NEWS: add contributors for v244

xattr-util rework and addition of flistxattr_malloc() helper plus test

.mailmap

@@ -14,6 +14,7 @@ Arnd Bergmann <arnd@arndb.de>
 Atul Sabharwal <atul.sabharwal@intel.com>
 Bart Rulon <barron@lexmark.com>
 Bastien Nocera <hadess@hadess.net> <hadess@users.noreply.github.com>
+Baybal Ni <nikulinpi@gmail.com>
 Beniamino Galvani <bgalvani@redhat.com> <bengal@users.noreply.github.com>
 Bill Yodlowsky <bill@redhat.com> <itsbill@users.noreply.github.com>
 Brian Boylston <brian.boylston@hpe.com>
@@ -22,6 +23,7 @@ Chen Qi <Qi.Chen@windriver.com> <40684930+ChenQi1989@users.noreply.github.com>
 Christophe Varoqui <christophe.varoqui@free.fr>
 Colin Guthrie <ColinGuthrie@web>
 Daniel Elstner  <daniel.kitta@gmail.com> <danielk@openismus.com>
+Daniel Gorbea <danielgorbea@hotmail.com>
 Daniel J Walsh <dwalsh@redhat.com>
 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Daniel Machon <Danielmachon@live.dk>
@@ -85,6 +87,7 @@ Kay Sievers <kay@vrfy.org> <kay.sievers@vrfy.org>
 Kay Sievers <kay@vrfy.org> <kay@pim.off.vrfy.org>
 Kay Sievers <kay@vrfy.org> <kay@pim>
 Kay Sievers <kay@vrfy.org> <kay@yik.fritz.box>
+Kevin Becker <kevin@kevinbecker.org>
 Krzysztof Jackiewicz <k.jackiewicz@samsung.com> <kjackiewicz@users.noreply.github.com>
 Larry Bernstone <lbernstone@gmail.com>
 Lennart Poettering <lennart@poettering.net> <LennartPoettering@web>

NEWS

@@ -1,6 +1,6 @@
 systemd System and Service Manager
 
-CHANGES WITH 244 in spe:
+CHANGES WITH 244:
 
         * Support for the cpuset cgroups v2 controller has been added.
           Processes may be restricted to specific CPUs using the new
@@ -200,6 +200,30 @@ CHANGES WITH 244 in spe:
           for all services that should not be able to read from or write to the
           kernel log buffer, which are probably almost all.
 
+        Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint Reczey,
+        Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert, cbzxt,
+        Chen Qi, Chris Down, Christian Rebischke, Claudio Zumbo, ClydeByrdIII,
+        crashfistfight, Cyprien Laplace, Daniel Gorbea, Daniel Edgecumbe,
+        Daniel Rusek, Daniel Stuart, Dan Streetman, David Pedersen, David
+        Tardon, Dimitri John Ledkov, Dominique Martinet, Donald A. Cupp Jr,
+        Evgeny Vereshchagin, Fabian Henneke, Filipe Brandenburger, Franck Bui,
+        Frantisek Sumsal, Georg Müller, Hans de Goede, HATAYAMA Daisuke, Iwan
+        Timmer, Jan Janssen, Jan Kundrát, Jan Synacek, Jay Strict, Jérémy
+        Rosen, Jóhann B. Guðmundsson, Jonas Jelten, Jonas Thelemann, Justin
+        Trudell, Kai-Heng Feng, Kenneth D'souza, Kevin Kuehler, Kevin Becker,
+        Lennart Poettering, Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej
+        Stanczew, Mario Limonciello, Marko Myllynen, Mark Stosberg, Martin
+        Wilck, matthiasroos, Michael Biebl, Michael Olbrich, Michael Tretter,
+        Michal Sekletar, Michal Suchanek, Mike Kazantsev, Nicolas Douma,
+        Norbert Lange, pan93412, Pavel Hrdina, Peter Wu, Philip Withnall, Piotr
+        Drąg, Rafael Fontenelle, Renaud Métrich, Riccardo Schirone,
+        RoadrunnerWMC, Ronan Pigott, Ryan Attard, Sebastian Wick, Serge,
+        Siddharth Chandrasekara, Steve Traylen, Susant Sahani, Thibault Nélis,
+        Tim Teichmann, Tom Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo,
+        ypf791, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek
+
+        – Somewhere, 2019-11-22
+
 CHANGES WITH 243:
 
         * This release enables unprivileged programs (i.e. requiring neither

hwdb.d/60-sensor.hwdb

@@ -235,6 +235,10 @@ sensor:modalias:acpi:*KIOX000A*:dmi:*svn*CytrixTechnology:*pn*Complex11t*
 sensor:modalias:platform:HID-SENSOR-200073:dmi:*svnDell*:pnVostro5581:*
  ACCEL_LOCATION=base
 
+# Dell Venue 10 Pro 5055
+sensor:modalias:acpi:INVN6500*:dmi:*svnDell*:pnVenue10Pro5055*
+ ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, 1
+
 #########################################
 # DEXP
 #########################################

man/coredumpctl.xml

@@ -321,7 +321,7 @@
 
     <example>
       <title>Extract the last core dump of /usr/bin/bar to a file named
-      <filename noindex="true">bar.coredump</filename></title>
+      <filename index="false">bar.coredump</filename></title>
 
       <programlisting># coredumpctl -o bar.coredump dump /usr/bin/bar</programlisting>
     </example>

man/daemon.xml

@@ -102,7 +102,7 @@
 
         <listitem><para>In the daemon process, write the daemon PID
         (as returned by <function>getpid()</function>) to a PID file,
-        for example <filename>/run/foobar.pid</filename> (for a
+        for example <filename index='false'>/run/foobar.pid</filename> (for a
         hypothetical daemon "foobar") to ensure that the daemon cannot
         be started more than once. This must be implemented in
         race-free fashion so that the PID file is only updated when it

man/environment.d.xml

@@ -75,7 +75,7 @@
       <title>Example</title>
       <example>
         <title>Setup environment to allow access to a program installed in
-        <filename noindex='true'>/opt/foo</filename></title>
+        <filename index="false">/opt/foo</filename></title>
 
