2026-03-15 01:24:51 +01:00
41 changed files with 264 additions and 339 deletions
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@ -35,6 +35,21 @@
 #include "user-util.h"
 #include "xattr-util.h"
 /* The structure to pass to name_to_handle_at() on cgroupfs2 */
 typedef union {
        struct file_handle file_handle;
        uint8_t space[MAX_HANDLE_SZ];
 } cg_file_handle;
 #define CG_FILE_HANDLE_INIT                                     \
        (cg_file_handle) {                                      \
                .file_handle.handle_bytes = sizeof(uint64_t),   \
                .file_handle.handle_type = FILEID_KERNFS,       \
        }
 /* The .f_handle field is not aligned to 64bit on some archs, hence read it via an unaligned accessor */
 #define CG_FILE_HANDLE_CGROUPID(fh) unaligned_read_ne64(fh.file_handle.f_handle)
 int cg_is_available(void) {
        struct statfs fs;
@ -70,14 +85,7 @@ int cg_cgroupid_open(int cgroupfs_fd, uint64_t id) {
                cgroupfs_fd = fsfd;
        }
-        union {
+        cg_file_handle fh = CG_FILE_HANDLE_INIT;
                struct file_handle file_handle;
                uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
        } fh = {
                .file_handle.handle_bytes = sizeof(uint64_t),
                .file_handle.handle_type = FILEID_KERNFS,
        };
        unaligned_write_ne64(fh.file_handle.f_handle, id);
        return RET_NERRNO(open_by_handle_at(cgroupfs_fd, &fh.file_handle, O_DIRECTORY|O_CLOEXEC));
@ -104,6 +112,24 @@ int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret) {
        return 0;
 }
 int cg_get_cgroupid_at(int dfd, const char *path, uint64_t *ret) {
        cg_file_handle fh = CG_FILE_HANDLE_INIT;
        int mnt_id;
        assert(dfd >= 0 || (dfd == AT_FDCWD && path_is_absolute(path)));
        assert(ret);
        /* This is cgroupfs so we know the size of the handle, thus no need to loop around like
         * name_to_handle_at_loop() does in mountpoint-util.c */
        if (name_to_handle_at(dfd, strempty(path), &fh.file_handle, &mnt_id, isempty(path) ? AT_EMPTY_PATH : 0) < 0) {
                assert(errno != EOVERFLOW);
                return -errno;
        }
        *ret = CG_FILE_HANDLE_CGROUPID(fh);
        return 0;
 }
 int cg_enumerate_processes(const char *path, FILE **ret) {
        _cleanup_free_ char *fs = NULL;
        FILE *f;
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@ -125,6 +125,13 @@ int cg_path_open(const char *path);
 int cg_cgroupid_open(int cgroupfs_fd, uint64_t id);
 int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret);
 int cg_get_cgroupid_at(int dfd, const char *path, uint64_t *ret);
 static inline int cg_path_get_cgroupid(const char *path, uint64_t *ret) {
        return cg_get_cgroupid_at(AT_FDCWD, path, ret);
 }
 static inline int cg_fd_get_cgroupid(int fd, uint64_t *ret) {
        return cg_get_cgroupid_at(fd, NULL, ret);
 }
 typedef enum CGroupFlags {
        CGROUP_SIGCONT            = 1 << 0,
--- a/src/basic/mountpoint-util.c
+++ b/src/basic/mountpoint-util.c
@ -17,7 +17,6 @@
 #include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
 #include "unaligned.h"
 /* This is the original MAX_HANDLE_SZ definition from the kernel, when the API was introduced. We use that in place of
 * any more currently defined value to future-proof things: if the size is increased in the API headers, and our code
@ -64,11 +63,6 @@ int name_to_handle_at_loop(
         * This improves on raw name_to_handle_at() also in one other regard: ret_handle and ret_mnt_id can be passed
         * as NULL if there's no interest in either. */
        if (isempty(path)) {
                flags |= AT_EMPTY_PATH;
                path = "";
        }
        for (;;) {
                _cleanup_free_ struct file_handle *h = NULL;
                int mnt_id = -1;
@ -79,7 +73,7 @@ int name_to_handle_at_loop(
                h->handle_bytes = n;
-                if (name_to_handle_at(fd, path, h, &mnt_id, flags) >= 0) {
+                if (name_to_handle_at(fd, strempty(path), h, &mnt_id, flags) >= 0) {
                        if (ret_handle)
                                *ret_handle = TAKE_PTR(h);
@ -139,27 +133,6 @@ int name_to_handle_at_try_fid(
        return name_to_handle_at_loop(fd, path, ret_handle, ret_mnt_id, flags & ~AT_HANDLE_FID);
 }
 int name_to_handle_at_u64(int fd, const char *path, uint64_t *ret) {
        _cleanup_free_ struct file_handle *h = NULL;
        int r;
        assert(fd >= 0 || fd == AT_FDCWD);
        /* This provides the first 64bit of the file handle. */
        r = name_to_handle_at_loop(fd, path, &h, /* ret_mnt_id= */ NULL, /* flags= */ 0);
        if (r < 0)
                return r;
        if (h->handle_bytes < sizeof(uint64_t))
                return -EBADMSG;
        if (ret)
                /* Note, "struct file_handle" is 32bit aligned usually, but we need to read a 64bit value from it */
                *ret = unaligned_read_ne64(h->f_handle);
        return 0;
 }
 bool file_handle_equal(const struct file_handle *a, const struct file_handle *b) {
        if (a == b)
                return true;
--- a/src/basic/mountpoint-util.h
+++ b/src/basic/mountpoint-util.h
@ -36,13 +36,6 @@ bool is_name_to_handle_at_fatal_error(int err);
 int name_to_handle_at_loop(int fd, const char *path, struct file_handle **ret_handle, int *ret_mnt_id, int flags);
 int name_to_handle_at_try_fid(int fd, const char *path, struct file_handle **ret_handle, int *ret_mnt_id, int flags);
 int name_to_handle_at_u64(int fd, const char *path, uint64_t *ret);
 static inline int path_to_handle_u64(const char *path, uint64_t *ret) {
        return name_to_handle_at_u64(AT_FDCWD, path, ret);
 }
 static inline int fd_to_handle_u64(int fd, uint64_t *ret) {
        return name_to_handle_at_u64(fd, NULL, ret);
 }
 bool file_handle_equal(const struct file_handle *a, const struct file_handle *b);
--- a/src/basic/parse-util.c
+++ b/src/basic/parse-util.c
@ -63,7 +63,7 @@ int parse_tristate_full(const char *v, const char *third, int *ret) {
        return 0;
 }
-int parse_pid(const char *s, pid_t *ret) {
+int parse_pid(const char *s, pid_t* ret_pid) {
        unsigned long ul = 0;
        pid_t pid;
        int r;
@ -82,8 +82,8 @@ int parse_pid(const char *s, pid_t *ret) {
        if (!pid_is_valid(pid))
                return -ERANGE;
-        if (ret)
+        if (ret_pid)
-                *ret = pid;
+                *ret_pid = pid;
        return 0;
 }
--- a/src/basic/parse-util.h
+++ b/src/basic/parse-util.h
@ -10,7 +10,7 @@ int parse_tristate_full(const char *v, const char *third, int *ret);
 static inline int parse_tristate(const char *v, int *ret) {
        return parse_tristate_full(v, NULL, ret);
 }
-int parse_pid(const char *s, pid_t *ret);
+int parse_pid(const char *s, pid_t* ret_pid);
 int parse_mode(const char *s, mode_t *ret);
 int parse_ifindex(const char *s);
 int parse_mtu(int family, const char *s, uint32_t *ret);
--- a/src/basic/pidfd-util.c
+++ b/src/basic/pidfd-util.c
@ -1,5 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #include <linux/fs.h>
 #include <linux/magic.h>
 #include <sys/ioctl.h>
 #include <threads.h>
@ -235,10 +236,25 @@ int pidfd_get_inode_id_impl(int fd, uint64_t *ret) {
        assert(fd >= 0);
        /* Since kernel 6.14 (b3caba8f7a34a2bbaf45ffc6ff3a49b70afeb192), we can use name_to_handle_at(). */
        if (file_handle_supported) {
-                r = fd_to_handle_u64(fd, ret);
+                union {
-                if (r >= 0 || is_name_to_handle_at_fatal_error(r))
+                        struct file_handle file_handle;
                        uint8_t space[MAX_HANDLE_SZ];
                } fh = {
                        .file_handle.handle_bytes = sizeof(uint64_t),
