        }
 }
--- a/src/libsystemd/sd-journal/test-journal-init.c
+++ b/src/libsystemd/sd-journal/test-journal-init.c
@ -43,7 +43,7 @@ int main(int argc, char *argv[]) {
                assert_se(sd_journal_seek_head(j) == 0);
                assert_se(j->current_location.type == LOCATION_HEAD);
-                r = pidref_safe_fork("(journal-fork-test)", FORK_WAIT|FORK_LOG, NULL);
+                r = safe_fork("(journal-fork-test)", FORK_WAIT|FORK_LOG, NULL);
                if (r == 0) {
                        assert_se(j);
                        ASSERT_RETURN_EXPECTED_SE(sd_journal_get_realtime_usec(j, NULL) == -ECHILD);
--- a/src/libsystemd/sd-netlink/netlink-message-rtnl.c
+++ b/src/libsystemd/sd-netlink/netlink-message-rtnl.c
@ -55,28 +55,30 @@ static bool rtnl_message_type_is_nsid(uint16_t type) {
 }
 #define DEFINE_RTNL_MESSAGE_SETTER(class, header_type, element, name, value_type)  \
-        int sd_rtnl_message_##class##_set_##name(sd_netlink_message *m, value_type name) { \
+        /* NOLINTNEXTLINE (readability-inconsistent-declaration-parameter-name) */ \
        int sd_rtnl_message_##class##_set_##name(sd_netlink_message *m, value_type value) { \
                assert_return(m, -EINVAL);                              \
                assert_return(m->hdr, -EINVAL);                         \
                assert_return(rtnl_message_type_is_##class(m->hdr->nlmsg_type), -EINVAL); \
                                                                        \
                header_type *hdr = NLMSG_DATA(m->hdr);                  \
-                hdr->element = name;                                    \
+                hdr->element = value;                                   \
                return 0;                                               \
        }
 #define DEFINE_RTNL_MESSAGE_PREFIXLEN_SETTER(class, header_type, family_element, element, name, value_type) \
-        int sd_rtnl_message_##class##_set_##name(sd_netlink_message *m, value_type name) { \
+        /* NOLINTNEXTLINE (readability-inconsistent-declaration-parameter-name) */                          \
        int sd_rtnl_message_##class##_set_##name(sd_netlink_message *m, value_type value) { \
                assert_return(m, -EINVAL);                              \
                assert_return(m->hdr, -EINVAL);                         \
                assert_return(rtnl_message_type_is_##class(m->hdr->nlmsg_type), -EINVAL); \
                                                                        \
                header_type *hdr = NLMSG_DATA(m->hdr);                  \
                                                                        \
-                if (name > FAMILY_ADDRESS_SIZE_SAFE(hdr->family_element) * 8) \
+                if (value > FAMILY_ADDRESS_SIZE_SAFE(hdr->family_element) * 8) \
                        return -ERANGE;                                 \
                                                                        \
-                hdr->element = name;                                    \
+                hdr->element = value;                                   \
                return 0;                                               \
        }
--- a/src/libudev/libudev.h
+++ b/src/libudev/libudev.h
@ -18,7 +18,7 @@ extern "C" {
 * allows custom logging
 */
 struct udev;
-struct udev* udev_ref(struct udev *p);
+struct udev* udev_ref(struct udev *udev);
 struct udev* udev_unref(struct udev *udev);
 struct udev* udev_new(void);
 void udev_set_log_fn(
@ -63,8 +63,8 @@ const char* udev_list_entry_get_value(struct udev_list_entry *list_entry);
 * access to sysfs/kernel devices
 */
 struct udev_device;
-struct udev_device* udev_device_ref(struct udev_device *p);
+struct udev_device* udev_device_ref(struct udev_device *udev_device);
-struct udev_device* udev_device_unref(struct udev_device *p);
+struct udev_device* udev_device_unref(struct udev_device *udev_device);
 struct udev* udev_device_get_udev(struct udev_device *udev_device);
 struct udev_device* udev_device_new_from_syspath(struct udev *udev, const char *syspath);
 struct udev_device* udev_device_new_from_devnum(struct udev *udev, char type, dev_t devnum);
@ -108,8 +108,8 @@ int udev_device_has_current_tag(struct udev_device *udev_device, const char *tag
 * access to kernel uevents and udev events
 */
 struct udev_monitor;
-struct udev_monitor* udev_monitor_ref(struct udev_monitor *p);
+struct udev_monitor* udev_monitor_ref(struct udev_monitor *udev_monitor);
-struct udev_monitor* udev_monitor_unref(struct udev_monitor *p);
+struct udev_monitor* udev_monitor_unref(struct udev_monitor *udev_monitor);
 struct udev* udev_monitor_get_udev(struct udev_monitor *udev_monitor);
 /* kernel and udev generated events over netlink */
 struct udev_monitor* udev_monitor_new_from_netlink(struct udev *udev, const char *name);
@ -133,8 +133,8 @@ int udev_monitor_filter_remove(struct udev_monitor *udev_monitor);
 * search sysfs for specific devices and provide a sorted list
 */
 struct udev_enumerate;
-struct udev_enumerate* udev_enumerate_ref(struct udev_enumerate *p);
+struct udev_enumerate* udev_enumerate_ref(struct udev_enumerate *udev_enumerate);
-struct udev_enumerate* udev_enumerate_unref(struct udev_enumerate *p);
+struct udev_enumerate* udev_enumerate_unref(struct udev_enumerate *udev_enumerate);
 struct udev* udev_enumerate_get_udev(struct udev_enumerate *udev_enumerate);
 struct udev_enumerate* udev_enumerate_new(struct udev *udev);
 /* device properties filter */
@ -160,8 +160,8 @@ struct udev_list_entry* udev_enumerate_get_list_entry(struct udev_enumerate *ude
 * access to the currently running udev events
 */
 struct udev_queue;
-struct udev_queue* udev_queue_ref(struct udev_queue *p);
+struct udev_queue* udev_queue_ref(struct udev_queue *udev_queue);
-struct udev_queue* udev_queue_unref(struct udev_queue *p);
+struct udev_queue* udev_queue_unref(struct udev_queue *udev_queue);
 struct udev* udev_queue_get_udev(struct udev_queue *udev_queue);
 struct udev_queue* udev_queue_new(struct udev *udev);
 unsigned long long int udev_queue_get_kernel_seqnum(struct udev_queue *udev_queue) __attribute__((__deprecated__));
@ -184,8 +184,8 @@ struct udev_list_entry* udev_queue_get_queued_list_entry(struct udev_queue *udev
 */
 struct udev_hwdb;
 struct udev_hwdb* udev_hwdb_new(struct udev *udev);
-struct udev_hwdb* udev_hwdb_ref(struct udev_hwdb *p);
+struct udev_hwdb* udev_hwdb_ref(struct udev_hwdb *hwdb);
-struct udev_hwdb* udev_hwdb_unref(struct udev_hwdb *p);
+struct udev_hwdb* udev_hwdb_unref(struct udev_hwdb *hwdb);
 struct udev_list_entry* udev_hwdb_get_properties_list_entry(struct udev_hwdb *hwdb, const char *modalias, unsigned flags);
 /*
--- a/src/locale/localed-util.c
+++ b/src/locale/localed-util.c
@ -6,6 +6,7 @@
 #include "sd-bus.h"
 #include "alloc-util.h"
 #include "copy.h"
 #include "env-file.h"
 #include "errno-util.h"
 #include "escape.h"
@ -18,17 +19,13 @@
 #include "localed-util.h"
 #include "log.h"
 #include "mkdir-label.h"
 #include "process-util.h"
 #include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
 #include "tmpfile-util.h"
 #include "xkbcommon-util.h"
 #if HAVE_LOCALEGEN
 #include "copy.h"
 #include "process-util.h"
 #endif
 int x11_context_verify_and_warn(const X11Context *xc, int log_level, sd_bus_error *error) {
        int r;
@ -576,12 +573,10 @@ int locale_gen_enable_locale(const char *locale) {
 int locale_gen_run(void) {
 #if HAVE_LOCALEGEN
        pid_t pid;
        int r;
-        r = pidref_safe_fork(
+        r = safe_fork("(sd-localegen)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, &pid);
                        "(locale-gen)",
                        FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT,
                        /* ret= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/login/logind-brightness.c
+++ b/src/login/logind-brightness.c
@ -9,7 +9,6 @@
 #include "alloc-util.h"
 #include "bus-message-util.h"
 #include "device-util.h"
 #include "event-util.h"
 #include "format-util.h"
 #include "hash-funcs.h"
 #include "logind.h"
@ -43,6 +42,8 @@ typedef struct BrightnessWriter {
        sd_device *device;
        char *path;
        pid_t child;
        uint32_t brightness;
        bool again;
@ -110,6 +111,8 @@ static int on_brightness_writer_exit(sd_event_source *s, const siginfo_t *si, vo
        assert(s);
        assert(si);
        assert(si->si_pid == w->child);
        w->child = 0;
        w->child_event_source = sd_event_source_unref(w->child_event_source);
        brightness_writer_reply(w,
@ -139,13 +142,10 @@ static int brightness_writer_fork(BrightnessWriter *w) {
        assert(w);
        assert(w->manager);
        assert(w->child == 0);
        assert(!w->child_event_source);
-        _cleanup_(pidref_done_sigkill_wait) PidRef pidref = PIDREF_NULL;
+        r = safe_fork("(sd-bright)", FORK_DEATHSIG_SIGKILL|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_REOPEN_LOG, &w->child);
        r = pidref_safe_fork(
                        "(sd-bright)",
                        FORK_DEATHSIG_SIGKILL|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_REOPEN_LOG,
                        &pidref);
        if (r < 0)
                return r;
        if (r == 0) {
@ -163,15 +163,9 @@ static int brightness_writer_fork(BrightnessWriter *w) {
                _exit(EXIT_SUCCESS);
        }
-        r = event_add_child_pidref(w->manager->event, &w->child_event_source, &pidref, WEXITED, on_brightness_writer_exit, w);
+        r = sd_event_add_child(w->manager->event, &w->child_event_source, w->child, WEXITED, on_brightness_writer_exit, w);
        if (r < 0)
-                return log_error_errno(r, "Failed to watch brightness writer child " PID_FMT ": %m", pidref.pid);
+                return log_error_errno(r, "Failed to watch brightness writer child " PID_FMT ": %m", w->child);