         <para><filename>/etc/environment.d/60-foo.conf</filename>:
         </para>

man/journal-upload.conf.xml

@@ -50,7 +50,7 @@
         <term><varname>URL=</varname></term>
 
         <listitem><para>The URL to upload the journal entries to. See the description
-        of <varname>--url=</varname> option in
+        of <option>--url=</option> option in
         <citerefentry><refentrytitle>systemd-journal-upload</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for the description of possible values. There is no default value, so either this
         option or the command-line option must be always present to make an upload.</para></listitem>

man/less-variables.xml

@@ -27,7 +27,7 @@
 
       <para>Users might want to change two options in particular:</para>
 
-      <variablelist class='environment-variables'>
+      <variablelist>
         <varlistentry>
           <term><option>K</option></term>
 

man/resolvectl.xml

@@ -53,13 +53,15 @@
     <variablelist>
 
       <varlistentry>
-        <term><option>query <replaceable>HOSTNAME|ADDRESS</replaceable>…</option></term>
+        <term><command>query</command> <replaceable>HOSTNAME|ADDRESS</replaceable>…</term>
 
         <listitem><para>Resolve domain names, IPv4 and IPv6 addresses.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term><option>service [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>] <replaceable>DOMAIN</replaceable></option></term>
+        <term><command>service</command>
+        [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>]
+        <replaceable>DOMAIN</replaceable></term>
 
         <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and
         <ulink url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of parameters.
@@ -71,7 +73,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>openpgp <replaceable>EMAIL@DOMAIN</replaceable>…</option></term>
+        <term><command>openpgp</command> <replaceable>EMAIL@DOMAIN</replaceable>…</term>
 
         <listitem><para>Query PGP keys stored as <ulink url="https://tools.ietf.org/html/rfc7929">OPENPGPKEY</ulink>
         resource records. Specified e-mail addresses are converted to the corresponding DNS domain name, and any
@@ -79,7 +81,9 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>tlsa [<replaceable>FAMILY</replaceable>] <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</option></term>
+        <term><command>tlsa</command>
+        [<replaceable>FAMILY</replaceable>]
+        <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</term>
 
         <listitem><para>Query TLS public keys stored as <ulink url="https://tools.ietf.org/html/rfc6698">TLSA</ulink>
         resource records. A query will be performed for each of the specified names prefixed with the port and family
@@ -89,28 +93,28 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>status [<replaceable>LINK</replaceable>…]</option></term>
+        <term><command>status</command> [<replaceable>LINK</replaceable>…]</term>
 
         <listitem><para>Shows the global and per-link DNS settings currently in effect. If no command is specified,
         this is the implied default.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term><option>statistics</option></term>
+        <term><command>statistics</command></term>
 
         <listitem><para>Shows general resolver statistics, including information whether DNSSEC is
         enabled and available, as well as resolution and validation statistics.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term><option>reset-statistics</option></term>
+        <term><command>reset-statistics</command></term>
 
-        <listitem><para>Resets the statistics counters shown in <option>statistics</option> to zero.
+        <listitem><para>Resets the statistics counters shown in <command>statistics</command> to zero.
         This operation requires root privileges.</para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term><option>flush-caches</option></term>
+        <term><command>flush-caches</command></term>
 
         <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly equivalent
         to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command>
@@ -118,7 +122,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>reset-server-features</option></term>
+        <term><command>reset-server-features</command></term>
 
         <listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures
         that the server feature probing logic is started from the beginning with the next look-up request. This is
@@ -127,46 +131,48 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>dns [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</option></term>
+        <term><command>dns</command> [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</term>
-        <term><option>domain [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
+        <term><command>domain</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term>
-        <term><option>default-route [<replaceable>LINK</replaceable> [<replaceable>BOOL</replaceable>…]]</option></term>
+        <term><command>default-route</command> [<replaceable>LINK</replaceable> [<replaceable>BOOL</replaceable>…]]</term>
-        <term><option>llmnr [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
+        <term><command>llmnr</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
-        <term><option>mdns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
+        <term><command>mdns</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
-        <term><option>dnssec [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
+        <term><command>dnssec</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
-        <term><option>dnsovertls [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
+        <term><command>dnsovertls</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
-        <term><option>nta [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
+        <term><command>nta</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term>
 
         <listitem>
-          <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS settings
+          <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
-          for network interfaces. These commands may be used to inform <command>systemd-resolved</command> or
+          settings for network interfaces. These commands may be used to inform
-          <command>systemd-networkd</command> about per-interface DNS configuration determined
+          <command>systemd-resolved</command> or <command>systemd-networkd</command> about per-interface DNS
-          through external means. The <option>dns</option> command expects IPv4 or IPv6 address specifications of DNS
+          configuration determined through external means. The <command>dns</command> command expects IPv4 or
-          servers to use. The <option>domain</option> command expects valid DNS domains, possibly prefixed with
+          IPv6 address specifications of DNS servers to use. The <command>domain</command> command expects
-          <literal>~</literal>, and configures a per-interface search or route-only domain. The
+          valid DNS domains, possibly prefixed with <literal>~</literal>, and configures a per-interface
-          <option>default-route</option> command expects a boolean parameter, and configures whether the link may be
+          search or route-only domain. The <command>default-route</command> command expects a boolean
-          used as default route for DNS lookups, i.e. if it is suitable for lookups on domains no other link explicitly
+          parameter, and configures whether the link may be used as default route for DNS lookups, i.e. if it
-          is configured for. The <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option> and
+          is suitable for lookups on domains no other link explicitly is configured for. The
-          <option>dnsovertls</option> commands may be used to configure the per-interface LLMNR, MulticastDNS, DNSSEC
+          <command>llmnr</command>, <command>mdns</command>, <command>dnssec</command> and
-          and DNSOverTLS settings. Finally, <option>nta</option> command may be used to configure additional
+          <command>dnsovertls</command> commands may be used to configure the per-interface LLMNR,
-          per-interface DNSSEC NTA domains.</para>
+          MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <command>nta</command> command may be used
+          to configure additional per-interface DNSSEC NTA domains.</para>
 