                        .file_handle.handle_type = FILEID_KERNFS,
                };
                int mnt_id;
                r = RET_NERRNO(name_to_handle_at(fd, "", &fh.file_handle, &mnt_id, AT_EMPTY_PATH));
                if (r >= 0) {
                        if (ret)
                                /* Note, "struct file_handle" is 32bit aligned usually, but we need to read a 64bit value from it */
                                *ret = unaligned_read_ne64(fh.file_handle.f_handle);
                        return 0;
                }
                assert(r != -EOVERFLOW);
                if (is_name_to_handle_at_fatal_error(r))
                        return r;
                file_handle_supported = false;
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@ -34,7 +34,6 @@
 #include "ip-protocol-list.h"
 #include "limits-util.h"
 #include "manager.h"
 #include "mountpoint-util.h"
 #include "netlink-internal.h"
 #include "nulstr-util.h"
 #include "parse-util.h"
@ -2070,14 +2069,13 @@ static int unit_update_cgroup(
        uint64_t cgroup_id = 0;
        r = cg_get_path(crt->cgroup_path, /* suffix= */ NULL, &cgroup_full_path);
-        if (r < 0)
+        if (r == 0) {
-                log_unit_warning_errno(u, r, "Failed to get full cgroup path on cgroup %s, ignoring: %m", empty_to_root(crt->cgroup_path));
+                r = cg_path_get_cgroupid(cgroup_full_path, &cgroup_id);
        else {
                r = path_to_handle_u64(cgroup_full_path, &cgroup_id);
                if (r < 0)
                        log_unit_full_errno(u, ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
                                            "Failed to get cgroup ID of cgroup %s, ignoring: %m", cgroup_full_path);
-        }
+        } else
                log_unit_warning_errno(u, r, "Failed to get full cgroup path on cgroup %s, ignoring: %m", empty_to_root(crt->cgroup_path));
        crt->cgroup_id = cgroup_id;
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -2050,12 +2050,8 @@ static int apply_one_mount(
                        /* Hmm, either the source or the destination are missing. Let's see if we can create
                           the destination, then try again. */
-                        q = mkdir_parents(mount_entry_path(m), 0755);
+                        (void) mkdir_parents(mount_entry_path(m), 0755);
-                        if (q < 0 && q != -EEXIST)
+
                                // FIXME: this shouldn't be logged at LOG_WARNING, but be bubbled up, and logged there to avoid duplicate logging
                                log_warning_errno(q, "Failed to create parent directories of destination mount point node '%s', ignoring: %m",
                                                  mount_entry_path(m));
                        else {
                        q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755);
                        if (q < 0 && q != -EEXIST)
                                // FIXME: this shouldn't be logged at LOG_WARNING, but be bubbled up, and logged there to avoid duplicate logging
@ -2064,7 +2060,6 @@ static int apply_one_mount(
                        else
                                try_again = true;
                }
                }
                if (try_again)
                        r = mount_nofollow_verbose(LOG_DEBUG, what, mount_entry_path(m), NULL, MS_BIND|(rbind ? MS_REC : 0), NULL);
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@ -43,7 +43,6 @@
 #include "parse-util.h"
 #include "password-quality-util.h"
 #include "path-util.h"
 #include "plymouth-util.h"
 #include "pretty-print.h"
 #include "proc-cmdline.h"
 #include "prompt-util.h"
@ -111,10 +110,6 @@ static void print_welcome(int rfd, sd_varlink **mute_console_link) {
        assert(rfd >= 0);
        assert(mute_console_link);
        /* Needs to be called before mute_console or it will garble the screen */
        if (arg_welcome)
                (void) plymouth_hide_splash();
        if (!*mute_console_link && arg_mute_console)
                (void) mute_console(mute_console_link);
--- a/src/home/homectl.c
+++ b/src/home/homectl.c
@ -48,7 +48,6 @@
 #include "percent-util.h"
 #include "pidref.h"
 #include "pkcs11-util.h"
 #include "plymouth-util.h"
 #include "polkit-agent.h"
 #include "pretty-print.h"
 #include "proc-cmdline.h"
@ -2892,9 +2891,6 @@ static int create_interactively(void) {
                return 0;
        }
        /* Needs to be called before mute_console or it will garble the screen */
        (void) plymouth_hide_splash();
        _cleanup_(sd_varlink_flush_close_unrefp) sd_varlink *mute_console_link = NULL;
        (void) mute_console(&mute_console_link);
--- a/src/journal/fuzz-journald-native-fd.c
+++ b/src/journal/fuzz-journald-native-fd.c
@ -14,6 +14,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
        _cleanup_(manager_freep) Manager *m = NULL;
        _cleanup_close_ int sealed_fd = -EBADF, unsealed_fd = -EBADF;
        _cleanup_(unlink_tempfilep) char name[] = "/tmp/fuzz-journald-native-fd.XXXXXX";
        char *label = NULL;
        size_t label_len = 0;
        struct ucred ucred;
        struct timeval *tv = NULL;
@ -28,13 +30,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
                .uid = geteuid(),
                .gid = getegid(),
        };
-        (void) manager_process_native_file(m, sealed_fd, &ucred, tv, /* label= */ NULL);
+        (void) manager_process_native_file(m, sealed_fd, &ucred, tv, label, label_len);
        unsealed_fd = mkostemp_safe(name);
        assert_se(unsealed_fd >= 0);
        assert_se(write(unsealed_fd, data, size) == (ssize_t) size);
        assert_se(lseek(unsealed_fd, 0, SEEK_SET) == 0);
-        (void) manager_process_native_file(m, unsealed_fd, &ucred, tv, /* label= */ NULL);
+        (void) manager_process_native_file(m, unsealed_fd, &ucred, tv, label, label_len);
        return 0;
 }
--- a/src/journal/fuzz-journald-util.c
+++ b/src/journal/fuzz-journald-util.c
@ -33,5 +33,5 @@ void fuzz_journald_processing_function(
        _cleanup_(manager_freep) Manager *m = NULL;
        dummy_manager_new(&m, data, size);
-        f(m, m->buffer, size, /* ucred= */ NULL, /* tv= */ NULL, /* label= */ NULL);
+        f(m, m->buffer, size, /* ucred= */ NULL, /* tv= */ NULL, /* label= */ NULL, /* label_len= */ 0);
 }
--- a/src/journal/fuzz-journald-util.h
+++ b/src/journal/fuzz-journald-util.h
@ -9,7 +9,8 @@ typedef void (*journal_process_t)(
                size_t raw_len,
                const struct ucred *ucred,
                const struct timeval *tv,
-                const char *label);
+                const char *label,
                size_t label_len);
 void dummy_manager_new(Manager **ret, const uint8_t *buffer, size_t size);
--- a/src/journal/journald-context.c
+++ b/src/journal/journald-context.c
@ -176,6 +176,7 @@ static void client_context_reset(Manager *m, ClientContext *c) {
        c->invocation_id = SD_ID128_NULL;
        c->label = mfree(c->label);
        c->label_size = 0;
        c->extra_fields_iovec = mfree(c->extra_fields_iovec);
        c->extra_fields_n_iovec = 0;
@ -247,21 +248,26 @@ static void client_context_read_basic(ClientContext *c) {
 static int client_context_read_label(
                ClientContext *c,
-                const char *label) {
+                const char *label, size_t label_size) {
        int r;
        assert(c);
        assert(pid_is_valid(c->pid));
        assert(label_size == 0 || label);
        if (!mac_selinux_use())
                return 0;
-        if (label) {
+        if (label_size > 0) {
                char *l;
                /* If we got an SELinux label passed in it counts. */