        r = sd_event_source_set_child_process_own(w->child_event_source, true);
        if (r < 0)
                return log_error_errno(r, "Failed to take ownership of child process: %m");
        pidref_done(&pidref);
        return 0;
 }
--- a/src/mountfsd/mountfsd-manager.c
+++ b/src/mountfsd/mountfsd-manager.c
@ -15,7 +15,6 @@
 #include "log.h"
 #include "mountfsd-manager.h"
 #include "pidfd-util.h"
 #include "pidref.h"
 #include "process-util.h"
 #include "set.h"
 #include "signal-util.h"
@ -126,19 +125,19 @@ Manager* manager_free(Manager *m) {
 static int start_one_worker(Manager *m) {
        _cleanup_(sd_event_source_disable_unrefp) sd_event_source *source = NULL;
        bool fixed;
        pid_t pid;
        int r;
        assert(m);
        fixed = set_size(m->workers_fixed) < MOUNTFS_WORKERS_MIN;
-        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+        r = safe_fork_full(
        r = pidref_safe_fork_full(
                        "(sd-worker)",
                        /* stdio_fds= */ NULL,
                        &m->listen_fd, 1,
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_REOPEN_LOG|FORK_LOG|FORK_CLOSE_ALL_FDS,
-                        &pidref);
+                        &pid);
        if (r < 0)
                return log_error_errno(r, "Failed to fork new worker child: %m");
        if (r == 0) {
@ -159,7 +158,7 @@ static int start_one_worker(Manager *m) {
                        safe_close(m->listen_fd);
                }
-                r = setenvf("LISTEN_PID", /* overwrite= */ true, PID_FMT, pidref.pid);
+                r = setenvf("LISTEN_PID", /* overwrite= */ true, PID_FMT, pid);
                if (r < 0) {
                        log_error_errno(r, "Failed to set $LISTEN_PID: %m");
                        _exit(EXIT_FAILURE);
@ -195,9 +194,9 @@ static int start_one_worker(Manager *m) {
                _exit(EXIT_FAILURE);
        }
-        r = event_add_child_pidref(m->event, &source, &pidref, WEXITED, on_worker_exit, m);
+        r = sd_event_add_child(m->event, &source, pid, WEXITED, on_worker_exit, m);
        if (r < 0)
-                return log_error_errno(r, "Failed to watch child " PID_FMT ": %m", pidref.pid);
+                return log_error_errno(r, "Failed to watch child " PID_FMT ": %m", pid);
        r = set_ensure_put(
                        fixed ? &m->workers_fixed : &m->workers_dynamic,
--- a/src/nspawn/nspawn-network.c
+++ b/src/nspawn/nspawn-network.c
@ -513,10 +513,7 @@ static int netns_fork_and_wait(int netns_fd, int *ret_original_netns_fd) {
        assert(netns_fd >= 0);
-        r = pidref_safe_fork(
+        r = safe_fork("(sd-netns)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE, NULL);
                        "(sd-netns)",
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE,
                        /* ret= */ NULL);
        if (r < 0)
                return log_error_errno(r, "Failed to fork process (sd-netns): %m");
        if (r == 0) {
--- a/src/nsresourced/nsresourced-manager.c
+++ b/src/nsresourced/nsresourced-manager.c
@ -22,7 +22,6 @@
 #include "nsresourced-manager.h"
 #include "parse-util.h"
 #include "pidfd-util.h"
 #include "pidref.h"
 #include "process-util.h"
 #include "recurse-dir.h"
 #include "set.h"
@ -163,19 +162,19 @@ static size_t manager_current_workers(Manager *m) {
 static int start_one_worker(Manager *m) {
        _cleanup_(sd_event_source_disable_unrefp) sd_event_source *source = NULL;
        bool fixed;
        pid_t pid;
        int r;
        assert(m);
        fixed = set_size(m->workers_fixed) < NSRESOURCE_WORKERS_MIN;
-        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+        r = safe_fork_full(
        r = pidref_safe_fork_full(
                        "(sd-worker)",
                        /* stdio_fds= */ NULL,
                        &m->listen_fd, 1,
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_REOPEN_LOG|FORK_LOG|FORK_CLOSE_ALL_FDS,
-                        &pidref);
+                        &pid);
        if (r < 0)
                return log_error_errno(r, "Failed to fork new worker child: %m");
        if (r == 0) {
@ -196,7 +195,7 @@ static int start_one_worker(Manager *m) {
                        safe_close(m->listen_fd);
                }
-                r = setenvf("LISTEN_PID", /* overwrite= */ true, PID_FMT, pidref.pid);
+                r = setenvf("LISTEN_PID", /* overwrite= */ true, PID_FMT, pid);
                if (r < 0) {
                        log_error_errno(r, "Failed to set $LISTEN_PID: %m");
                        _exit(EXIT_FAILURE);
@ -244,9 +243,9 @@ static int start_one_worker(Manager *m) {
                _exit(EXIT_FAILURE);
        }
-        r = event_add_child_pidref(m->event, &source, &pidref, WEXITED, on_worker_exit, m);
+        r = sd_event_add_child(m->event, &source, pid, WEXITED, on_worker_exit, m);
        if (r < 0)
-                return log_error_errno(r, "Failed to watch child " PID_FMT ": %m", pidref.pid);
+                return log_error_errno(r, "Failed to watch child " PID_FMT ": %m", pid);
        r = set_ensure_put(
                        fixed ? &m->workers_fixed : &m->workers_dynamic,
--- a/src/oom/test-oomd-util.c
+++ b/src/oom/test-oomd-util.c
@ -12,7 +12,6 @@
 #include "oomd-util.h"
 #include "parse-util.h"
 #include "path-util.h"
 #include "pidref.h"
 #include "process-util.h"
 #include "set.h"
 #include "tests.h"
@ -40,10 +39,11 @@ static int enter_cgroup_root_cached(void) {
        return saved_result;
 }
-static int fork_and_sleep(unsigned sleep_min, PidRef *ret) {
+static int fork_and_sleep(unsigned sleep_min) {
        pid_t pid;
        int r;
-        r = pidref_safe_fork("(test-oom-child)", FORK_LOG|FORK_DEATHSIG_SIGKILL, ret);
+        ASSERT_OK(r = safe_fork("(test-oom-child)", /* flags= */ 0, &pid));
        if (r == 0) {
                usec_t timeout = usec_add(now(CLOCK_MONOTONIC), sleep_min * USEC_PER_MINUTE);
                for (;;) {
@ -56,7 +56,7 @@ static int fork_and_sleep(unsigned sleep_min, PidRef *ret) {
                }
        }
-        return r;
+        return pid;
 }
 TEST(oomd_cgroup_kill) {
@ -81,12 +81,12 @@ TEST(oomd_cgroup_kill) {
        /* Do this twice to also check the increment behavior on the xattrs */
        for (size_t i = 0; i < 2; i++) {
                _cleanup_free_ char *v = NULL;
-                _cleanup_(pidref_done) PidRef one = PIDREF_NULL, two = PIDREF_NULL;
+                pid_t pid[2];
-                ASSERT_OK(fork_and_sleep(5, &one));
+                for (size_t j = 0; j < 2; j++) {
-                ASSERT_OK(cg_attach(subcgroup, one.pid));
+                        pid[j] = fork_and_sleep(5);
-                ASSERT_OK(fork_and_sleep(5, &two));
+                        ASSERT_OK(cg_attach(subcgroup, pid[j]));
-                ASSERT_OK(cg_attach(subcgroup, two.pid));
+                }
                ASSERT_OK_POSITIVE(oomd_cgroup_kill(subcgroup, false /* recurse */, false /* dry run */));
--- a/src/quotacheck/quotacheck.c
+++ b/src/quotacheck/quotacheck.c
@ -99,10 +99,7 @@ static int run(int argc, char *argv[]) {
                        return log_oom();
        }
-        r = pidref_safe_fork(
+        r = safe_fork("(quotacheck)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_RLIMIT_NOFILE_SAFE|FORK_WAIT|FORK_LOG, NULL);
                        "(quotacheck)",
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_RLIMIT_NOFILE_SAFE|FORK_WAIT|FORK_LOG,
                        /* ret= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/remount-fs/remount-fs.c
+++ b/src/remount-fs/remount-fs.c
@ -15,7 +15,6 @@
 #include "main-func.h"
 #include "mount-setup.h"
 #include "path-util.h"
 #include "pidref.h"
 #include "process-util.h"
 #include "signal-util.h"
@ -43,17 +42,15 @@ static int track_pid(Hashmap **h, const char *path, pid_t pid) {
 }
 static int do_remount(const char *path, bool force_rw, Hashmap **pids) {
        pid_t pid;
        int r;
        assert(path);
        log_debug("Remounting %s...", path);
-        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+        r = safe_fork(force_rw ? "(remount-rw)" : "(remount)",
-        r = pidref_safe_fork(
+                      FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
                        force_rw ? "(remount-rw)" : "(remount)",
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG,
                        &pidref);
        if (r < 0)
                return r;
        if (r == 0) {
@ -68,7 +65,7 @@ static int do_remount(const char *path, bool force_rw, Hashmap **pids) {
        }
        /* Parent */
-        return track_pid(pids, path, pidref.pid);
+        return track_pid(pids, path, pid);
 }
 static int remount_by_fstab(Hashmap **ret_pids) {
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@ -6719,10 +6719,7 @@ static int partition_populate_filesystem(Context *context, Partition *p, const c
        (void) dlopen_libmount();
-        r = pidref_safe_fork(
+        r = safe_fork("(sd-copy)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE, NULL);
                        "(sd-copy)",
                        FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE,
                        /* ret= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/resolve/test-resolved-stream.c
+++ b/src/resolve/test-resolved-stream.c
@ -8,6 +8,7 @@
 #include <string.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
 #include <unistd.h>
 #include "sd-event.h"
@ -19,7 +20,6 @@
 #include "fd-util.h"
 #include "log.h"
 #include "path-util.h"
 #include "pidref.h"
 #include "process-util.h"
 #include "random-util.h"
 #include "resolved-dns-server.h"
@ -121,6 +121,7 @@ static void *tcp_dns_server(void *p) {
 * Spawns a DNS TLS server using the command line "openssl s_server" tool.