-          <para>Options <option>dns</option>, <option>domain</option> and <option>nta</option> can take
+          <para>Commands <command>dns</command>, <command>domain</command> and <command>nta</command> can take
           a single empty string argument to clear their respective value lists.</para>
 
-          <para>For details about these settings, their possible values and their effect, see the corresponding options in
+          <para>For details about these settings, their possible values and their effect, see the
+          corresponding settings in
           <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
-        <term><option>revert <replaceable>LINK</replaceable></option></term>
+        <term><command>revert <replaceable>LINK</replaceable></command></term>
 
         <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
-        per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
+        per-interface DNS setting are reset to their defaults, undoing all effects of <command>dns</command>,
-        <option>domain</option>, <option>default-route</option>, <option>llmnr</option>, <option>mdns</option>,
+        <command>domain</command>, <command>default-route</command>, <command>llmnr</command>,
-        <option>dnssec</option>, <option>dnsovertls</option>, <option>nta</option>. Note that when a network interface
+        <command>mdns</command>, <command>dnssec</command>, <command>dnsovertls</command>,
-        disappears all configuration is lost automatically, an explicit reverting is not necessary in that
+        <command>nta</command>. Note that when a network interface disappears all configuration is lost
-        case.</para></listitem>
+        automatically, an explicit reverting is not necessary in that case.</para></listitem>
       </varlistentry>
 
     </variablelist>

man/systemd-analyze.xml

@@ -348,8 +348,8 @@ DATAERR 65     BSD
     <refsect2>
       <title><command>systemd-analyze condition <replaceable>CONDITION</replaceable>...</command></title>
 
-      <para>This command will evaluate <varname noindex='true'>Condition*=...</varname> and
+      <para>This command will evaluate <varname index="false">Condition*=...</varname> and
-      <varname noindex='true'>Assert*=...</varname> assignments, and print their values, and
+      <varname index="false">Assert*=...</varname> assignments, and print their values, and
       the resulting value of the combined condition set. See
       <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
       for a list of available conditions and asserts.</para>
@@ -602,7 +602,7 @@ Service b@0.service not loaded, b.socket cannot be started.
       policy is not validated too.</para>
 
       <example>
-      <title>Analyze <filename noindex="true">systemd-logind.service</filename></title>
+      <title>Analyze <filename index="false">systemd-logind.service</filename></title>
 
       <programlisting>$ systemd-analyze security --no-pager systemd-logind.service
   NAME                DESCRIPTION                              EXPOSURE

man/systemd-cat.xml

@@ -140,7 +140,7 @@
     <example>
       <title>Invoke a program</title>
 
-      <para>This calls <filename noindex='true'>/bin/ls</filename>
+      <para>This calls <filename index="false">/bin/ls</filename>
       with standard output and error connected to the journal:</para>
 
       <programlisting># systemd-cat ls</programlisting>

man/systemd-cgtop.xml

@@ -42,7 +42,7 @@
 
     <para>If <command>systemd-cgtop</command> is not connected to a
     tty, no column headers are printed and the default is to only run
-    one iteration.  The <varname>--iterations=</varname> argument, if
+    one iteration. The <option>--iterations=</option> argument, if
     given, is honored. This mode is suitable for scripting.</para>
 
     <para>Resource usage is only accounted for control groups in the

man/systemd-fsck@.service.xml

@@ -51,7 +51,7 @@
     <para><filename>systemd-fsck</filename> does not know any details
     about specific filesystems, and simply executes file system
     checkers specific to each filesystem type
-    (<filename>/sbin/fsck.*</filename>). These checkers will decide if
+    (<filename>/sbin/fsck.<replaceable>type</replaceable></filename>). These checkers will decide if
     the filesystem should actually be checked based on the time since
     last check, number of mounts, unclean unmount, etc.</para>
 

man/systemd-makefs@.service.xml

@@ -51,7 +51,7 @@
     <para><filename>systemd-makefs</filename> knows very little about specific file
     systems and swap devices, and after checking that the block device does not already
     contain a file system or other content, it will execute binaries specific to
-    each filesystem type (<filename>/sbin/mkfs.*</filename>).</para>
+    each filesystem type (<filename>/sbin/mkfs.<replaceable>type</replaceable></filename>).</para>
 
     <para><filename>systemd-growfs</filename> knows very little about specific file
     systems and swap devices, and will instruct the kernel to grow the mounted

man/systemd-nspawn.xml

@@ -1366,7 +1366,7 @@
 # systemd-nspawn -bD /var/lib/machines/f&fedora_latest_version;</programlisting>
 
       <para>This installs a minimal Fedora distribution into the
-      directory <filename noindex='true'>/var/lib/machines/f&fedora_latest_version;</filename>
+      directory <filename index="false">/var/lib/machines/f&fedora_latest_version;</filename>
       and then boots an OS in a namespace container in it. Because the installation
       is located underneath the standard <filename>/var/lib/machines/</filename>
       directory, it is also possible to start the machine using

man/systemd.automount.xml

@@ -40,7 +40,7 @@
     are configured in the <literal>[Automount]</literal> section.</para>
 