-                r = free_and_strdup(&c->label, label);
+
-                if (r < 0)
+                l = newdup_suffix0(char, label, label_size);
                if (!l)
                        return -ENOMEM;
                free_and_replace(c->label, l);
                c->label_size = label_size;
        }
 #if HAVE_SELINUX
        else {
@ -269,8 +275,10 @@ static int client_context_read_label(
                /* If we got no SELinux label passed in, let's try to acquire one */
-                if (sym_getpidcon_raw(c->pid, &con) >= 0 && con)
+                if (sym_getpidcon_raw(c->pid, &con) >= 0 && con) {
                        free_and_replace(c->label, con);
                        c->label_size = strlen(c->label);
                }
        }
 #endif
@ -525,7 +533,7 @@ static void client_context_really_refresh(
                Manager *m,
                ClientContext *c,
                const struct ucred *ucred,
-                const char *label,
+                const char *label, size_t label_size,
                const char *unit_id,
                usec_t timestamp) {
@ -538,7 +546,7 @@ static void client_context_really_refresh(
        client_context_read_uid_gid(c, ucred);
        client_context_read_basic(c);
-        (void) client_context_read_label(c, label);
+        (void) client_context_read_label(c, label, label_size);
        (void) audit_session_from_pid(&PIDREF_MAKE_FROM_PID(c->pid), &c->auditid);
        (void) audit_loginuid_from_pid(&PIDREF_MAKE_FROM_PID(c->pid), &c->loginuid);
@ -562,7 +570,7 @@ void client_context_maybe_refresh(
                Manager *m,
                ClientContext *c,
                const struct ucred *ucred,
-                const char *label,
+                const char *label, size_t label_size,
                const char *unit_id,
                usec_t timestamp) {
@ -594,13 +602,13 @@ void client_context_maybe_refresh(
        if (ucred && gid_is_valid(ucred->gid) && c->gid != ucred->gid)
                goto refresh;
-        if (label && !streq_ptr(label, c->label))
+        if (label_size > 0 && (label_size != c->label_size || memcmp(label, c->label, label_size) != 0))
                goto refresh;
        return;
 refresh:
-        client_context_really_refresh(m, c, ucred, label, unit_id, timestamp);
+        client_context_really_refresh(m, c, ucred, label, label_size, unit_id, timestamp);
 }
 static void client_context_refresh_on_reload(Manager *m, ClientContext *c) {
@ -702,7 +710,7 @@ static int client_context_get_internal(
                Manager *m,
                pid_t pid,
                const struct ucred *ucred,
-                const char *label,
+                const char *label, size_t label_len,
                const char *unit_id,
                bool add_ref,
                ClientContext **ret) {
@ -730,7 +738,7 @@ static int client_context_get_internal(
                        c->n_ref++;
                }
-                client_context_maybe_refresh(m, c, ucred, label, unit_id, USEC_INFINITY);
+                client_context_maybe_refresh(m, c, ucred, label, label_len, unit_id, USEC_INFINITY);
                *ret = c;
                return 0;
@ -754,7 +762,7 @@ static int client_context_get_internal(
                c->in_lru = true;
        }
-        client_context_really_refresh(m, c, ucred, label, unit_id, USEC_INFINITY);
+        client_context_really_refresh(m, c, ucred, label, label_len, unit_id, USEC_INFINITY);
        *ret = c;
        return 0;
@ -764,22 +772,22 @@ int client_context_get(
                Manager *m,
                pid_t pid,
                const struct ucred *ucred,
-                const char *label,
+                const char *label, size_t label_len,
                const char *unit_id,
                ClientContext **ret) {
-        return client_context_get_internal(m, pid, ucred, label, unit_id, /* add_ref= */ false, ret);
+        return client_context_get_internal(m, pid, ucred, label, label_len, unit_id, false, ret);
 }
 int client_context_acquire(
                Manager *m,
                pid_t pid,
                const struct ucred *ucred,
-                const char *label,
+                const char *label, size_t label_len,
                const char *unit_id,
                ClientContext **ret) {
-        return client_context_get_internal(m, pid, ucred, label, unit_id, /* add_ref= */ true, ret);
+        return client_context_get_internal(m, pid, ucred, label, label_len, unit_id, true, ret);
 };
 ClientContext *client_context_release(Manager *m, ClientContext *c) {
@ -821,7 +829,7 @@ void client_context_acquire_default(Manager *m) {
                        .gid = getgid(),
                };
-                r = client_context_acquire(m, ucred.pid, &ucred, /* label= */ NULL, /* unit_id= */ NULL, &m->my_context);
+                r = client_context_acquire(m, ucred.pid, &ucred, NULL, 0, NULL, &m->my_context);
                if (r < 0)
                        log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
                                                    "Failed to acquire our own context, ignoring: %m");
@ -831,7 +839,7 @@ void client_context_acquire_default(Manager *m) {
                /* Acquire PID1's context, but only if we are in non-namespaced mode, since PID 1 is only
                 * going to log to the non-namespaced journal instance. */
-                r = client_context_acquire(m, 1, /* ucred= */ NULL, /* label= */ NULL, /* unit_id= */ NULL, &m->pid1_context);
+                r = client_context_acquire(m, 1, NULL, NULL, 0, NULL, &m->pid1_context);
                if (r < 0)
                        log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
                                                    "Failed to acquire PID1's context, ignoring: %m");
--- a/src/journal/journald-context.h
+++ b/src/journal/journald-context.h
@ -39,6 +39,7 @@ typedef struct ClientContext {
        sd_id128_t invocation_id;
        char *label;
        size_t label_size;
        int log_level_max;
@ -60,7 +61,7 @@ int client_context_get(
                Manager *m,
                pid_t pid,
                const struct ucred *ucred,
-                const char *label,
+                const char *label, size_t label_len,
                const char *unit_id,
                ClientContext **ret);
@ -68,7 +69,7 @@ int client_context_acquire(
                Manager *m,
                pid_t pid,
                const struct ucred *ucred,
-                const char *label,
+                const char *label, size_t label_len,
                const char *unit_id,
                ClientContext **ret);
@ -78,7 +79,7 @@ void client_context_maybe_refresh(
                Manager *m,
                ClientContext *c,
                const struct ucred *ucred,
-                const char *label,
+                const char *label, size_t label_size,
                const char *unit_id,
                usec_t timestamp);
--- a/src/journal/journald-kmsg.c
+++ b/src/journal/journald-kmsg.c
@ -85,23 +85,28 @@ void manager_forward_kmsg(
                log_debug_errno(errno, "Failed to write to /dev/kmsg for logging, ignoring: %m");
 }
-static bool is_us(const char *identifier, pid_t pid) {
+static bool is_us(const char *identifier, const char *pid) {
-        if (!identifier || !pid_is_valid(pid))
+        pid_t pid_num;
        if (!identifier || !pid)
                return false;
-        return pid == getpid_cached() &&
+        if (parse_pid(pid, &pid_num) < 0)
                return false;
        return pid_num == getpid_cached() &&
               streq(identifier, program_invocation_short_name);
 }
 void dev_kmsg_record(Manager *m, char *p, size_t l) {