 */
 static void *tls_dns_server(void *p) {
        pid_t openssl_pid;
        int r;
        _cleanup_close_ int fd_server = -EBADF, fd_tls = -EBADF;
        _cleanup_free_ char *cert_path = NULL, *key_path = NULL;
@ -144,13 +145,12 @@ static void *tls_dns_server(void *p) {
                fd_tls = fd[1];
        }
-        _cleanup_(pidref_done) PidRef openssl_pidref = PIDREF_NULL;
+        r = safe_fork_full("(test-resolved-stream-tls-openssl)",
        r = ASSERT_OK(pidref_safe_fork_full(
                        "(test-resolved-stream-tls-openssl)",
                           (int[]) { fd_tls, fd_tls, STDOUT_FILENO },
                           NULL, 0,
                           FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_LOG|FORK_REOPEN_LOG,
-                        &openssl_pidref));
+                           &openssl_pid);
        assert_se(r >= 0);
        if (r == 0) {
                /* Child */
                execlp("openssl", "openssl", "s_server", "-accept", bind_str,
@ -165,8 +165,8 @@ static void *tls_dns_server(void *p) {
                /* Once the test is done kill the TLS server to release the port */
                assert_se(pthread_mutex_lock(server_lock) == 0);
-                assert_se(pidref_kill(&openssl_pidref, SIGTERM) >= 0);
+                assert_se(kill(openssl_pid, SIGTERM) >= 0);
-                assert_se(pidref_wait_for_terminate(&openssl_pidref, NULL) >= 0);
+                assert_se(waitpid(openssl_pid, NULL, 0) >= 0);
                assert_se(pthread_mutex_unlock(server_lock) == 0);
        }
@ -333,7 +333,7 @@ static int try_isolate_network(void) {
        /* First test if CLONE_NEWUSER/CLONE_NEWNET can actually work for us, i.e. we can open the namespaces
         * and then still access the build dir we are run from. We do that in a child process since it's
         * nasty if we have to go back from the namespace once we entered it and realized it cannot work. */
-        r = pidref_safe_fork("(usernstest)", FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT, NULL);
+        r = safe_fork("(usernstest)", FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT, NULL);
        if (r == 0) { /* child */
                _cleanup_free_ char *rt = NULL, *d = NULL;
--- a/src/shared/async.c
+++ b/src/shared/async.c
@ -149,7 +149,7 @@ int asynchronous_rm_rf(const char *p, RemoveFlags flags) {
        /* Forks off a child that destroys the specified path. This will be best effort only, i.e. the child
         * will attempt to do its thing, but we won't wait for it or check its success. */
-        r = pidref_safe_fork("(sd-rmrf)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DETACH, /* ret= */ NULL);
+        r = safe_fork("(sd-rmrf)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DETACH, NULL);
        if (r != 0)
                return r;
--- a/src/shared/discover-image.c
+++ b/src/shared/discover-image.c
@ -1155,12 +1155,12 @@ static int unprivileged_remove(Image *i) {
        if (r < 0)
                return r;
        /* Fork off child that moves into userns and does the copying */
-        r = pidref_safe_fork_full(
+        r = safe_fork_full(
                        "rm-tree",
                        /* stdio_fds= */ NULL,
                        (int[]) { userns_fd, tree_fd, }, 2,
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_REOPEN_LOG,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r < 0)
                return log_debug_errno(r, "Process that was supposed to remove tree failed: %m");
        if (r == 0) {
@ -1508,12 +1508,12 @@ static int unpriviled_clone(Image *i, const char *new_path) {
                return r;
        /* Fork off child that moves into userns and does the copying */
-        r = pidref_safe_fork_full(
+        r = safe_fork_full(
                        "clone-tree",
                        /* stdio_fds= */ NULL,
                        (int[]) { userns_fd, tree_fd, target_fd }, 3,
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_REOPEN_LOG,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r < 0)
                return log_debug_errno(r, "Process that was supposed to clone tree failed: %m");
        if (r == 0) {
--- a/src/shared/edit-util.c
+++ b/src/shared/edit-util.c
@ -313,10 +313,7 @@ static int run_editor(const EditFileContext *context) {
        assert(context);
-        r = pidref_safe_fork(
+        r = safe_fork("(editor)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_RLIMIT_NOFILE_SAFE|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_LOG|FORK_WAIT, NULL);
                        "(editor)",
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_RLIMIT_NOFILE_SAFE|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_LOG|FORK_WAIT,
                        /* ret= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) { /* Child */
--- a/src/shared/elf-util.c
+++ b/src/shared/elf-util.c
@ -857,12 +857,12 @@ int parse_elf_object(
         * bound since the core files have an upper size limit. It's also not doing any
         * system call or interacting with the system in any way, besides reading from
         * the file descriptor and writing into these four pipes. */
-        r = pidref_safe_fork_full("(sd-parse-elf)",
+        r = safe_fork_full("(sd-parse-elf)",
-                           /* stdio_fds= */ NULL,
+                           NULL,
                           (int[]){ fd, error_pipe[1], return_pipe[1], package_metadata_pipe[1], dlopen_metadata_pipe[1] },
                           5,
                           FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE|FORK_NEW_USERNS|FORK_WAIT|FORK_REOPEN_LOG,
-                           /* ret= */ NULL);
+                           NULL);
        if (r < 0) {
                if (r == -EPROTO) { /* We should have the errno from the child, but don't clobber original error */
                        ssize_t k;
--- a/src/shared/journal-importer.h
+++ b/src/shared/journal-importer.h
@ -45,11 +45,11 @@ typedef struct JournalImporter {
 #define JOURNAL_IMPORTER_INIT(_fd) { .fd = (_fd), .iovw = {} }
 #define JOURNAL_IMPORTER_MAKE(_fd) (JournalImporter) JOURNAL_IMPORTER_INIT(_fd)
-void journal_importer_cleanup(JournalImporter *imp);
+void journal_importer_cleanup(JournalImporter *);
-int journal_importer_process_data(JournalImporter *imp);
+int journal_importer_process_data(JournalImporter *);
-int journal_importer_push_data(JournalImporter *imp, const char *data, size_t size);
+int journal_importer_push_data(JournalImporter *, const char *data, size_t size);
-void journal_importer_drop_iovw(JournalImporter *imp);
+void journal_importer_drop_iovw(JournalImporter *);
-bool journal_importer_eof(const JournalImporter *imp);
+bool journal_importer_eof(const JournalImporter *);
 static inline size_t journal_importer_bytes_remaining(const JournalImporter *imp) {
        return imp->filled;
--- a/src/shared/mkfs-util.c
+++ b/src/shared/mkfs-util.c
@ -152,10 +152,7 @@ static int do_mcopy(const char *node, const char *root) {
        if (strv_extend(&argv, "::") < 0)
                return log_oom();
-        r = pidref_safe_fork(
+        r = safe_fork("(mcopy)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS, NULL);
                        "(mcopy)",
                        FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
                        /* ret= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
@ -686,13 +683,13 @@ int make_filesystem(
                log_debug("Executing mkfs command: %s", strna(j));
        }
-        r = pidref_safe_fork_full(
+        r = safe_fork_full(
                        "(mkfs)",
                        stdio_fds,
                        /* except_fds= */ NULL,
                        /* n_except_fds= */ 0,
                        fork_flags,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/shared/mount-util.c
+++ b/src/shared/mount-util.c
@ -1452,12 +1452,12 @@ int mount_fd_clone(int mount_fd, bool recursive, int *replacement_fd) {
                return log_debug_errno(errno, "Failed to open pipe: %m");
        /* Fork a child. Note that we set FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE here, i.e. get a new mount namespace */
-        r = pidref_safe_fork_full(
+        r = safe_fork_full(
                        "(sd-clonemnt)",
                        /* stdio_fds= */ NULL,
                        (int[]) { mount_fd, transfer_fds[1], errno_pipe_fds[1] }, 3,
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGKILL|FORK_REOPEN_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r < 0) {
                errno_pipe_fds[1] = safe_close(errno_pipe_fds[1]);
--- a/src/shared/pager.c
+++ b/src/shared/pager.c
@ -21,7 +21,7 @@
 #include "strv.h"
 #include "terminal-util.h"
-static PidRef pager_pidref = PIDREF_NULL;
+static pid_t pager_pid = 0;
 static int stored_stdout = -1;
 static int stored_stderr = -1;
@ -103,7 +103,7 @@ void pager_open(PagerFlags flags) {
        if (flags & PAGER_DISABLE)
                return;
-        if (pidref_is_set(&pager_pidref))
+        if (pager_pid > 0)
                return;
        if (terminal_is_dumb())
@ -150,10 +150,7 @@ void pager_open(PagerFlags flags) {
        }