     <para>Automount units must be named after the automount directories they control. Example: the automount point
-    <filename noindex='true'>/home/lennart</filename> must be configured in a unit file
+    <filename index="false">/home/lennart</filename> must be configured in a unit file
     <filename>home-lennart.automount</filename>. For details about the escaping logic used to convert a file system
     path to a unit name see
     <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Note that

man/systemd.device.xml

@@ -51,7 +51,7 @@
 
     <para>Device units are named after the <filename>/sys</filename>
     and <filename>/dev</filename> paths they control. Example: the
-    device <filename noindex='true'>/dev/sda5</filename> is exposed in
+    device <filename index="false">/dev/sda5</filename> is exposed in
     systemd as <filename>dev-sda5.device</filename>. For details about
     the escaping logic used to convert a file system path to a unit
     name see

man/systemd.exec.xml

@@ -356,11 +356,12 @@
         <para>Example: if a unit has the following,
         <programlisting>CapabilityBoundingSet=CAP_A CAP_B
 CapabilityBoundingSet=CAP_B CAP_C</programlisting>
-        then <constant>CAP_A</constant>, <constant>CAP_B</constant>, and <constant>CAP_C</constant> are set.
+        then <constant index='false'>CAP_A</constant>, <constant index='false'>CAP_B</constant>, and
-        If the second line is prefixed with <literal>~</literal>, e.g.,
+        <constant index='false'>CAP_C</constant> are set.  If the second line is prefixed with
+        <literal>~</literal>, e.g.,
         <programlisting>CapabilityBoundingSet=CAP_A CAP_B
 CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
-        then, only <constant>CAP_A</constant> is set.</para></listitem>
+        then, only <constant index='false'>CAP_A</constant> is set.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -994,8 +995,10 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
         <para>Example: if a system service unit has the following,
         <programlisting>RuntimeDirectory=foo/bar baz</programlisting>
         the service manager creates <filename>/run/foo</filename> (if it does not exist),
-        <filename>/run/foo/bar</filename>, and <filename>/run/baz</filename>. The directories
+
-        <filename>/run/foo/bar</filename> and <filename>/run/baz</filename> except <filename>/run/foo</filename> are
+        <filename index='false'>/run/foo/bar</filename>, and <filename index='false'>/run/baz</filename>. The
+        directories <filename index='false'>/run/foo/bar</filename> and
+        <filename index='false'>/run/baz</filename> except <filename index='false'>/run/foo</filename> are
         owned by the user and group specified in <varname>User=</varname> and <varname>Group=</varname>, and removed
         when the service is stopped.</para>
 

man/systemd.generator.xml

@@ -24,7 +24,7 @@
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>/path/to/generator</command>
+      <command index='false'>/path/to/generator</command>
       <arg choice="plain"><replaceable>normal-dir</replaceable></arg>
       <arg choice="plain"><replaceable>early-dir</replaceable></arg>
       <arg choice="plain"><replaceable>late-dir</replaceable></arg>

man/systemd.link.xml

@@ -709,7 +709,7 @@ ID_NET_LINK_FILE=/usr/lib/systemd/network/99-default.link
 </programlisting>
 
      <para>In this case, the interface was already renamed, so the <option>keep</option> policy specified as
-     the first option in <filename noindex='true'>99-default.link</filename> means that the existing name is
+     the first option in <filename index="false">99-default.link</filename> means that the existing name is
      preserved. If <option>keep</option> was removed, or if were in boot before the renaming has happened,
      we might get the following instead:</para>
 

man/systemd.mount.xml

@@ -60,7 +60,7 @@
     must be run as UID 0.</para>
 
     <para>Mount units must be named after the mount point directories they control. Example: the mount point <filename
-    noindex='true'>/home/lennart</filename> must be configured in a unit file <filename>home-lennart.mount</filename>.
+    index="false">/home/lennart</filename> must be configured in a unit file <filename>home-lennart.mount</filename>.
     For details about the escaping logic used to convert a file system path to a unit name, see
     <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.  Note that mount
     units cannot be templated, nor is possible to add multiple names to a mount unit by creating additional symlinks to

man/systemd.net-naming-scheme.xml

@@ -300,7 +300,7 @@
           again. Previously, this naming policy applied implicitly, and now it must be explicitly
           requested. Effectively, this means that network devices will be renamed according to the
           configuration, even if they have been renamed already, if <constant>keep</constant> is not
-          specified as the naming policy in the <filename noindex='true'>.link</filename> file. See
+          specified as the naming policy in the <filename index="false">.link</filename> file. See
           <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>
           for a description of <varname>NamePolicy=</varname>.</para></listitem>
         </varlistentry>
@@ -310,7 +310,7 @@
 
           <listitem><para><option>MACAddressPolicy=persistent</option> was extended to set MAC addresses
           based on the device name. Previously addresses were only based on the
-          <varname noindex='true'>ID_NET_NAME_*</varname> attributes, which meant that interface names would
+          <varname index="false">ID_NET_NAME_*</varname> attributes, which meant that interface names would
           never be generated for virtual devices. Now a persistent address will be generated for most
           devices, including in particular bridges.</para>
 

man/systemd.offline-updates.xml

@@ -35,13 +35,13 @@
       <listitem>
         <para>The package manager prepares system updates by downloading all (RPM or DEB or
         whatever) packages to update off-line in a special directory
-        <filename noindex="true">/var/lib/system-update</filename> (or
+        <filename index="false">/var/lib/system-update</filename> (or
         another directory of the package/upgrade manager's choice).</para>
       </listitem>
 
       <listitem>
         <para>When the user OK'ed the update, the symlink <filename>/system-update</filename> is
-        created that points to <filename noindex="true">/var/lib/system-update</filename> (or
+        created that points to <filename index="false">/var/lib/system-update</filename> (or
         wherever the directory with the upgrade files is located) and the system is rebooted. This
         symlink is in the root directory, since we need to check for it very early at boot, at a
         time where <filename>/var</filename> is not available yet.</para>
@@ -106,12 +106,12 @@
     <orderedlist>
       <listitem>
         <para>To make things a bit more robust we recommend hooking the update script into
-        <filename>system-update.target</filename> via a <filename noindex='true'>.wants/</filename>
+        <filename>system-update.target</filename> via a <filename index="false">.wants/</filename>
         symlink in the distribution package, rather than depending on <command>systemctl
         enable</command> in the postinst scriptlets of your package. More specifically, for your
         update script create a .service file, without [Install] section, and then add a symlink like
-        <filename noindex='true'>/usr/lib/systemd/system-update.target.wants/foobar.service</filename>
+        <filename index="false">/usr/lib/systemd/system-update.target.wants/foobar.service</filename>
-        → <filename noindex='true'>../foobar.service</filename> to your package.</para>
+        → <filename index="false">../foobar.service</filename> to your package.</para>
       </listitem>
 