-        _cleanup_free_ char *message = NULL, *syslog_identifier = NULL;
+        _cleanup_free_ char *message = NULL, *syslog_pid = NULL, *syslog_identifier = NULL, *identifier = NULL, *pid = NULL;
        struct iovec iovec[N_IOVEC_META_FIELDS + 7 + N_IOVEC_KERNEL_FIELDS + 2 + N_IOVEC_UDEV_FIELDS];
        char *kernel_device = NULL;
        unsigned long long usec;
        size_t n = 0, z = 0, j;
        int priority, r;
-        char *e, *k, syslog_pid[STRLEN("SYSLOG_PID=") + DECIMAL_STR_MAX(pid_t)];
+        char *e, *k;
        uint64_t serial;
        size_t pl;
        int saved_log_max_level = INT_MAX;
@ -279,9 +284,6 @@ void dev_kmsg_record(Manager *m, char *p, size_t l) {
        if (LOG_FAC(priority) == LOG_KERN)
                iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_IDENTIFIER=kernel");
        else {
                _cleanup_free_ char *identifier = NULL;
                pid_t pid;
                pl -= syslog_parse_identifier((const char**) &p, &identifier, &pid);
                /* Avoid logging any new messages when we're processing messages generated by ourselves via
@ -301,8 +303,9 @@ void dev_kmsg_record(Manager *m, char *p, size_t l) {
                                iovec[n++] = IOVEC_MAKE_STRING(syslog_identifier);
                }
-                if (pid_is_valid(pid)) {
+                if (pid) {
-                        xsprintf(syslog_pid, "SYSLOG_PID="PID_FMT, pid);
+                        syslog_pid = strjoin("SYSLOG_PID=", pid);
                        if (syslog_pid)
                                iovec[n++] = IOVEC_MAKE_STRING(syslog_pid);
                }
        }
--- a/src/journal/journald-manager.c
+++ b/src/journal/journald-manager.c
@ -56,7 +56,6 @@
 #include "process-util.h"
 #include "rm-rf.h"
 #include "set.h"
 #include "selinux-util.h"
 #include "signal-util.h"
 #include "socket-util.h"
 #include "stdio-util.h"
@ -1059,6 +1058,14 @@ static void manager_write_to_journal(
                iovec[n++] = IOVEC_MAKE_STRING(k);                      \
        }
 #define IOVEC_ADD_SIZED_FIELD(iovec, n, value, value_size, field)               \
        if (value_size > 0) {                                                   \
                char *k;                                                        \
                k = newa(char, STRLEN(field "=") + value_size + 1);             \
                *mempcpy_typesafe(stpcpy(k, field "="), value, value_size) = 0; \
                iovec[n++] = IOVEC_MAKE_STRING(k);                              \
        }
 static void manager_dispatch_message_real(
                Manager *m,
                struct iovec *iovec, size_t n, size_t mm,
@ -1094,7 +1101,7 @@ static void manager_dispatch_message_real(
                        cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
                IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->capability_quintet.effective, uint64_t, capability_is_set, "%" PRIx64, "_CAP_EFFECTIVE");
-                IOVEC_ADD_STRING_FIELD(iovec, n, c->label, "_SELINUX_CONTEXT");
+                IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
                IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
                IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
@ -1116,7 +1123,7 @@ static void manager_dispatch_message_real(
        assert(n <= mm);
-        if (pid_is_valid(object_pid) && client_context_get(m, object_pid, /* ucred= */ NULL, /* label= */ NULL, /* unit_id= */ NULL, &o) >= 0) {
+        if (pid_is_valid(object_pid) && client_context_get(m, object_pid, NULL, NULL, 0, NULL, &o) >= 0) {
                IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->pid, pid_t, pid_is_valid, PID_FMT, "OBJECT_PID");
                IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
@ -1129,7 +1136,7 @@ static void manager_dispatch_message_real(
                        cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
                IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->capability_quintet.effective, uint64_t, capability_is_set, "%" PRIx64, "OBJECT_CAP_EFFECTIVE");
-                IOVEC_ADD_STRING_FIELD(iovec, n, o->label, "OBJECT_SELINUX_CONTEXT");
+                IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
                IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
                IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
@ -1475,12 +1482,12 @@ int manager_process_datagram(
                uint32_t revents,
                void *userdata) {
-        size_t mm;
+        size_t label_len = 0, mm;
        Manager *m = ASSERT_PTR(userdata);
        struct ucred *ucred = NULL;
        struct timeval tv_buf, *tv = NULL;
        struct cmsghdr *cmsg;
-        _cleanup_free_ char *label = NULL;
+        char *label = NULL;
        struct iovec iovec;
        ssize_t n;
        int *fds = NULL, v = 0;
@ -1554,11 +1561,10 @@ int manager_process_datagram(
                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
                        assert(!ucred);
                        ucred = CMSG_TYPED_DATA(cmsg, struct ucred);
-                } else if (cmsg->cmsg_type == SCM_SECURITY && mac_selinux_use()) {
+                } else if (cmsg->cmsg_type == SCM_SECURITY) {
                        assert(!label);
-                        /* Here, we ignore any errors including OOM, as the field is optional. */
+                        label = CMSG_TYPED_DATA(cmsg, char);
-                        (void) make_cstring(CMSG_TYPED_DATA(cmsg, char), cmsg->cmsg_len - CMSG_LEN(0),
+                        label_len = cmsg->cmsg_len - CMSG_LEN(0);
                                            MAKE_CSTRING_ALLOW_TRAILING_NUL, &label);
                } else if (cmsg->cmsg_type == SCM_TIMESTAMP &&
                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) {
                        assert(!tv);
@ -1575,7 +1581,7 @@ int manager_process_datagram(
        if (fd == m->syslog_fd) {
                if (n > 0 && n_fds == 0)
-                        manager_process_syslog_message(m, m->buffer, n, ucred, tv, label);
+                        manager_process_syslog_message(m, m->buffer, n, ucred, tv, label, label_len);
                else if (n_fds > 0)
                        log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
                                              "Got file descriptors via syslog socket. Ignoring.");
@ -1585,9 +1591,9 @@ int manager_process_datagram(
        } else if (fd == m->native_fd) {
                if (n > 0 && n_fds == 0)
-                        manager_process_native_message(m, m->buffer, n, ucred, tv, label);
+                        manager_process_native_message(m, m->buffer, n, ucred, tv, label, label_len);
                else if (n == 0 && n_fds == 1)
-                        (void) manager_process_native_file(m, fds[0], ucred, tv, label);
+                        (void) manager_process_native_file(m, fds[0], ucred, tv, label, label_len);
                else if (n_fds > 0)
                        log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
                                              "Got too many file descriptors via native socket. Ignoring.");
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@ -98,7 +98,7 @@ static int manager_process_entry(
                ClientContext *context,
                const struct ucred *ucred,
                const struct timeval *tv,
-                const char *label) {
+                const char *label, size_t label_len) {
        /* Process a single entry from a native message. Returns 0 if nothing special happened and the message
         * processing should continue, and a negative or positive value otherwise.