        /* We set SIGINT as PR_DEATHSIG signal here, to match the "K" parameter we set in $LESS, which enables SIGINT behaviour. */
-        r = pidref_safe_fork(
+        r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGINT|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pager_pid);
                        "(pager)",
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGINT|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG,
                        &pager_pidref);
        if (r < 0)
                return;
        if (r == 0) {
@ -275,7 +272,7 @@ void pager_open(PagerFlags flags) {
 void pager_close(void) {
-        if (!pidref_is_set(&pager_pidref))
+        if (pager_pid <= 0)
                return;
        /* Inform pager that we are done */
@ -291,13 +288,15 @@ void pager_close(void) {
        stored_stderr = safe_close(stored_stderr);
        stdout_redirected = stderr_redirected = false;
-        (void) pidref_kill(&pager_pidref, SIGCONT);
+        (void) kill(pager_pid, SIGCONT);
-        (void) pidref_wait_for_terminate(&pager_pidref, /* ret_si= */ NULL);
+        _cleanup_(pidref_done) PidRef pidref = PIDREF_MAKE_FROM_PID(pager_pid);
-        pidref_done(&pager_pidref);
+        (void) pidref_set_pid(&pidref, pager_pid);
        (void) pidref_wait_for_terminate(&pidref, NULL);
        TAKE_PID(pager_pid);
 }
 bool pager_have(void) {
-        return pidref_is_set(&pager_pidref);
+        return pager_pid > 0;
 }
 int show_man_page(const char *desc, bool null_stdio) {
--- a/src/shutdown/shutdown.c
+++ b/src/shutdown/shutdown.c
@ -611,10 +611,7 @@ int main(int argc, char *argv[]) {
                        /* We cheat and exec kexec to avoid doing all its work */
                        log_info("Rebooting with kexec.");
-                        r = pidref_safe_fork(
+                        r = safe_fork("(sd-kexec)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL);
                                        "(sd-kexec)",
                                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT,
                                        /* ret= */ NULL);
                        if (r == 0) {
                                /* Child */
--- a/src/socket-activate/socket-activate.c
+++ b/src/socket-activate/socket-activate.c
@ -18,7 +18,6 @@
 #include "log.h"
 #include "main-func.h"
 #include "pidfd-util.h"
 #include "pidref.h"
 #include "pretty-print.h"
 #include "process-util.h"
 #include "socket-netlink.h"
@ -239,6 +238,7 @@ static int exec_process(char * const *argv, int start_fd, size_t n_fds) {
 static int fork_and_exec_process(char * const *argv, int fd) {
        _cleanup_free_ char *joined = NULL;
        pid_t child_pid;
        int r;
        assert(!strv_isempty(argv));
@ -248,11 +248,9 @@ static int fork_and_exec_process(char * const *argv, int fd) {
        if (!joined)
                return log_oom();
-        _cleanup_(pidref_done) PidRef child_pidref = PIDREF_NULL;
+        r = safe_fork("(activate)",
        r = pidref_safe_fork(
                        "(activate)",
                      FORK_RESET_SIGNALS | FORK_DEATHSIG_SIGTERM | FORK_RLIMIT_NOFILE_SAFE | FORK_LOG,
-                        &child_pidref);
+                      &child_pid);
        if (r < 0)
                return r;
        if (r == 0) {
@ -261,7 +259,7 @@ static int fork_and_exec_process(char * const *argv, int fd) {
                _exit(EXIT_FAILURE);
        }
-        log_info("Spawned '%s' as PID " PID_FMT ".", joined, child_pidref.pid);
+        log_info("Spawned '%s' as PID " PID_FMT ".", joined, child_pid);
        return 0;
 }
--- a/src/sysext/sysext.c
+++ b/src/sysext/sysext.c
@ -557,10 +557,7 @@ static int unmerge(
                return r;
        need_to_reload = r > 0;
-        r = pidref_safe_fork(
+        r = safe_fork("(sd-unmerge)", FORK_WAIT|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_NEW_MOUNTNS, /* ret_pid= */ NULL);
                        "(sd-unmerge)",
                        FORK_WAIT|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_NEW_MOUNTNS,
                        /* ret= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/systemctl/systemctl-daemon-reload.h
+++ b/src/systemctl/systemctl-daemon-reload.h
@ -3,6 +3,6 @@
 #include "systemctl.h"
-int daemon_reload(enum action action, bool graceful);
+int daemon_reload(enum action, bool graceful);
 int verb_daemon_reload(int argc, char *argv[], void *userdata);
--- a/src/systemctl/systemctl-preset-all.c
+++ b/src/systemctl/systemctl-preset-all.c
@ -27,8 +27,9 @@ int verb_preset_all(int argc, char *argv[], void *userdata) {
                r = unit_file_preset_all(arg_runtime_scope, unit_file_flags_from_args(), arg_root, arg_preset_mode, &changes, &n_changes);
                install_changes_dump(r, "preset", changes, n_changes, arg_quiet);
-                if (r < 0)
+
-                        return r;
+                if (r > 0)
                        r = 0;
        } else {
                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
--- a/src/systemctl/systemctl-start-special.c
+++ b/src/systemctl/systemctl-start-special.c
@ -26,6 +26,7 @@ static int load_kexec_kernel(void) {
        _cleanup_(boot_config_free) BootConfig config = BOOT_CONFIG_NULL;
        _cleanup_free_ char *kernel = NULL, *initrd = NULL, *options = NULL;
        const BootEntry *e;
        pid_t pid;
        int r;
        if (kexec_loaded()) {
@ -88,10 +89,7 @@ static int load_kexec_kernel(void) {
        if (arg_dry_run)
                return 0;
-        r = pidref_safe_fork(
+        r = safe_fork("(kexec)", FORK_WAIT|FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
                        "(kexec)",
                        FORK_WAIT|FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG,
                        /* ret= */ NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/systemd/sd-journal.h
+++ b/src/systemd/sd-journal.h
@ -104,9 +104,9 @@ int sd_journal_get_seqnum(sd_journal *j, uint64_t *ret_seqnum, sd_id128_t *ret_s
 int sd_journal_set_data_threshold(sd_journal *j, size_t sz);
 int sd_journal_get_data_threshold(sd_journal *j, size_t *sz);
-int sd_journal_get_data(sd_journal *j, const char *field, const void **ret_data, size_t *ret_size);
+int sd_journal_get_data(sd_journal *j, const char *field, const void **data, size_t *length);
-int sd_journal_enumerate_data(sd_journal *j, const void **ret_data, size_t *ret_size);
+int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *length);
-int sd_journal_enumerate_available_data(sd_journal *j, const void **ret_data, size_t *ret_size);
+int sd_journal_enumerate_available_data(sd_journal *j, const void **data, size_t *length);
 void sd_journal_restart_data(sd_journal *j);
 int sd_journal_add_match(sd_journal *j, const void *data, size_t size);
@ -120,20 +120,20 @@ int sd_journal_seek_monotonic_usec(sd_journal *j, sd_id128_t boot_id, uint64_t u
 int sd_journal_seek_realtime_usec(sd_journal *j, uint64_t usec);
 int sd_journal_seek_cursor(sd_journal *j, const char *cursor);
-int sd_journal_get_cursor(sd_journal *j, char **ret);
+int sd_journal_get_cursor(sd_journal *j, char **ret_cursor);
 int sd_journal_test_cursor(sd_journal *j, const char *cursor);
 int sd_journal_get_cutoff_realtime_usec(sd_journal *j, uint64_t *from, uint64_t *to);
-int sd_journal_get_cutoff_monotonic_usec(sd_journal *j, sd_id128_t boot_id, uint64_t *from, uint64_t *to);
+int sd_journal_get_cutoff_monotonic_usec(sd_journal *j, const sd_id128_t boot_id, uint64_t *from, uint64_t *to);
 int sd_journal_get_usage(sd_journal *j, uint64_t *ret_bytes);
 int sd_journal_query_unique(sd_journal *j, const char *field);
-int sd_journal_enumerate_unique(sd_journal *j, const void **ret_data, size_t *ret_size);
+int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_t *length);
-int sd_journal_enumerate_available_unique(sd_journal *j, const void **ret_data, size_t *ret_size);
+int sd_journal_enumerate_available_unique(sd_journal *j, const void **data, size_t *length);
 void sd_journal_restart_unique(sd_journal *j);
-int sd_journal_enumerate_fields(sd_journal *j, const char **ret);
+int sd_journal_enumerate_fields(sd_journal *j, const char **field);
 void sd_journal_restart_fields(sd_journal *j);
 int sd_journal_get_fd(sd_journal *j);
--- a/src/systemd/sd-json.h
+++ b/src/systemd/sd-json.h
@ -335,7 +335,7 @@ int sd_json_variant_strv(sd_json_variant *v, char ***ret);
 int sd_json_variant_unbase64(sd_json_variant *v, void **ret, size_t *ret_size);
 int sd_json_variant_unhex(sd_json_variant *v, void **ret, size_t *ret_size);
-const char* sd_json_variant_type_to_string(sd_json_variant_type_t i);
+const char* sd_json_variant_type_to_string(sd_json_variant_type_t t);
 sd_json_variant_type_t sd_json_variant_type_from_string(const char *s);
 static __inline__ int sd_json_format_enabled(sd_json_format_flags_t flags) {
--- a/src/test/test-argv-util.c
+++ b/src/test/test-argv-util.c
@ -63,7 +63,7 @@ static void test_rename_process_one(const char *p, int ret) {
        log_info("/* %s(%s) */", __func__, p);
-        r = ASSERT_OK(pidref_safe_fork("(rename)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret= */ NULL));