       <listitem>
@@ -144,7 +144,7 @@
         <varname>Wants=system-update-pre.target</varname> and
         <varname>Before=system-update-pre.target</varname> and add a symlink
         to that file under
-        <filename noindex='true'>/usr/lib/systemd/system-update.target.wants</filename>
+        <filename index="false">/usr/lib/systemd/system-update.target.wants</filename>
         .</para>
       </listitem>
     </orderedlist>

man/systemd.resource-control.xml

@@ -91,7 +91,7 @@
       <variablelist>
 
         <varlistentry>
-          <term><option>CPU</option></term>
+          <term>CPU</term>
           <listitem>
             <para><varname>CPUWeight=</varname> and <varname>StartupCPUWeight=</varname> replace
             <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>, respectively.</para>
@@ -101,7 +101,7 @@
         </varlistentry>
 
         <varlistentry>
-          <term><option>Memory</option></term>
+          <term>Memory</term>
           <listitem>
             <para><varname>MemoryMax=</varname> replaces <varname>MemoryLimit=</varname>. <varname>MemoryLow=</varname>
             and <varname>MemoryHigh=</varname> are effective only on unified hierarchy.</para>
@@ -109,10 +109,11 @@
         </varlistentry>
 
         <varlistentry>
-          <term><option>IO</option></term>
+          <term>IO</term>
           <listitem>
-            <para><varname>IO</varname> prefixed settings are a superset of and replace <varname>BlockIO</varname>
+            <para><literal>IO</literal>-prefixed settings are a superset of and replace
-            prefixed ones. On unified hierarchy, IO resource control also applies to buffered writes.</para>
+            <literal>BlockIO</literal>-prefixed ones. On unified hierarchy, IO resource control also applies
+            to buffered writes.</para>
           </listitem>
         </varlistentry>
 

man/systemd.service.xml

@@ -574,8 +574,8 @@
       <varlistentry>
         <term><varname>TimeoutStopSec=</varname></term>
         <listitem><para>This option serves two purposes. First, it configures the time to wait for each
-        <constant>ExecStop=</constant> command. If any of them times out, subsequent <constant>ExecStop=</constant> commands
+        <varname>ExecStop=</varname> command. If any of them times out, subsequent <varname>ExecStop=</varname> commands
-        are skipped and the service will be terminated by <constant>SIGTERM</constant>. If no <constant>ExecStop=</constant>
+        are skipped and the service will be terminated by <constant>SIGTERM</constant>. If no <varname>ExecStop=</varname>
         commands are specified, the service gets the <constant>SIGTERM</constant> immediately. Second, it configures the time
         to wait for the service itself to stop. If it doesn't terminate in the specified time, it will be forcibly terminated
         by <constant>SIGKILL</constant> (see <varname>KillMode=</varname> in
@@ -1329,8 +1329,8 @@ WantedBy=multi-user.target</programlisting>
       <para><varname>Type=</varname><option>oneshot</option> are the
       only service units that may have more than one
       <varname>ExecStart=</varname> specified. For units with multiple
-      commands (<varname noindex="true">Type=oneshot</varname>), all commands will be run again.</para>
+      commands (<varname index="false">Type=oneshot</varname>), all commands will be run again.</para>
-      <para> For <varname noindex="true">Type=oneshot</varname>, <varname>Restart=</varname><option>always</option>
+      <para> For <varname index="false">Type=oneshot</varname>, <varname>Restart=</varname><option>always</option>
       and <varname>Restart=</varname><option>on-success</option> are <emphasis>not</emphasis> allowed.</para>
     </example>
 

man/systemd.swap.xml

@@ -54,7 +54,7 @@
     unit.</para>
 
     <para>Swap units must be named after the devices or files they control. Example: the swap device <filename
-    noindex='true'>/dev/sda5</filename> must be configured in a unit file <filename>dev-sda5.swap</filename>. For
+    index="false">/dev/sda5</filename> must be configured in a unit file <filename>dev-sda5.swap</filename>. For
     details about the escaping logic used to convert a file system path to a unit name, see
     <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Note that swap
     units cannot be templated, nor is possible to add multiple names to a swap unit by creating additional symlinks to

man/systemd.unit.xml

@@ -48,7 +48,7 @@
 <filename>/run/systemd/system/*</filename>
 <filename>/run/systemd/systemd.attached/*</filename>
 <filename>/run/systemd/generator/*</filename>
-<filename>…</filename>
+<filename index='false'>…</filename>
 <filename>/usr/lib/systemd/system/*</filename>
 <filename>/run/systemd/generator.late/*</filename></literallayout></para>
     </refsect2>
@@ -65,7 +65,7 @@
 <filename>/run/systemd/user/*</filename>
 <filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename>
 <filename>~/.local/share/systemd/user/*</filename>
-<filename>…</filename>
+<filename index='false'>…</filename>
 <filename>/usr/lib/systemd/user/*</filename>
 <filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename></literallayout></para>
     </refsect2>
@@ -246,7 +246,7 @@
     escaping is used, in order to map strings containing arbitrary byte values (except NUL) into valid unit names and
     their restricted character set. A common special case are unit names that reflect paths to objects in the file
     system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device with the device
-    node <filename noindex='true'>/dev/sda</filename> in the file system.</para>
+    node <filename index="false">/dev/sda</filename> in the file system.</para>
 