@ -304,7 +304,7 @@ void manager_process_native_message(
                const char *buffer, size_t buffer_size,
                const struct ucred *ucred,
                const struct timeval *tv,
-                const char *label) {
+                const char *label, size_t label_len) {
        size_t remaining = buffer_size;
        ClientContext *context = NULL;
@ -314,7 +314,7 @@ void manager_process_native_message(
        assert(buffer || buffer_size == 0);
        if (ucred && pid_is_valid(ucred->pid)) {
-                r = client_context_get(m, ucred->pid, ucred, label, /* unit_id= */ NULL, &context);
+                r = client_context_get(m, ucred->pid, ucred, label, label_len, NULL, &context);
                if (r < 0)
                        log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
                                                    "Failed to retrieve credentials for PID " PID_FMT ", ignoring: %m",
@ -324,7 +324,7 @@ void manager_process_native_message(
        do {
                r = manager_process_entry(m,
                                         (const uint8_t*) buffer + (buffer_size - remaining), &remaining,
-                                         context, ucred, tv, label);
+                                         context, ucred, tv, label, label_len);
        } while (r == 0);
 }
@ -333,7 +333,7 @@ int manager_process_native_file(
                int fd,
                const struct ucred *ucred,
                const struct timeval *tv,
-                const char *label) {
+                const char *label, size_t label_len) {
        struct stat st;
        bool sealed;
@ -410,7 +410,7 @@ int manager_process_native_file(
                        return log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT,
                                                         "Failed to map memfd: %m");
-                manager_process_native_message(m, p, st.st_size, ucred, tv, label);
+                manager_process_native_message(m, p, st.st_size, ucred, tv, label, label_len);
                assert_se(munmap(p, ps) >= 0);
                return 0;
@ -451,7 +451,7 @@ int manager_process_native_file(
                return log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT,
                                                 "Failed to read file: %m");
        if (n > 0)
-                manager_process_native_message(m, p, n, ucred, tv, label);
+                manager_process_native_message(m, p, n, ucred, tv, label, label_len);
        return 0;
 }
--- a/src/journal/journald-native.h
+++ b/src/journal/journald-native.h
@ -9,13 +9,15 @@ void manager_process_native_message(
                size_t buffer_size,
                const struct ucred *ucred,
                const struct timeval *tv,
-                const char *label);
+                const char *label,
                size_t label_len);
 int manager_process_native_file(
                Manager *m,
                int fd,
                const struct ucred *ucred,
                const struct timeval *tv,
-                const char *label);
+                const char *label,
                size_t label_len);
 int manager_open_native_socket(Manager *m, const char *native_socket);
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@ -228,9 +228,9 @@ static int stdout_stream_log(
        assert(line_break < _LINE_BREAK_MAX);
        if (s->context)
-                client_context_maybe_refresh(s->manager, s->context, /* ucred= */ NULL, /* label= */ NULL, /* unit_id= */ NULL, USEC_INFINITY);
+                client_context_maybe_refresh(s->manager, s->context, NULL, NULL, 0, NULL, USEC_INFINITY);
        else if (pid_is_valid(s->ucred.pid)) {
-                r = client_context_acquire(s->manager, s->ucred.pid, &s->ucred, s->label, s->unit_id, &s->context);
+                r = client_context_acquire(s->manager, s->ucred.pid, &s->ucred, s->label, strlen_ptr(s->label), s->unit_id, &s->context);
                if (r < 0)
                        log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
                                                    "Failed to acquire client context, ignoring: %m");
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@ -21,7 +21,6 @@
 #include "journald-wall.h"
 #include "log.h"
 #include "log-ratelimit.h"
 #include "parse-util.h"
 #include "process-util.h"
 #include "selinux-util.h"
 #include "socket-util.h"
@ -201,14 +200,14 @@ int syslog_fixup_facility(int priority) {
        return priority;
 }
-size_t syslog_parse_identifier(const char **buf, char **ret_identifier, pid_t *ret_pid) {
+size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid) {
        const char *p;
        char *t;
        size_t l, e;
        pid_t pid = 0;
        assert(buf);
-        assert(ret_identifier);
+        assert(identifier);
-        assert(ret_pid);
+        assert(pid);
        p = *buf;
@ -216,11 +215,8 @@ size_t syslog_parse_identifier(const char **buf, char **ret_identifier, pid_t *r
        l = strcspn(p, WHITESPACE);
        if (l <= 0 ||
-            p[l-1] != ':') {
+            p[l-1] != ':')
                *ret_identifier = NULL;
                *ret_pid = 0;
                return 0;
        }
        e = l;
        l--;
@ -231,9 +227,9 @@ size_t syslog_parse_identifier(const char **buf, char **ret_identifier, pid_t *r
                for (;;) {
                        if (p[k] == '[') {
-                                _cleanup_free_ char *t = strndup(p+k+1, l-k-2);
+                                t = strndup(p+k+1, l-k-2);
                                if (t)
-                                        (void) parse_pid(t, &pid);
+                                        *pid = t;
                                l = k;
                                break;
@ -246,13 +242,9 @@ size_t syslog_parse_identifier(const char **buf, char **ret_identifier, pid_t *r
                }
        }
-        /* The syslog identifier should be short enough in most cases and NAME_MAX should be enough. Let's
+        t = strndup(p, l);
-         * refuse ridiculously long identifier string as "no identifier string found", because if it is
+        if (t)
-         * longer than some threshold then it is quite likely some misformatted data, and not a valid syslog
+                *identifier = t;
         * message. Note. NAME_MAX is counted *without* the trailing NUL. */
        _cleanup_free_ char *identifier = NULL;
        if (l <= NAME_MAX)
                identifier = strndup(p, l); /* ignore OOM here. */
        /* Single space is used as separator */