+        r = ASSERT_OK(safe_fork("(rename)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret_pid= */ NULL));
        if (r == 0) {
                /* child */
@ -80,7 +80,7 @@ TEST(rename_process_invalid) {
 TEST(rename_process_multi) {
        int r;
-        r = ASSERT_OK(pidref_safe_fork("(rename)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret= */ NULL));
+        r = ASSERT_OK(safe_fork("(rename)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret_pid= */ NULL));
        if (r == 0) {
                /* child */
--- a/src/test/test-async.c
+++ b/src/test/test-async.c
@ -42,10 +42,8 @@ TEST(asynchronous_close) {
        asynchronous_close(fd);
        wait_fd_closed(fd);
-        r = ASSERT_OK(pidref_safe_fork(
+        r = safe_fork("(subreaper)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT, NULL);
-                        "(subreaper)",
+        ASSERT_OK(r);
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT,
                        NULL));
        if (r == 0) {
                /* child */
@ -86,10 +84,8 @@ TEST(asynchronous_rm_rf) {
        /* Do this once more, from a subreaper. Which is nice, because we can watch the async child even
         * though detached */
-        r = ASSERT_OK(pidref_safe_fork(
+        r = safe_fork("(subreaper)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REOPEN_LOG|FORK_LOG|FORK_WAIT, NULL);
-                        "(subreaper)",
+        ASSERT_OK(r);
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REOPEN_LOG|FORK_LOG|FORK_WAIT,
                        NULL));
        if (r == 0) {
                _cleanup_free_ char *tt = NULL, *kk = NULL;
--- a/src/test/test-capability-util.c
+++ b/src/test/test-capability-util.c
@ -224,10 +224,8 @@ static void test_capability_get_ambient(void) {
        if (r <= 0)
                return (void) log_tests_skipped("Lacking CAP_LINUX_IMMUTABLE, skipping getambient test.");
-        r = ASSERT_OK(pidref_safe_fork(
+        r = safe_fork("(getambient)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG, NULL);
-                        "(getambient)",
+        ASSERT_OK(r);
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG,
                        NULL));
        if (r == 0) {
                int x, y;
--- a/src/test/test-env-util.c
+++ b/src/test/test-env-util.c
@ -494,7 +494,7 @@ TEST(setenv_systemd_exec_pid) {
 TEST(getenv_steal_erase) {
        int r;
-        r = pidref_safe_fork("(sd-getenvstealerase)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
+        r = safe_fork("(sd-getenvstealerase)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
        if (r == 0) {
                _cleanup_strv_free_ char **l = NULL;
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@ -17,7 +17,6 @@
 #include "cpu-set-util.h"
 #include "dropin.h"
 #include "errno-list.h"
 #include "event-util.h"
 #include "extract-word.h"
 #include "fd-util.h"
 #include "fileio.h"
@ -672,9 +671,11 @@ reenable:
 }
 static int on_spawn_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
-        PidRef *pidref = ASSERT_PTR(userdata);
+        pid_t *pid = userdata;
-        (void) pidref_kill(pidref, SIGKILL);
+        ASSERT_NOT_NULL(pid);
        (void) kill(*pid, SIGKILL);
        return 1;
 }
@ -699,6 +700,7 @@ static int find_libraries(const char *exec, char ***ret) {
        _cleanup_close_pair_ int outpipe[2] = EBADF_PAIR, errpipe[2] = EBADF_PAIR;
        _cleanup_strv_free_ char **libraries = NULL;
        _cleanup_free_ char *result = NULL;
        pid_t pid;
        int r;
        ASSERT_NOT_NULL(exec);
@ -707,13 +709,10 @@ static int find_libraries(const char *exec, char ***ret) {
        ASSERT_OK_ERRNO(pipe2(outpipe, O_NONBLOCK|O_CLOEXEC));
        ASSERT_OK_ERRNO(pipe2(errpipe, O_NONBLOCK|O_CLOEXEC));
-        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+        r = safe_fork_full("(spawn-ldd)",
        r = pidref_safe_fork_full(
                        "(spawn-ldd)",
                           (int[]) { -EBADF, outpipe[1], errpipe[1] },
                           NULL, 0,
-                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_LOG,
+                           FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_LOG, &pid);
                        &pidref);
        ASSERT_OK(r);
        if (r == 0) {
                execlp("ldd", "ldd", exec, NULL);
@ -726,12 +725,12 @@ static int find_libraries(const char *exec, char ***ret) {
        ASSERT_OK(sd_event_new(&e));
        ASSERT_OK(sd_event_add_time_relative(e, NULL, CLOCK_MONOTONIC,
-                                             10 * USEC_PER_SEC, USEC_PER_SEC, on_spawn_timeout, &pidref));
+                                             10 * USEC_PER_SEC, USEC_PER_SEC, on_spawn_timeout, &pid));
        ASSERT_OK(sd_event_add_io(e, &stdout_source, outpipe[0], EPOLLIN, on_spawn_io, &result));
        ASSERT_OK(sd_event_source_set_enabled(stdout_source, SD_EVENT_ONESHOT));
        ASSERT_OK(sd_event_add_io(e, &stderr_source, errpipe[0], EPOLLIN, on_spawn_io, NULL));
        ASSERT_OK(sd_event_source_set_enabled(stderr_source, SD_EVENT_ONESHOT));
-        ASSERT_OK(event_add_child_pidref(e, &sigchld_source, &pidref, WEXITED, on_spawn_exit, NULL));
+        ASSERT_OK(sd_event_add_child(e, &sigchld_source, pid, WEXITED, on_spawn_exit, NULL));
        /* Child exit should be processed after IO is complete */
        ASSERT_OK(sd_event_source_set_priority(sigchld_source, SD_EVENT_PRIORITY_NORMAL + 1));
@ -1465,8 +1464,7 @@ static void run_tests(RuntimeScope scope, char **patterns) {
 static int prepare_ns(const char *process_name) {
        int r;
-        r = pidref_safe_fork(
+        r = safe_fork(process_name,
                        process_name,
                      FORK_RESET_SIGNALS |
                      FORK_CLOSE_ALL_FDS |
                      FORK_DEATHSIG_SIGTERM |
--- a/src/test/test-fd-util.c
+++ b/src/test/test-fd-util.c
@ -157,9 +157,10 @@ TEST(fd_move_above_stdio) {
 }
 TEST(rearrange_stdio) {
        pid_t pid;
        int r;
-        r = pidref_safe_fork("rearrange", FORK_WAIT|FORK_LOG, NULL);
+        r = safe_fork("rearrange", FORK_WAIT|FORK_LOG, &pid);
        assert_se(r >= 0);
        if (r == 0) {
@ -334,28 +335,27 @@ static void test_close_all_fds_inner(int (*func)(const int except[], size_t n_ex
 }
 TEST(close_all_fds) {
        ForkFlags flags = FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT;
        int r;
-        r = ASSERT_OK(pidref_safe_fork("(caf-plain)", flags, NULL));
+        ASSERT_OK(r = safe_fork("(caf-plain)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
        if (r == 0) {
                test_close_all_fds_inner(close_all_fds);
                _exit(EXIT_SUCCESS);
        }
-        ASSERT_OK(r = pidref_safe_fork("(caf-nomalloc)", flags, NULL));
+        ASSERT_OK(r = safe_fork("(caf-nomalloc)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
        if (r == 0) {
                test_close_all_fds_inner(close_all_fds_without_malloc);
                _exit(EXIT_SUCCESS);
        }
-        ASSERT_OK(r = pidref_safe_fork("(caf-proc)", flags, NULL));
+        ASSERT_OK(r = safe_fork("(caf-proc)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
        if (r == 0) {
                test_close_all_fds_inner(close_all_fds_by_proc);
                _exit(EXIT_SUCCESS);
        }
-        ASSERT_OK(r = pidref_safe_fork("(caf-frugal)", flags, NULL));
+        ASSERT_OK(r = safe_fork("(caf-frugal)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
        if (r == 0) {
                test_close_all_fds_inner(close_all_fds_frugal);
                _exit(EXIT_SUCCESS);
--- a/src/test/test-mempress.c
+++ b/src/test/test-mempress.c
@ -12,12 +12,10 @@
 #include "bus-locator.h"
 #include "bus-wait-for-jobs.h"
 #include "event-util.h"
 #include "fd-util.h"
 #include "format-util.h"
 #include "hashmap.h"
 #include "path-util.h"
 #include "pidref.h"
 #include "process-util.h"
 #include "random-util.h"
 #include "rm-rf.h"
@ -200,6 +198,7 @@ TEST(real_pressure) {
        _cleanup_free_ char *scope = NULL;
        const char *object;
        int r;
        pid_t pid;
        r = sd_bus_open_system(&bus);
        if (r < 0)
@ -228,15 +227,14 @@ TEST(real_pressure) {
        assert_se(pipe2(pipe_fd, O_CLOEXEC) >= 0);
-        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+        r = safe_fork("(eat-memory)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM, &pid);
        r = pidref_safe_fork("(eat-memory)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM, &pidref);
        assert_se(r >= 0);
        if (r == 0) {
                real_pressure_eat_memory(pipe_fd[0]);
                _exit(EXIT_SUCCESS);
        }
-        assert_se(event_add_child_pidref(e, &cs, &pidref, WEXITED, real_pressure_child_callback, NULL) >= 0);
+        assert_se(sd_event_add_child(e, &cs, pid, WEXITED, real_pressure_child_callback, NULL) >= 0);
        assert_se(sd_event_source_set_child_process_own(cs, true) >= 0);
        assert_se(unsetenv("MEMORY_PRESSURE_WATCH") >= 0);
--- a/src/test/test-mkdir.c
+++ b/src/test/test-mkdir.c
@ -80,7 +80,7 @@ TEST(mkdir_p_safe) {
        p = mfree(p);
        ASSERT_NOT_NULL(p = path_join(tmp, "zero-mode/should-fail-to-create-child"));