     <para>The escaping algorithm operates as follows: given a string, any <literal>/</literal> character is replaced by
     <literal>-</literal>, and all other characters which are not ASCII alphanumerics or <literal>_</literal> are
@@ -435,7 +435,7 @@
             <entry>Units of packages that have been installed in the home directory (<varname>$XDG_DATA_HOME</varname> is used if set, <filename>~/.local/share</filename> otherwise)</entry>
           </row>
           <row>
-            <entry><filename>$dir/systemd/user</filename> for each <varname noindex='true'>$dir</varname> in <varname>$XDG_DATA_DIRS</varname></entry>
+            <entry><filename>$dir/systemd/user</filename> for each <varname index="false">$dir</varname> in <varname>$XDG_DATA_DIRS</varname></entry>
             <entry>Additional locations for installed user units, one for each entry in <varname>$XDG_DATA_DIRS</varname></entry>
           </row>
           <row>
@@ -1026,8 +1026,8 @@
     <refsect2>
       <title>Conditions and Asserts</title>
 
-      <para>Unit files may also include a number of <varname noindex="true">Condition…=</varname> and
+      <para>Unit files may also include a number of <varname index="false">Condition…=</varname> and
-      <varname noindex="true">Assert…=</varname> settings. Before the unit is started, systemd will verify
+      <varname index="false">Assert…=</varname> settings. Before the unit is started, systemd will verify
       that the specified conditions are true. If not, the starting of the unit will be (mostly silently)
       skipped. Failing conditions will not result in the unit being moved into the <literal>failed</literal>
       state. The conditions are checked at the time the queued start job is to be executed. The ordering
@@ -1731,7 +1731,7 @@ Note that this setting is <emphasis>not</emphasis> influenced by the <varname>Us
           <row>
             <entry><literal>%L</literal></entry>
             <entry>Log directory root</entry>
-            <entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename noindex='true'>/log</filename> appended (for user managers).</entry>
+            <entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename index="false">/log</filename> appended (for user managers).</entry>
           </row>
           <row>
             <entry><literal>%m</literal></entry>

man/tmpfiles.d.xml

@@ -33,7 +33,7 @@
     <para><literallayout><filename>~/.config/user-tmpfiles.d/*.conf</filename>
 <filename>$XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf</filename>
 <filename>~/.local/share/user-tmpfiles.d/*.conf</filename>
-<filename>…</filename>
+<filename index='false'>…</filename>
 <filename>/usr/share/user-tmpfiles.d/*.conf</filename>
     </literallayout></para>
 
@@ -654,7 +654,7 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para>
             <row>
               <entry><literal>%L</literal></entry>
               <entry>System or user log directory</entry>
-              <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname> with <filename noindex='true'>/log</filename> appended, and <filename>/var/log</filename> otherwise.</entry>
+              <entry>In <option>--user</option> mode, this is the same as <varname>$XDG_CONFIG_HOME</varname> with <filename index="false">/log</filename> appended, and <filename>/var/log</filename> otherwise.</entry>
             </row>
             <row>
               <entry><literal>%m</literal></entry>

man/user@.service.xml

@@ -68,16 +68,16 @@
     different levels. As described in the previous section, <filename>user.slice</filename> contains
     processes of all users, so any resource limits on that slice apply to all users together. The
     usual way to configure them would be through drop-ins, e.g. <filename
-    noindex='true'>/etc/systemd/system/user.slice.d/resources.conf</filename>.
+    index="false">/etc/systemd/system/user.slice.d/resources.conf</filename>.
     </para>
 
     <para>The processes of a single user are collected under
     <filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user
     can be configured through drop-ins for that unit, e.g. <filename
-    noindex='true'>/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits
+    index="false">/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits
     should apply to all users instead, they may be configured through drop-ins for the truncated
     unit name, <filename>user-.slice</filename>. For example, configuration in <filename
-    noindex='true'>/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
+    index="false">/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
     <filename>user-<replaceable>UID</replaceable>.slice</filename> units, see
     <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
     for a discussion of the drop-in mechanism.</para>
@@ -141,20 +141,20 @@ Control group /:
 │       └─6706 /usr/bin/sleep 30
 …</programlisting>
       <para>User with UID 1000 is logged in using <command>gdm</command> (<filename
-      noindex='true'>session-4.scope</filename>) and
+      index="false">session-4.scope</filename>) and
       <citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-      (<filename noindex='true'>session-19.scope</filename>), and also has a user manager instance
+      (<filename index="false">session-19.scope</filename>), and also has a user manager instance
-      running (<filename noindex='true'>user@1000.service</filename>).  User with UID 1001 is logged
+      running (<filename index="false">user@1000.service</filename>).  User with UID 1001 is logged
-      in using <command>ssh</command> (<filename noindex='true'>session-20.scope</filename>) and
+      in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and
       also has a user manager instance running (<filename
-      noindex='true'>user@1001.service</filename>).  Those are all (leaf) system units, and form
+      index="false">user@1001.service</filename>).  Those are all (leaf) system units, and form
-      part of the slice hierarchy, with <filename noindex='true'>user-1000.slice</filename> and
+      part of the slice hierarchy, with <filename index="false">user-1000.slice</filename> and
-      <filename noindex='true'>user-1001.slice</filename> below <filename
+      <filename index="false">user-1001.slice</filename> below <filename
-      noindex='true'>user.slice</filename>.  User units are visible below the
+      index="false">user.slice</filename>.  User units are visible below the
       <filename>user@.service</filename> instances (<filename
-      noindex='true'>pulseaudio.service</filename>, <filename
+      index="false">pulseaudio.service</filename>, <filename
-      noindex='true'>gnome-terminal-server.service</filename>, <filename
+      index="false">gnome-terminal-server.service</filename>, <filename
-      noindex='true'>init.scope</filename>, <filename noindex='true'>sleep.service</filename>).
+      index="false">init.scope</filename>, <filename index="false">sleep.service</filename>).
       </para>
     </example>
 

src/basic/copy.c

@@ -20,6 +20,7 @@
 #include "macro.h"
 #include "missing_syscall.h"
 #include "mountpoint-util.h"
+#include "nulstr-util.h"
 #include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
@@ -913,63 +914,28 @@ int copy_times(int fdf, int fdt, CopyFlags flags) {
 }
 
 int copy_xattr(int fdf, int fdt) {
-        _cleanup_free_ char *bufa = NULL, *bufb = NULL;
+        _cleanup_free_ char *names = NULL;
-        size_t sza = 100, szb = 100;
+        int ret = 0, r;
-        ssize_t n;
-        int ret = 0;
         const char *p;
 