        if (p[e] != '\0' && strchr(WHITESPACE, p[e]))
@ -260,12 +252,10 @@ size_t syslog_parse_identifier(const char **buf, char **ret_identifier, pid_t *r
        l = (p - *buf) + e;
        *buf = p + e;
        *ret_identifier = TAKE_PTR(identifier);
        *ret_pid = pid;
        return l;
 }
-static size_t syslog_skip_timestamp(const char **buf) {
+static int syslog_skip_timestamp(const char **buf) {
        enum {
                LETTER,
                SPACE,
@ -285,8 +275,8 @@ static size_t syslog_skip_timestamp(const char **buf) {
                SPACE
        };
-        const char *p;
+        const char *p, *t;
-        size_t i;
+        unsigned i;
        assert(buf);
        assert(*buf);
@ -323,15 +313,13 @@ static size_t syslog_skip_timestamp(const char **buf) {
                        if (*p != ':')
                                return 0;
                        break;
                }
        }
-        assert(p >= *buf);
+        t = *buf;
        size_t n = p - *buf;
        assert(n <= ELEMENTSOF(sequence));
        *buf = p;
-        return n;
+        return p - t;
 }
 void manager_process_syslog_message(
@ -340,12 +328,14 @@ void manager_process_syslog_message(
                size_t raw_len,
                const struct ucred *ucred,
                const struct timeval *tv,
-                const char *label) {
+                const char *label,
                size_t label_len) {
        char *t, syslog_priority[STRLEN("PRIORITY=") + DECIMAL_STR_MAX(int)],
                 syslog_facility[STRLEN("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
        const char *msg, *syslog_ts, *a;
-        _cleanup_free_ char *dummy = NULL, *msg_msg = NULL, *msg_raw = NULL;
+        _cleanup_free_ char *identifier = NULL, *pid = NULL,
                *dummy = NULL, *msg_msg = NULL, *msg_raw = NULL;
        int priority = LOG_USER | LOG_INFO, r;
        ClientContext *context = NULL;
        struct iovec *iovec;
@ -361,7 +351,7 @@ void manager_process_syslog_message(
        assert(buf[raw_len] == '\0');
        if (ucred && pid_is_valid(ucred->pid)) {
-                r = client_context_get(m, ucred->pid, ucred, label, /* unit_id= */ NULL, &context);
+                r = client_context_get(m, ucred->pid, ucred, label, label_len, NULL, &context);
                if (r < 0)
                        log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
                                                    "Failed to retrieve credentials for PID " PID_FMT ", ignoring: %m",
@ -408,8 +398,6 @@ void manager_process_syslog_message(
                /* We failed to parse the full timestamp, store the raw message too */
                store_raw = true;
        _cleanup_free_ char *identifier = NULL;
        pid_t pid;
        syslog_parse_identifier(&msg, &identifier, &pid);
        if (client_context_check_keep_log(context, msg, strlen(msg)) <= 0)
@ -445,10 +433,9 @@ void manager_process_syslog_message(
                iovec[n++] = IOVEC_MAKE_STRING(a);
        }
-        char syslog_pid[STRLEN("SYSLOG_PID=") + DECIMAL_STR_MAX(pid_t)];
+        if (pid) {
-        if (pid_is_valid(pid)) {
+                a = strjoina("SYSLOG_PID=", pid);
-                xsprintf(syslog_pid, "SYSLOG_PID="PID_FMT, pid);
+                iovec[n++] = IOVEC_MAKE_STRING(a);
                iovec[n++] = IOVEC_MAKE_STRING(syslog_pid);
        }
        if (syslog_ts_len > 0) {
--- a/src/journal/journald-syslog.h
+++ b/src/journal/journald-syslog.h
@ -5,11 +5,11 @@
 int syslog_fixup_facility(int priority) _const_;
-size_t syslog_parse_identifier(const char **buf, char **ret_identifier, pid_t *ret_pid);
+size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid);
 void manager_forward_syslog(Manager *m, int priority, const char *identifier, const char *message, const struct ucred *ucred, const struct timeval *tv);
-void manager_process_syslog_message(Manager *m, const char *buf, size_t raw_len, const struct ucred *ucred, const struct timeval *tv, const char *label);
+void manager_process_syslog_message(Manager *m, const char *buf, size_t raw_len, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len);
 int manager_open_syslog_socket(Manager *m, const char *syslog_socket);
 void manager_maybe_warn_forward_syslog_missed(Manager *m);
--- a/src/journal/test-journald-syslog.c
+++ b/src/journal/test-journald-syslog.c
@ -5,24 +5,18 @@
 #include "syslog-util.h"
 #include "tests.h"
-static void test_syslog_parse_identifier_one(
+static void test_syslog_parse_identifier_one(const char *str,
-                const char *str,
+                                         const char *ident, const char *pid, const char *rest, int ret) {
                const char *ident,
                pid_t pid,
                const char *rest,
                int ret) {
        const char *buf = str;
-        _cleanup_free_ char *ident2 = NULL;
+        _cleanup_free_ char *ident2 = NULL, *pid2 = NULL;
        pid_t pid2;
        int ret2;
        ret2 = syslog_parse_identifier(&buf, &ident2, &pid2);
-        ASSERT_EQ(ret, ret2);
+        assert_se(ret == ret2);
-        ASSERT_STREQ(ident, ident2);
+        assert_se(ident == ident2 || streq_ptr(ident, ident2));
-        ASSERT_EQ(pid, pid2);
+        assert_se(pid == pid2 || streq_ptr(pid, pid2));
-        ASSERT_STREQ(buf, rest);
+        assert_se(streq(buf, rest));
 }
 static void test_syslog_parse_priority_one(const char *str, bool with_facility, int priority, int ret) {
@ -36,20 +30,20 @@ static void test_syslog_parse_priority_one(const char *str, bool with_facility,
 }
 TEST(syslog_parse_identifier) {
-        test_syslog_parse_identifier_one("pidu[111]: xxx", "pidu", 111, "xxx", 11);
+        test_syslog_parse_identifier_one("pidu[111]: xxx", "pidu", "111", "xxx", 11);
-        test_syslog_parse_identifier_one("pidu: xxx", "pidu", 0, "xxx", 6);
+        test_syslog_parse_identifier_one("pidu: xxx", "pidu", NULL, "xxx", 6);
-        test_syslog_parse_identifier_one("pidu:  xxx", "pidu", 0, " xxx", 6);
+        test_syslog_parse_identifier_one("pidu:  xxx", "pidu", NULL, " xxx", 6);
-        test_syslog_parse_identifier_one("pidu xxx", NULL, 0, "pidu xxx", 0);
+        test_syslog_parse_identifier_one("pidu xxx", NULL, NULL, "pidu xxx", 0);
-        test_syslog_parse_identifier_one("   pidu xxx", NULL, 0, "   pidu xxx", 0);
+        test_syslog_parse_identifier_one("   pidu xxx", NULL, NULL, "   pidu xxx", 0);
-        test_syslog_parse_identifier_one("", NULL, 0, "", 0);
+        test_syslog_parse_identifier_one("", NULL, NULL, "", 0);
-        test_syslog_parse_identifier_one("  ", NULL, 0, "  ", 0);