        ASSERT_OK(mkdir_parents_safe(tmp, p, 0000, UID_INVALID, GID_INVALID, 0));
-        r = ASSERT_OK(pidref_safe_fork("(test-mkdir-no-cap)", FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG, NULL));
+        ASSERT_OK(r = safe_fork("(test-mkdir-no-cap)", FORK_DEATHSIG_SIGTERM | FORK_WAIT | FORK_LOG, NULL));
        if (r == 0) {
                (void) capability_bounding_set_drop(0, /* right_now= */ true);
                ASSERT_ERROR(mkdir_p_safe(tmp, p, 0000, UID_INVALID, GID_INVALID, 0), EACCES);
--- a/src/test/test-mount-util.c
+++ b/src/test/test-mount-util.c
@ -160,7 +160,7 @@ TEST(bind_remount_recursive) {
        assert_se(mkdir(subdir, 0755) >= 0);
        FOREACH_STRING(p, "/usr", "/sys", "/", tmp) {
-                r = ASSERT_OK(pidref_safe_fork("(bind-remount-recursive)", FORK_COMMON_FLAGS, NULL));
+                ASSERT_OK(r = safe_fork("(bind-remount-recursive)", FORK_COMMON_FLAGS, NULL));
                if (r == 0) { /* child */
                        struct statvfs svfs;
@ -196,7 +196,7 @@ TEST(bind_remount_one) {
        CHECK_PRIV;
-        r = ASSERT_OK(pidref_safe_fork("(remount-one-with-mountinfo)", FORK_COMMON_FLAGS, NULL));
+        ASSERT_OK(r = safe_fork("(remount-one-with-mountinfo)", FORK_COMMON_FLAGS, NULL));
        if (r == 0) { /* child */
                _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
@ -211,7 +211,7 @@ TEST(bind_remount_one) {
                _exit(EXIT_SUCCESS);
        }
-        r = ASSERT_OK(pidref_safe_fork("(remount-one)", FORK_COMMON_FLAGS, NULL));
+        ASSERT_OK(r = safe_fork("(remount-one)", FORK_COMMON_FLAGS, NULL));
        if (r == 0) { /* child */
                assert_se(bind_remount_one("/run", MS_RDONLY, MS_RDONLY) >= 0);
                assert_se(bind_remount_one("/run", MS_NOEXEC, MS_RDONLY|MS_NOEXEC) >= 0);
@ -291,7 +291,7 @@ TEST(make_mount_switch_root) {
        };
        FOREACH_ELEMENT(i, table) {
-                r = ASSERT_OK(pidref_safe_fork("(switch-root)", FORK_COMMON_FLAGS, NULL));
+                ASSERT_OK(r = safe_fork("(switch-root)", FORK_COMMON_FLAGS, NULL));
                if (r == 0) {
                        assert_se(make_mount_point(i->path) >= 0);
                        assert_se(mount_switch_root_full(i->path, /* mount_propagation_flag= */ 0, i->force_ms_move) >= 0);
@ -335,7 +335,7 @@ TEST(umount_recursive) {
        CHECK_PRIV;
        FOREACH_ELEMENT(t, test_table) {
-                r = ASSERT_OK(pidref_safe_fork("(umount-rec)", FORK_COMMON_FLAGS, NULL));
+                ASSERT_OK(r = safe_fork("(umount-rec)", FORK_COMMON_FLAGS, NULL));
                if (r == 0) { /* child */
                        _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
                        _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
@ -392,7 +392,7 @@ TEST(fd_make_mount_point) {
        assert_se(s);
        assert_se(mkdir(s, 0700) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(make-mount-point)", FORK_COMMON_FLAGS, NULL));
+        ASSERT_OK(r = safe_fork("(make-mount-point)", FORK_COMMON_FLAGS, NULL));
        if (r == 0) {
                _cleanup_close_ int fd = -EBADF, fd2 = -EBADF;
@ -423,7 +423,7 @@ TEST(bind_mount_submounts) {
        assert_se(mkdtemp_malloc(NULL, &a) >= 0);
        assert_se(mkdtemp_malloc(NULL, &b) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(bind-mount-submounts)", FORK_COMMON_FLAGS, NULL));
+        ASSERT_OK(r = safe_fork("(bind-mount-submounts)", FORK_COMMON_FLAGS, NULL));
        if (r == 0) {
                char *x;
@ -512,7 +512,7 @@ TEST(path_is_network_fs_harder) {
        _cleanup_(rm_rf_physical_and_freep) char *t = NULL;
        assert_se(mkdtemp_malloc("/tmp/test-mount-util.path_is_network_fs_harder.XXXXXXX", &t) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(path-is-network-fs-harder)", FORK_COMMON_FLAGS, NULL));
+        ASSERT_OK(r = safe_fork("(path-is-network-fs-harder)", FORK_COMMON_FLAGS, NULL));
        if (r == 0) {
                ASSERT_OK(mount_nofollow_verbose(LOG_INFO, "tmpfs", t, "tmpfs", 0, NULL));
                ASSERT_OK_ZERO(path_is_network_fs_harder(t));
@ -554,7 +554,7 @@ TEST(mount_fd_clone) {
        /* Set up a socket pair to transfer the mount fd from the child (in a different mountns) to us. */
        ASSERT_OK_ERRNO(socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, fds));
-        r = ASSERT_OK(pidref_safe_fork_full(
+        r = ASSERT_OK(safe_fork_full(
                        "(mount-fd-clone-setup)",
                        /* stdio_fds= */ NULL,
                        &fds[1], 1,
@ -588,7 +588,7 @@ TEST(mount_fd_clone) {
        _cleanup_free_ char *target = ASSERT_NOT_NULL(path_join(t, "target"));
        ASSERT_OK_ERRNO(mkdir(target, 0755));
-        r = ASSERT_OK(pidref_safe_fork_full(
+        r = ASSERT_OK(safe_fork_full(
                        "(mount-fd-clone-verify)",
                        /* stdio_fds= */ NULL,
                        &first_clone, 1,
--- a/src/test/test-namespace.c
+++ b/src/test/test-namespace.c
@ -220,7 +220,7 @@ TEST(protect_kernel_logs) {
        }
        ASSERT_OK(r);
-        r = ASSERT_OK(pidref_safe_fork("(protect)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret= */ NULL));
+        r = ASSERT_OK(safe_fork("(protect)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret_pid= */ NULL));
        if (r == 0) {
                _cleanup_close_ int fd = -EBADF;
--- a/src/test/test-nss-hosts.c
+++ b/src/test/test-nss-hosts.c
@ -490,7 +490,7 @@ static int run(int argc, char **argv) {
                /* Testing with several syscalls filtered, and check if the nss modules gracefully handle failures in
                 * masked syscalls. See issue #38582. */
-                r = ASSERT_OK(pidref_safe_fork("(with-seccomp)", FORK_LOG|FORK_WAIT, /* ret= */ NULL));
+                ASSERT_OK(r = safe_fork("(with-seccomp)", FORK_LOG | FORK_WAIT, /* ret_pid= */ NULL));
                if (r == 0) {
                        _cleanup_hashmap_free_ Hashmap *filter = NULL;
                        ASSERT_NOT_NULL(filter = hashmap_new(NULL));
--- a/src/test/test-path-util.c
+++ b/src/test/test-path-util.c
@ -475,10 +475,7 @@ static void test_find_executable_exec_one(const char *path) {
        if (path_is_absolute(path))
                ASSERT_STREQ(t, path);
-        r = ASSERT_OK(pidref_safe_fork(
+        r = ASSERT_OK(safe_fork("(find-exec)", FORK_LOG|FORK_DEATHSIG_SIGKILL|FORK_WAIT, /* ret_pid= */ NULL));
                        "(find-exec)",
                        FORK_LOG|FORK_DEATHSIG_SIGKILL|FORK_WAIT,
                        /* ret= */ NULL));
        if (r == 0) {
                r = fexecve_or_execve(fd, t, STRV_MAKE(t, "--version"), STRV_MAKE(NULL));
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@ -285,7 +285,7 @@ TEST(pid_get_cmdline_harder) {
        }
 #endif
-        r = ASSERT_OK(pidref_safe_fork("(cmdline)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret= */ NULL));
+        r = ASSERT_OK(safe_fork("(cmdline)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret_pid= */ NULL));
        if (r == 0) {
                r = detach_mount_namespace();
                if (r < 0) {
@ -573,7 +573,7 @@ TEST(getpid_cached) {
        ASSERT_EQ(a, b);
        ASSERT_EQ(a, c);
-        r = ASSERT_OK(pidref_safe_fork("(getpid)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret= */ NULL));
+        r = ASSERT_OK(safe_fork("(getpid)", FORK_WAIT|FORK_LOG|FORK_DEATHSIG_SIGKILL, /* ret_pid= */ NULL));
        if (r == 0) {
                /* In child */
@ -619,13 +619,12 @@ TEST(getpid_measure) {
        log_info("getpid_cached(): %lf μs each", (double) q / iterations);
 }
-TEST(pidref_safe_fork) {
+TEST(safe_fork) {
        _cleanup_(pidref_done) PidRef child = PIDREF_NULL;
        siginfo_t status;
        pid_t pid;
        int r;
-        r = pidref_safe_fork("(test-child)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_REOPEN_LOG, &child);
+        r = safe_fork("(test-child)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_REOPEN_LOG, &pid);
        ASSERT_OK(r);
        if (r == 0) {
@ -635,6 +634,9 @@ TEST(pidref_safe_fork) {
                _exit(88);
        }
        _cleanup_(pidref_done) PidRef child = PIDREF_NULL;
        ASSERT_OK(pidref_set_pid(&child, pid));
        ASSERT_OK(pidref_wait_for_terminate(&child, &status));
        ASSERT_EQ(status.si_code, CLD_EXITED);
        ASSERT_EQ(status.si_status, 88);
@ -708,10 +710,8 @@ TEST(ioprio_class_from_to_string) {
 TEST(setpriority_closest) {
        int r;
-        r = pidref_safe_fork(
+        r = safe_fork("(test-setprio)",
-                        "(test-setprio)",
+                      FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG, NULL);
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
                        NULL);
        ASSERT_OK(r);
        if (r == 0) {
@ -909,10 +909,7 @@ TEST(get_process_threads) {
        int r;
        /* Run this test in a child, so that we can guarantee there's exactly one thread around in the child */
-        r = pidref_safe_fork(
+        r = safe_fork("(nthreads)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG, NULL);
                        "(nthreads)",