-        for (;;) {
+        r = flistxattr_malloc(fdf, &names);
-                bufa = malloc(sza);
+        if (r < 0)
-                if (!bufa)
+                return r;
-                        return -ENOMEM;
 
-                n = flistxattr(fdf, bufa, sza);
+        NULSTR_FOREACH(p, names) {
-                if (n == 0)
+                _cleanup_free_ char *value = NULL;
-                        return 0;
-                if (n > 0)
-                        break;
-                if (errno != ERANGE)
-                        return -errno;
 
-                sza *= 2;
+                if (!startswith(p, "user."))
+                        continue;
 
-                bufa = mfree(bufa);
+                r = fgetxattr_malloc(fdf, p, &value);
-        }
+                if (r == -ENODATA)
+                        continue; /* gone by now */
+                if (r < 0)
+                        return r;
 
-        p = bufa;
+                if (fsetxattr(fdt, p, value, r, 0) < 0)
-        while (n > 0) {
+                        ret = -errno;
-                size_t l;
-
-                l = strlen(p);
-                assert(l < (size_t) n);
-
-                if (startswith(p, "user.")) {
-                        ssize_t m;
-
-                        if (!bufb) {
-                                bufb = malloc(szb);
-                                if (!bufb)
-                                        return -ENOMEM;
-                        }
-
-                        m = fgetxattr(fdf, p, bufb, szb);
-                        if (m < 0) {
-                                if (errno == ERANGE) {
-                                        szb *= 2;
-                                        bufb = mfree(bufb);
-                                        continue;
-                                }
-
-                                return -errno;
-                        }
-
-                        if (fsetxattr(fdt, p, bufb, m, 0) < 0)
-                                ret = -errno;
-                }
-
-                p += l + 1;
-                n -= l + 1;
         }
 
         return ret;

src/basic/xattr-util.c

@@ -17,17 +17,23 @@
 #include "time-util.h"
 #include "xattr-util.h"
 
-int getxattr_malloc(const char *path, const char *name, char **value, bool allow_symlink) {
+int getxattr_malloc(
-        char *v;
+                const char *path,
-        size_t l;
+                const char *name,
-        ssize_t n;
+                char **ret,
+                bool allow_symlink) {
+
+        size_t l = 100;
 
         assert(path);
         assert(name);
-        assert(value);
+        assert(ret);
 
-        for (l = 100; ; l = (size_t) n + 1 /* extra byte to make sure this remains NUL suffixed */) {
+        for(;;) {
-                v = new0(char, l);
+                _cleanup_free_ char *v = NULL;
+                ssize_t n;
+
+                v = new0(char, l+1);
                 if (!v)
                         return -ENOMEM;
 
@@ -35,53 +41,64 @@ int getxattr_malloc(const char *path, const char *name, char **value, bool allow
                         n = lgetxattr(path, name, v, l);
                 else
                         n = getxattr(path, name, v, l);
-                if (n >= 0 && (size_t) n < l) {
+                if (n < 0) {
-                        *value = v;
+                        if (errno != ERANGE)
-                        return n;
+                                return -errno;
+                } else {
+                        v[n] = 0; /* NUL terminate */
+                        *ret = TAKE_PTR(v);
+                        return (int) n;
                 }
 
-                free(v);
-
-                if (n < 0 && errno != ERANGE)
-                        return -errno;
-
                 if (allow_symlink)
                         n = lgetxattr(path, name, NULL, 0);
                 else
                         n = getxattr(path, name, NULL, 0);
                 if (n < 0)
                         return -errno;
+                if (n > INT_MAX) /* We couldn't return this as 'int' anymore */
+                        return -E2BIG;
+
+                l = (size_t) n;
         }
 }
 
-int fgetxattr_malloc(int fd, const char *name, char **value) {
+int fgetxattr_malloc(
-        char *v;
+                int fd,
-        size_t l;
+                const char *name,
-        ssize_t n;
+                char **ret) {
+
+        size_t l = 100;
 
         assert(fd >= 0);
         assert(name);
-        assert(value);
+        assert(ret);
 
-        for (l = 100;; l = (size_t) n + 1 /* extra byte to make sure this remains NUL suffixed */) {
+        for (;;) {
-                v = new0(char, l);
+                _cleanup_free_ char *v = NULL;
+                ssize_t n;
+
+                v = new(char, l+1);
                 if (!v)
                         return -ENOMEM;
 
                 n = fgetxattr(fd, name, v, l);
-                if (n >= 0 && (size_t) n < l) {
+                if (n < 0) {
-                        *value = v;
+                        if (errno != ERANGE)
-                        return n;
+                                return -errno;
+                } else {
+                        v[n] = 0; /* NUL terminate */
+                        *ret = TAKE_PTR(v);
+                        return (int) n;
                 }
 
-                free(v);
-
-                if (n < 0 && errno != ERANGE)
-                        return -errno;
-
                 n = fgetxattr(fd, name, NULL, 0);
                 if (n < 0)
                         return -errno;
+                if (n > INT_MAX) /* We couldn't return this as 'int' anymore */
+                        return -E2BIG;
+
+                l = (size_t) n;
         }
 }
 