+        test_syslog_parse_identifier_one("  ", NULL, NULL, "  ", 0);
-        test_syslog_parse_identifier_one(":", "", 0, "", 1);
+        test_syslog_parse_identifier_one(":", "", NULL, "", 1);
-        test_syslog_parse_identifier_one(":  ", "", 0, " ", 2);
+        test_syslog_parse_identifier_one(":  ", "", NULL, " ", 2);
-        test_syslog_parse_identifier_one(" :", "", 0, "", 2);
+        test_syslog_parse_identifier_one(" :", "", NULL, "", 2);
-        test_syslog_parse_identifier_one("   pidu:", "pidu", 0, "", 8);
+        test_syslog_parse_identifier_one("   pidu:", "pidu", NULL, "", 8);
-        test_syslog_parse_identifier_one("pidu:", "pidu", 0, "", 5);
+        test_syslog_parse_identifier_one("pidu:", "pidu", NULL, "", 5);
-        test_syslog_parse_identifier_one("pidu: ", "pidu", 0, "", 6);
+        test_syslog_parse_identifier_one("pidu: ", "pidu", NULL, "", 6);
-        test_syslog_parse_identifier_one("pidu : ", NULL, 0, "pidu : ", 0);
+        test_syslog_parse_identifier_one("pidu : ", NULL, NULL, "pidu : ", 0);
 }
 TEST(syslog_parse_priority) {
--- a/src/nsresourced/nsresourcework.c
+++ b/src/nsresourced/nsresourcework.c
@ -1354,7 +1354,7 @@ static int validate_cgroup(sd_varlink *link, int fd, uint64_t *ret_cgroup_id) {
        if (r == 0)
                return sd_varlink_error_invalid_parameter_name(link, "controlGroupFileDescriptor");
-        r = fd_to_handle_u64(fd, ret_cgroup_id);
+        r = cg_fd_get_cgroupid(fd, ret_cgroup_id);
        if (r < 0)
                return log_debug_errno(r, "Failed to read cgroup ID from cgroupfs: %m");
--- a/src/portable/portable.c
+++ b/src/portable/portable.c
@ -2047,7 +2047,7 @@ int portable_attach(
        if (!FLAGS_SET(flags, PORTABLE_REATTACH) && !FLAGS_SET(flags, PORTABLE_FORCE_ATTACH))
                HASHMAP_FOREACH(item, unit_files) {
-                        r = unit_file_exists_full(scope, &paths, SEARCH_IGNORE_TEMPLATE, item->name, /* ret_path= */ NULL);
+                        r = unit_file_exists(scope, &paths, item->name);
                        if (r < 0)
                                return sd_bus_error_set_errnof(error, r, "Failed to determine whether unit '%s' exists on the host: %m", item->name);
                        if (r > 0)
--- a/src/run/run.c
+++ b/src/run/run.c
@ -61,6 +61,7 @@
 #include "strv.h"
 #include "terminal-util.h"
 #include "time-util.h"
 #include "uid-classification.h"
 #include "unit-def.h"
 #include "unit-name.h"
 #include "user-util.h"
@ -2247,6 +2248,9 @@ static int fchown_to_capsule(int fd, const char *capsule) {
        if (r < 0)
                return r;
        if (uid_is_system(st.st_uid) || gid_is_system(st.st_gid)) /* paranoid safety check */
                return -EPERM;
        return fchmod_and_chown(fd, 0600, st.st_uid, st.st_gid);
 }
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@ -35,6 +35,7 @@
 #include "string-util.h"
 #include "strv.h"
 #include "time-util.h"
 #include "uid-classification.h"
 static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *reterr_error) {
        sd_event *e = ASSERT_PTR(userdata);
@ -315,7 +316,7 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
        if (!p)
                return -ENOMEM;
-        /* We enter territory owned by the user, hence let's be paranoid about symlinks */
+        /* We enter territory owned by the user, hence let's be paranoid about symlinks and ownership */
        r = chase(p, /* root= */ NULL, CHASE_SAFE|CHASE_PROHIBIT_SYMLINKS, /* ret_path= */ NULL, &inode_fd);
        if (r < 0)
                return r;
@ -323,6 +324,10 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
        if (fstat(inode_fd, &st) < 0)
                return negative_errno();
        /* Paranoid safety check */
        if (uid_is_system(st.st_uid) || gid_is_system(st.st_gid))
                return -EPERM;
        *ret_uid = st.st_uid;
        *ret_gid = st.st_gid;
--- a/src/shared/cgroup-show.c
+++ b/src/shared/cgroup-show.c
@ -18,7 +18,6 @@
 #include "glyph-util.h"
 #include "hostname-util.h"
 #include "log.h"
 #include "mountpoint-util.h"
 #include "nulstr-util.h"
 #include "output-mode.h"
 #include "path-util.h"
@ -151,7 +150,7 @@ static int show_cgroup_name(
        delegate = r > 0;
        if (FLAGS_SET(flags, OUTPUT_CGROUP_ID)) {
-                r = fd_to_handle_u64(fd, &cgroupid);
+                r = cg_fd_get_cgroupid(fd, &cgroupid);
                if (r < 0)
                        log_debug_errno(r, "Failed to determine cgroup ID of %s, ignoring: %m", path);
        }
--- a/src/shared/install.c
+++ b/src/shared/install.c
@ -37,6 +37,12 @@
 #define UNIT_FILE_FOLLOW_SYMLINK_MAX 64
 typedef enum SearchFlags {
        SEARCH_LOAD                   = 1 << 0,
        SEARCH_FOLLOW_CONFIG_SYMLINKS = 1 << 1,
        SEARCH_DROPIN                 = 1 << 2,
 } SearchFlags;
 typedef struct {
        RuntimeScope scope;
        OrderedHashmap *will_process;
@ -1557,7 +1563,7 @@ static int unit_file_search(
        assert(info->name);
-        if (!FLAGS_SET(flags, SEARCH_IGNORE_TEMPLATE) && unit_name_is_valid(info->name, UNIT_NAME_INSTANCE)) {
+        if (unit_name_is_valid(info->name, UNIT_NAME_INSTANCE)) {
                r = unit_name_template(info->name, &template);
                if (r < 0)
                        return r;
@ -3236,7 +3242,7 @@ int unit_file_get_state(
 int unit_file_exists_full(
                RuntimeScope scope,
                const LookupPaths *lp,
-                SearchFlags flags,
+                bool follow,
                const char *name,
                char **ret_path) {
@ -3256,7 +3262,7 @@ int unit_file_exists_full(
                        &c,
                        lp,
                        name,
-                        flags,
+                        follow ? SEARCH_FOLLOW_CONFIG_SYMLINKS : 0,
                        ret_path ? &info : NULL,
                        /* changes= */ NULL,
                        /* n_changes= */ NULL);
--- a/src/shared/install.h
+++ b/src/shared/install.h
@ -39,13 +39,6 @@ typedef enum UnitFileFlags {
        _UNIT_FILE_FLAGS_MASK_PUBLIC = UNIT_FILE_RUNTIME|UNIT_FILE_PORTABLE|UNIT_FILE_FORCE,
 } UnitFileFlags;
 typedef enum SearchFlags {
        SEARCH_LOAD                   = 1 << 0,
        SEARCH_FOLLOW_CONFIG_SYMLINKS = 1 << 1,
        SEARCH_DROPIN                 = 1 << 2,
        SEARCH_IGNORE_TEMPLATE        = 1 << 3, /* Don't look up the template if the instance does not exist. */
 } SearchFlags;
 /* type can be either one of the INSTALL_CHANGE_SYMLINK, INSTALL_CHANGE_UNLINK, … listed above, or a negative
 * errno value.