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG,
                        NULL);
        ASSERT_OK(r);
        if (r == 0) {
@ -956,10 +953,8 @@ TEST(get_process_threads) {
 TEST(is_reaper_process) {
        int r;
-        r = ASSERT_OK(pidref_safe_fork(
+        r = safe_fork("(regular)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_WAIT, NULL);
-                        "(regular)",
+        ASSERT_OK(r);
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_WAIT,
                        NULL));
        if (r == 0) {
                /* child */
@ -967,10 +962,8 @@ TEST(is_reaper_process) {
                _exit(EXIT_SUCCESS);
        }
-        r = ASSERT_OK(pidref_safe_fork(
+        r = safe_fork("(newpid)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_WAIT, NULL);
-                        "(newpid)",
+        ASSERT_OK(r);
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_WAIT,
                        NULL));
        if (r == 0) {
                /* child */
@ -981,10 +974,8 @@ TEST(is_reaper_process) {
                        }
                }
-                r = ASSERT_OK(pidref_safe_fork(
+                r = safe_fork("(newpid1)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_WAIT, NULL);
-                                "(newpid1)",
+                ASSERT_OK(r);
                                FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_WAIT,
                                NULL));
                if (r == 0) {
                        /* grandchild, which is PID1 in a pidns */
                        ASSERT_OK_EQ(getpid_cached(), 1);
@ -995,10 +986,8 @@ TEST(is_reaper_process) {
                _exit(EXIT_SUCCESS);
        }
-        r = ASSERT_OK(pidref_safe_fork(
+        r = safe_fork("(subreaper)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_WAIT, NULL);
-                        "(subreaper)",
+        ASSERT_OK(r);
                        FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_WAIT,
                        NULL));
        if (r == 0) {
                /* child */
                ASSERT_OK(make_reaper_process(true));
--- a/src/test/test-reread-partition-table.c
+++ b/src/test/test-reread-partition-table.c
@ -26,13 +26,13 @@ static void sfdisk(const char *sfdisk_path, LoopDevice *loop, const char *defini
        _cleanup_close_ int memfd = memfd_new_and_seal("sfdisk", definition, SIZE_MAX);
        ASSERT_OK(memfd);
-        r = pidref_safe_fork_full(
+        r = safe_fork_full(
                        "(sfdisk)",
                        (int[]) { memfd, STDOUT_FILENO, STDERR_FILENO },
                        /* except_fds= */ NULL,
                        /* n_except_fds= */ 0,
                        FORK_CLOSE_ALL_FDS|FORK_RESET_SIGNALS|FORK_REARRANGE_STDIO|FORK_LOG|FORK_WAIT,
-                        /* ret= */ NULL);
+                        /* ret_pid= */ NULL);
        if (r == 0) {
                /* child */
                execl(sfdisk_path, "fdisk", "--no-tell-kernel", "--no-reread", loop->node, NULL);
--- a/src/test/test-rlimit-util.c
+++ b/src/test/test-rlimit-util.c
@ -155,10 +155,7 @@ TEST(pid_getrlimit) {
                assert_se(getrlimit(resource, &direct) >= 0);
                /* We fork off a child so that getrlimit() doesn't work anymore */
-                r = pidref_safe_fork(
+                r = safe_fork("(getrlimit)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT, /* ret_pid= */ NULL);
                                "(getrlimit)",
                                FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT,
                                /* ret= */ NULL);
                assert_se(r >= 0);
                if (r == 0) {
--- a/src/test/test-rm-rf.c
+++ b/src/test/test-rm-rf.c
@ -102,7 +102,7 @@ TEST(rm_rf_chmod) {
                /* This test only works unpriv (as only then the access mask for the owning user matters),
                 * hence drop privs here */
-                r = ASSERT_OK(pidref_safe_fork("(setresuid)", FORK_DEATHSIG_SIGTERM|FORK_WAIT, NULL));
+                ASSERT_OK(r = safe_fork("(setresuid)", FORK_DEATHSIG_SIGTERM|FORK_WAIT, NULL));
                if (r == 0) {
                        /* child */
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@ -197,7 +197,7 @@ TEST(filter_sets) {
                log_info("Testing %s", syscall_filter_sets[i].name);
-                r = ASSERT_OK(pidref_safe_fork("(filter_sets)", FORK_LOG|FORK_WAIT, NULL));
+                ASSERT_OK(r = safe_fork("(filter_sets)", FORK_LOG | FORK_WAIT, NULL));
                if (r == 0) {
                        int fd;
@ -295,7 +295,7 @@ TEST(restrict_namespace) {
        CHECK_SECCOMP(/* skip_container= */ false);
-        r = ASSERT_OK(pidref_safe_fork("(restrict-namespace)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(restrict-namespace)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                assert_se(seccomp_restrict_namespaces(CLONE_NEWNS|CLONE_NEWNET) >= 0);
@ -357,7 +357,7 @@ TEST(protect_sysctl) {
        if (!streq(seccomp, "0"))
                log_warning("Warning: seccomp filter detected, results may be unreliable for %s", __func__);
-        r = ASSERT_OK(pidref_safe_fork("(protect-sysctl)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(protect-sysctl)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
 #if defined __NR__sysctl && __NR__sysctl >= 0
                assert_se(syscall(__NR__sysctl, NULL) < 0);
@ -388,7 +388,7 @@ TEST(protect_syslog) {
        /* in containers syslog() is likely missing anyway */
        CHECK_SECCOMP(/* skip_container= */ true);
-        r = ASSERT_OK(pidref_safe_fork("(protect-syslog)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(protect-syslog)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
 #if defined __NR_syslog && __NR_syslog >= 0
                assert_se(syscall(__NR_syslog, -1, NULL, 0) < 0);
@ -411,7 +411,7 @@ TEST(restrict_address_families) {
        CHECK_SECCOMP(/* skip_container= */ false);
-        r = ASSERT_OK(pidref_safe_fork("(restrict-address-families)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(restrict-address-families)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                int fd;
                Set *s;
@ -488,7 +488,7 @@ TEST(restrict_realtime) {
        /* in containers RT privs are likely missing anyway */
        CHECK_SECCOMP(/* skip_container= */ true);
-        r = ASSERT_OK(pidref_safe_fork("(restrict-realtime)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(restrict-realtime)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                /* On some CI environments, the restriction may be already enabled. */
                if (sched_setscheduler(0, SCHED_FIFO, &(struct sched_param) { .sched_priority = 1 }) < 0) {
@ -542,7 +542,7 @@ TEST(memory_deny_write_execute_mmap) {
        return;
 #endif
-        r = ASSERT_OK(pidref_safe_fork("(memory_deny_write_execute_mmap)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(memory_deny_write_execute_mmap)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                void *p;
@ -606,7 +606,7 @@ TEST(memory_deny_write_execute_shmat) {
        shmid = shmget(IPC_PRIVATE, page_size(), 0);
        assert_se(shmid >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(memory-deny-write-execute)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(memory-deny-write-execute)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                void *p;
@ -648,7 +648,7 @@ TEST(restrict_archs) {
        CHECK_SECCOMP(/* skip_container= */ false);
-        r = ASSERT_OK(pidref_safe_fork("(restrict-archs)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(restrict-archs)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                _cleanup_set_free_ Set *s = NULL;
@ -675,7 +675,7 @@ TEST(load_syscall_filter_set_raw) {
        CHECK_SECCOMP(/* skip_container= */ false);
-        r = ASSERT_OK(pidref_safe_fork("(load-filter)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(load-filter)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                _cleanup_hashmap_free_ Hashmap *s = NULL;
@ -777,7 +777,7 @@ TEST(native_syscalls_filtered) {
        CHECK_SECCOMP(/* skip_container= */ false);
-        r = ASSERT_OK(pidref_safe_fork("(native-syscalls)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(native-syscalls)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                _cleanup_set_free_ Set *arch_s = NULL;
                _cleanup_hashmap_free_ Hashmap *s = NULL;
@ -830,7 +830,7 @@ TEST(lock_personality) {
        log_info("current personality=0x%lX", (unsigned long) safe_personality(PERSONALITY_INVALID));
        log_info("current opinionated personality=0x%lX", current_opinionated);
-        r = ASSERT_OK(pidref_safe_fork("(lock-personality)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(lock-personality)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                unsigned long current;
@ -900,7 +900,7 @@ TEST(restrict_suid_sgid) {
        CHECK_SECCOMP(/* skip_container= */ false);
-        r = ASSERT_OK(pidref_safe_fork("(suid-sgid)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(suid-sgid)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                char path[] = "/tmp/suidsgidXXXXXX", dir[] = "/tmp/suidsgiddirXXXXXX";