@@ -217,3 +234,37 @@ int fd_setcrtime(int fd, usec_t usec) {
 
         return 0;
 }
+
+int flistxattr_malloc(int fd, char **ret) {
+        size_t l = 100;
+
+        assert(fd >= 0);
+        assert(ret);
+
+        for (;;) {
+                _cleanup_free_ char *v = NULL;
+                ssize_t n;
+
+                v = new(char, l+1);
+                if (!v)
+                        return -ENOMEM;
+
+                n = flistxattr(fd, v, l);
+                if (n < 0) {
+                        if (errno != ERANGE)
+                                return -errno;
+                } else {
+                        v[n] = 0; /* NUL terminate */
+                        *ret = TAKE_PTR(v);
+                        return (int) n;
+                }
+
+                n = flistxattr(fd, NULL, 0);
+                if (n < 0)
+                        return -errno;
+                if (n > INT_MAX) /* We couldn't return this as 'int' anymore */
+                        return -E2BIG;
+
+                l = (size_t) n;
+        }
+}

src/basic/xattr-util.h

@@ -23,3 +23,5 @@ int fd_setcrtime(int fd, usec_t usec);
 int fd_getcrtime(int fd, usec_t *usec);
 int path_getcrtime(const char *p, usec_t *usec);
 int fd_getcrtime_at(int dirfd, const char *name, usec_t *usec, int flags);
+
+int flistxattr_malloc(int fd, char **ret);

src/test/test-copy.c

@@ -1,5 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
+#include <sys/xattr.h>
 #include <unistd.h>
 
 #include "alloc-util.h"
@@ -7,6 +8,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "hexdecoct.h"
 #include "log.h"
 #include "macro.h"
 #include "mkdir.h"
@@ -18,6 +20,7 @@
 #include "tmpfile-util.h"
 #include "user-util.h"
 #include "util.h"
+#include "xattr-util.h"
 
 static void test_copy_file(void) {
         _cleanup_free_ char *buf = NULL;
@@ -75,14 +78,16 @@ static void test_copy_file_fd(void) {
 }
 
 static void test_copy_tree(void) {
-        char original_dir[] = "/tmp/test-copy_tree/";
+        char original_dir[] = "/var/tmp/test-copy_tree/";
-        char copy_dir[] = "/tmp/test-copy_tree-copy/";
+        char copy_dir[] = "/var/tmp/test-copy_tree-copy/";
         char **files = STRV_MAKE("file", "dir1/file", "dir1/dir2/file", "dir1/dir2/dir3/dir4/dir5/file");
         char **links = STRV_MAKE("link", "file",
                                  "link2", "dir1/file");
-        char **p, **link;
         const char *unixsockp;
+        char **p, **link;
         struct stat st;
+        int xattr_worked = -1; /* xattr support is optional in temporary directories, hence use it if we can,
+                                * but don't fail if we can't */
 
         log_info("%s", __func__);
 
@@ -90,12 +95,19 @@ static void test_copy_tree(void) {
         (void) rm_rf(original_dir, REMOVE_ROOT|REMOVE_PHYSICAL);
 
         STRV_FOREACH(p, files) {
-                _cleanup_free_ char *f;
+                _cleanup_free_ char *f, *c;
+                int k;
 
                 assert_se(f = path_join(original_dir, *p));
 
                 assert_se(mkdir_parents(f, 0755) >= 0);
                 assert_se(write_string_file(f, "file", WRITE_STRING_FILE_CREATE) == 0);
+
+                assert_se(base64mem(*p, strlen(*p), &c) >= 0);
+
+                k = setxattr(f, "user.testxattr", c, strlen(c), 0);
+                assert_se(xattr_worked < 0 || ((k >= 0) == !!xattr_worked));
+                xattr_worked = k >= 0;
         }
 
         STRV_FOREACH_PAIR(link, p, links) {
@@ -114,14 +126,25 @@ static void test_copy_tree(void) {
         assert_se(copy_tree(original_dir, copy_dir, UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_MERGE) == 0);
 
         STRV_FOREACH(p, files) {
-                _cleanup_free_ char *buf, *f;
+                _cleanup_free_ char *buf, *f, *c = NULL;
                 size_t sz;
+                int k;
 
                 assert_se(f = path_join(copy_dir, *p));
 
                 assert_se(access(f, F_OK) == 0);
                 assert_se(read_full_file(f, &buf, &sz) == 0);
                 assert_se(streq(buf, "file\n"));
+
+                k = getxattr_malloc(f, "user.testxattr", &c, false);
+                assert_se(xattr_worked < 0 || ((k >= 0) == !!xattr_worked));
+
+                if (k >= 0) {
+                        _cleanup_free_ char *d = NULL;
+
+                        assert_se(base64mem(*p, strlen(*p), &d) >= 0);
+                        assert_se(streq(d, c));
+                }
         }
 
         STRV_FOREACH_PAIR(link, p, links) {

tools/make-directive-index.py

@@ -187,10 +187,13 @@ def _extract_directives(directive_groups, formatting, page):
                              storvar if klass else storopt)):
             for name in variablelist.iterfind(xpath):
                 text = re.sub(r'([= ]).*', r'\1', name.text).rstrip()
+                if text.startswith('-'):
+                    # for options, merge options with and without mandatory arg
+                    text = text.partition('=')[0]
                 stor[text].append((pagename, section))
                 if text not in formatting:
                     # use element as formatted display
-                    if name.text[-1] in '= ':
+                    if name.text[-1] in "= '":
                         name.clear()
                     else:
                         name.tail = ''
@@ -204,7 +207,7 @@ def _extract_directives(directive_groups, formatting, page):
         for name in t.iterfind(xpath):
             if absolute_only and not (name.text and name.text.startswith('/')):
                 continue
-            if name.attrib.get('noindex'):
+            if name.attrib.get('index') == 'false':
                 continue
             name.tail = ''
             if name.text:
@@ -228,7 +231,7 @@ def _extract_directives(directive_groups, formatting, page):
 
     storfile = directive_groups['constants']
     for name in t.iterfind('.//constant'):
-        if name.attrib.get('noindex'):
+        if name.attrib.get('index') == 'false':
             continue
         name.tail = ''
         if name.text.startswith('('): # a cast, strip it