                int fd = -EBADF, k = -EBADF;
@ -1124,7 +1124,7 @@ TEST(seccomp_suppress_sync) {
        CHECK_SECCOMP(/* skip_container= */ false);
-        r = ASSERT_OK(pidref_safe_fork("(suppress-sync)", FORK_LOG|FORK_WAIT, NULL));
+        ASSERT_OK(r = safe_fork("(suppress-sync)", FORK_LOG | FORK_WAIT, NULL));
        if (r == 0) {
                test_seccomp_suppress_sync_child();
                _exit(EXIT_SUCCESS);
--- a/src/test/test-socket-util.c
+++ b/src/test/test-socket-util.c
@ -153,7 +153,8 @@ TEST(in_addr_is_multicast) {
 TEST(getpeercred_getpeergroups) {
        int r;
-        r = ASSERT_OK(pidref_safe_fork("(getpeercred)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
+        r = safe_fork("(getpeercred)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
        assert_se(r >= 0);
        if (r == 0) {
                static const gid_t gids[] = { 3, 4, 5, 6, 7 };
@ -219,7 +220,8 @@ TEST(passfd_read) {
        assert_se(socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(passfd_read)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
+        r = safe_fork("(passfd_read)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
        assert_se(r >= 0);
        if (r == 0) {
                /* Child */
@ -260,7 +262,8 @@ TEST(passfd_contents_read) {
        assert_se(socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(passfd_contents_read)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
+        r = safe_fork("(passfd_contents_read)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
        assert_se(r >= 0);
        if (r == 0) {
                /* Child */
@ -311,7 +314,8 @@ TEST(pass_many_fds_contents_read) {
        assert_se(socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(passfd_contents_read)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
+        r = safe_fork("(passfd_contents_read)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
        assert_se(r >= 0);
        if (r == 0) {
                /* Child */
@ -370,7 +374,7 @@ TEST(receive_nopassfd) {
        assert_se(socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(receive_nopassfd)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
+        r = safe_fork("(receive_nopassfd)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
        assert_se(r >= 0);
        if (r == 0) {
@ -406,7 +410,8 @@ TEST(send_nodata_nofd) {
        assert_se(socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(send_nodata_nofd)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
+        r = safe_fork("(send_nodata_nofd)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
        assert_se(r >= 0);
        if (r == 0) {
                /* Child */
@ -438,7 +443,8 @@ TEST(send_emptydata) {
        assert_se(socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) >= 0);
-        r = ASSERT_OK(pidref_safe_fork("(send_emptydata)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL));
+        r = safe_fork("(send_emptydata)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
        assert_se(r >= 0);
        if (r == 0) {
                /* Child */
--- a/src/test/test-terminal-util.c
+++ b/src/test/test-terminal-util.c
@ -385,8 +385,7 @@ TEST(terminal_new_session) {
        ASSERT_OK(pty_fd = openpt_allocate(O_RDWR|O_NOCTTY|O_CLOEXEC|O_NONBLOCK, NULL));
        ASSERT_OK(peer_fd = pty_open_peer(pty_fd, O_RDWR|O_NOCTTY|O_CLOEXEC));
-        r = pidref_safe_fork_full(
+        r = safe_fork_full("test-term-session",
                        "test-term-session",
                           (int[]) { peer_fd, peer_fd, peer_fd },
                           NULL, 0,
                           FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT|FORK_REARRANGE_STDIO,
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@ -30,7 +30,6 @@
 #include "main-func.h"
 #include "mkdir-label.h"
 #include "path-util.h"
 #include "pidref.h"
 #include "pretty-print.h"
 #include "process-util.h"
 #include "set.h"
@ -571,18 +570,18 @@ static int parse_argv(int argc, char *argv[]) {
 * and its own controlling terminal. If one of the tasks does handle a password, the remaining tasks will be
 * terminated.
 */
-static int ask_on_this_console(const char *tty, char **arguments, PidRef *ret) {
+static int ask_on_this_console(const char *tty, char **arguments, pid_t *ret_pid) {
        int r;
        assert(tty);
        assert(arguments);
-        assert(ret);
+        assert(ret_pid);
        assert_se(sigaction(SIGCHLD, &sigaction_nop_nocldstop, NULL) >= 0);
        assert_se(sigaction(SIGHUP, &sigaction_default, NULL) >= 0);
        assert_se(sigprocmask_many(SIG_UNBLOCK, NULL, SIGHUP, SIGCHLD) >= 0);
-        r = pidref_safe_fork("(sd-passwd)", FORK_RESET_SIGNALS|FORK_KEEP_NOTIFY_SOCKET|FORK_LOG, ret);
+        r = safe_fork("(sd-passwd)", FORK_RESET_SIGNALS|FORK_KEEP_NOTIFY_SOCKET|FORK_LOG, ret_pid);
        if (r < 0)
                return r;
        if (r == 0) {
@ -692,13 +691,13 @@ static int ask_on_consoles(char *argv[]) {
        /* Start an agent on each console. */
        STRV_FOREACH(tty, consoles) {
-                _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+                pid_t pid;
-                r = ask_on_this_console(*tty, arguments, &pidref);
+                r = ask_on_this_console(*tty, arguments, &pid);
                if (r < 0)
                        return r;
-                if (set_put(pids, PID_TO_PTR(pidref.pid)) < 0)
+                if (set_put(pids, PID_TO_PTR(pid)) < 0)
                        return log_oom();
        }
--- a/src/userdb/userdbd-manager.c
+++ b/src/userdb/userdbd-manager.c
@ -16,7 +16,6 @@
 #include "log.h"
 #include "mkdir.h"
 #include "pidfd-util.h"
 #include "pidref.h"
 #include "process-util.h"
 #include "set.h"
 #include "signal-util.h"
@ -144,19 +143,19 @@ static size_t manager_current_workers(Manager *m) {
 static int start_one_worker(Manager *m) {
        _cleanup_(sd_event_source_disable_unrefp) sd_event_source *source = NULL;
        bool fixed;
        pid_t pid;
        int r;
        assert(m);
        fixed = set_size(m->workers_fixed) < USERDB_WORKERS_MIN;
-        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+        r = safe_fork_full(
        r = pidref_safe_fork_full(
                        "(sd-worker)",
                        /* stdio_fds= */ NULL,
                        &m->listen_fd, 1,
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_REOPEN_LOG|FORK_LOG|FORK_CLOSE_ALL_FDS,
-                        &pidref);
+                        &pid);
        if (r < 0)
                return log_error_errno(r, "Failed to fork new worker child: %m");
        if (r == 0) {
@ -177,7 +176,7 @@ static int start_one_worker(Manager *m) {
                        safe_close(m->listen_fd);
                }
-                r = setenvf("LISTEN_PID", /* overwrite= */ true, PID_FMT, pidref.pid);
+                r = setenvf("LISTEN_PID", /* overwrite= */ true, PID_FMT, pid);
                if (r < 0) {
                        log_error_errno(r, "Failed to set $LISTEN_PID: %m");
                        _exit(EXIT_FAILURE);
@ -213,9 +212,9 @@ static int start_one_worker(Manager *m) {
                _exit(EXIT_FAILURE);
        }
-        r = event_add_child_pidref(m->event, &source, &pidref, WEXITED, on_worker_exit, m);
+        r = sd_event_add_child(m->event, &source, pid, WEXITED, on_worker_exit, m);
        if (r < 0)
-                return log_error_errno(r, "Failed to watch child " PID_FMT ": %m", pidref.pid);
+                return log_error_errno(r, "Failed to watch child " PID_FMT ": %m", pid);
        r = set_ensure_put(
                        fixed ? &m->workers_fixed : &m->workers_dynamic,
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@ -1274,7 +1274,7 @@ static int start_tpm(
        if (!argv)
                return log_oom();
-        r = pidref_safe_fork("(swtpm-setup)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, /* ret= */ NULL);
+        r = safe_fork("(swtpm-setup)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL);
        if (r == 0) {
                /* Child */
                execvp(argv[0], argv);
@ -1287,7 +1287,7 @@ static int start_tpm(
                strv_remove(argv, "--profile-name");
                strv_remove(argv, "default-v2");
-                r = pidref_safe_fork("(swtpm-setup)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, /* ret= */ NULL);
+                r = safe_fork("(swtpm-setup)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL);
                if (r == 0) {
                        /* Child */
                        execvp(argv[0], argv);
@ -1739,10 +1739,10 @@ static int generate_ssh_keypair(const char *key_path, const char *key_type) {
                log_debug("Executing: %s", joined);
        }
-        r = pidref_safe_fork(
+        r = safe_fork(
                        ssh_keygen,
                        FORK_WAIT|FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO,
-                        /* ret= */ NULL);
+                        NULL);
        if (r < 0)
                return r;
        if (r == 0) {