 *
@ -191,12 +184,12 @@ int unit_file_get_state(RuntimeScope scope, const char *root_dir, const char *fi
 int unit_file_exists_full(
                RuntimeScope scope,
                const LookupPaths *lp,
-                SearchFlags flags,
+                bool follow,
                const char *name,
                char **ret_path);
 static inline int unit_file_exists(RuntimeScope scope, const LookupPaths *lp, const char *name) {
-        return unit_file_exists_full(scope, lp, 0, name, NULL);
+        return unit_file_exists_full(scope, lp, false, name, NULL);
 }
 int unit_file_get_list(RuntimeScope scope, const char *root_dir, char * const *states, char * const *patterns, Hashmap **ret);
--- a/src/shared/plymouth-util.c
+++ b/src/shared/plymouth-util.c
@ -56,14 +56,3 @@ int plymouth_send_msg(const char *text, bool pause_spinner) {
        return 0;
 }
 int plymouth_hide_splash(void) {
        int r;
        r = plymouth_send_raw("H\0", 2, SOCK_NONBLOCK);
        if (r < 0)
                return log_full_errno(ERRNO_IS_NO_PLYMOUTH(r) ? LOG_DEBUG : LOG_WARNING, r,
                                      "Failed to communicate with plymouth: %m");
        return 0;
 }
--- a/src/shared/plymouth-util.h
+++ b/src/shared/plymouth-util.h
@ -7,7 +7,6 @@
 int plymouth_connect(int flags);
 int plymouth_send_raw(const void *raw, size_t size, int flags);
 int plymouth_send_msg(const char *text, bool pause_spinner);
 int plymouth_hide_splash(void);
 static inline bool ERRNO_IS_NO_PLYMOUTH(int r) {
        return IN_SET(ABS(r), EAGAIN, ENOENT) || ERRNO_IS_DISCONNECT(r);
--- a/src/ssh-generator/ssh-generator.c
+++ b/src/ssh-generator/ssh-generator.c
@ -474,7 +474,7 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
        _cleanup_free_ char *found_sshd_template_unit = NULL;
        r = unit_file_exists_full(RUNTIME_SCOPE_SYSTEM, &lp,
-                                  SEARCH_FOLLOW_CONFIG_SYMLINKS,
+                                  /* follow = */ true,
                                  "sshd@.service",
                                  &found_sshd_template_unit);
        if (r < 0)
--- a/src/test/test-cgroup-util.c
+++ b/src/test/test-cgroup-util.c
@ -7,7 +7,6 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "format-util.h"
 #include "mountpoint-util.h"
 #include "path-util.h"
 #include "pidref.h"
 #include "process-util.h"
@ -494,7 +493,7 @@ TEST(cgroupid) {
        ASSERT_OK(fd_get_path(fd, &p));
        ASSERT_TRUE(path_equal(p, "/sys/fs/cgroup"));
-        ASSERT_OK(fd_to_handle_u64(fd, &id));
+        ASSERT_OK(cg_fd_get_cgroupid(fd, &id));
        fd2 = cg_cgroupid_open(fd, id);
@ -510,7 +509,7 @@ TEST(cgroupid) {
                ASSERT_OK(fd_get_path(fd2, &p2));
                ASSERT_TRUE(path_equal(p2, "/sys/fs/cgroup"));
-                ASSERT_OK(fd_to_handle_u64(fd2, &id2));
+                ASSERT_OK(cg_fd_get_cgroupid(fd2, &id2));
                ASSERT_EQ(id, id2);
--- a/src/udev/udev-manager.c
+++ b/src/udev/udev-manager.c
@ -218,8 +218,6 @@ Manager* manager_free(Manager *manager) {
        sd_event_source_unref(manager->inotify_event);
        set_free(manager->synthesize_change_child_event_sources);
        set_free(manager->synthesized_events);
        sd_event_source_unref(manager->synthesized_events_clear_event_source);
        sd_event_source_unref(manager->kill_workers_event);
        sd_event_unref(manager->event);
@ -897,11 +895,6 @@ static int event_queue_insert(Manager *manager, sd_device *dev) {
        assert(manager);
        assert(dev);
        /* If the event is the one we triggered, remove the UUID from the list. */
        sd_id128_t uuid;
        if (sd_device_get_trigger_uuid(dev, &uuid) >= 0)
                free(set_remove(manager->synthesized_events, &uuid));
        /* We only accepts devices received by device monitor. */
        r = sd_device_get_seqnum(dev, &seqnum);
        if (r < 0)
@ -969,6 +962,14 @@ static int event_queue_insert(Manager *manager, sd_device *dev) {
        TAKE_PTR(event);
        log_device_uevent(dev, "Device is queued");
        if (!manager->queue_file_created) {
                r = touch("/run/udev/queue");
                if (r < 0)
                        log_warning_errno(r, "Failed to touch /run/udev/queue, ignoring: %m");
                else
                        manager->queue_file_created = true;
        }
        return 0;
 }
@ -1067,9 +1068,6 @@ static int manager_deserialize_events(Manager *manager, int *fd) {
                n++;
        }
        if (n > 0)
                (void) manager_create_queue_file(manager);
        log_debug("Deserialized %"PRIu64" events.", n);
        return 0;
 }
@ -1080,8 +1078,6 @@ static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata)
        DEVICE_TRACE_POINT(kernel_uevent_received, dev);
        (void) manager_create_queue_file(manager);
        device_ensure_usec_initialized(dev, NULL);
        r = event_queue_insert(manager, dev);
@ -1260,22 +1256,6 @@ static int on_sighup(sd_event_source *s, const struct signalfd_siginfo *si, void
        return 1;
 }
 int manager_create_queue_file(Manager *manager) {
        int r;
        assert(manager);
        if (manager->queue_file_created)
                return 0;
        r = touch("/run/udev/queue");
        if (r < 0)
                return log_warning_errno(r, "Failed to touch /run/udev/queue: %m");
        manager->queue_file_created = true;
        return 0;
 }
 static int manager_unlink_queue_file(Manager *manager) {
        assert(manager);
@ -1285,9 +1265,6 @@ static int manager_unlink_queue_file(Manager *manager) {
        if (!set_isempty(manager->synthesize_change_child_event_sources))
                return 0; /* There are child processes that should trigger synthetic events. */
        if (!set_isempty(manager->synthesized_events))
                return 0; /* We have triggered synthesized change events. */
        /* There are no queued events. Let's remove /run/udev/queue and clean up the idle processes. */
        if (unlink("/run/udev/queue") < 0) {
                if (errno != ENOENT)
--- a/src/udev/udev-manager.h
+++ b/src/udev/udev-manager.h
@ -54,8 +54,6 @@ typedef struct Manager {
        int inotify_fd;
        sd_event_source *inotify_event;
        Set *synthesize_change_child_event_sources;
        Set *synthesized_events;
        sd_event_source *synthesized_events_clear_event_source;
        sd_event_source *kill_workers_event;
@ -93,5 +91,3 @@ int manager_reset_kill_workers_timer(Manager *manager);
 bool devpath_conflict(const char *a, const char *b);
 int manager_requeue_locked_events_by_device(Manager *manager, sd_device *dev);
 int manager_create_queue_file(Manager *manager);
--- a/src/udev/udev-watch.c
+++ b/src/udev/udev-watch.c
@ -18,7 +18,6 @@
 #include "fd-util.h"
 #include "format-util.h"
 #include "fs-util.h"
 #include "id128-util.h"
 #include "inotify-util.h"
 #include "parse-util.h"
 #include "pidref.h"
@ -29,7 +28,6 @@
 #include "signal-util.h"
 #include "stdio-util.h"
 #include "string-util.h"
 #include "time-util.h"
 #include "udev-manager.h"
 #include "udev-trace.h"
 #include "udev-util.h"
@ -143,70 +141,24 @@ void udev_watch_dump(void) {
        }
 }
-static int on_synthesized_events_clear(sd_event_source *s, uint64_t usec, void *userdata) {
+static int synthesize_change_one(sd_device *dev, sd_device *target) {
        Manager *manager = ASSERT_PTR(userdata);
        for (;;) {
                _cleanup_free_ sd_id128_t *uuid = set_steal_first(manager->synthesized_events);
                if (!uuid)
                        return 0;
                log_warning("Could not receive synthesized event with UUID %s, ignoring.",
                            SD_ID128_TO_STRING(*uuid));
        }
 }
 static int synthesize_change_one(Manager *manager, sd_device *dev) {
        int r;
        assert(manager);
        assert(dev);
        assert(target);
        if (DEBUG_LOGGING) {
                const char *syspath = NULL;
-                (void) sd_device_get_syspath(dev, &syspath);
+                (void) sd_device_get_syspath(target, &syspath);
                log_device_debug(dev, "device is closed, synthesising 'change' on %s", strna(syspath));
        }
-        sd_id128_t uuid;
+        r = sd_device_trigger(target, SD_DEVICE_CHANGE);
        r = sd_device_trigger_with_uuid(dev, SD_DEVICE_CHANGE, &uuid);
        if (r < 0)
-                return log_device_debug_errno(dev, r, "Failed to trigger 'change' uevent: %m");
+                return log_device_debug_errno(target, r, "Failed to trigger 'change' uevent: %m");
        DEVICE_TRACE_POINT(synthetic_change_event, dev);
        /* Avoid /run/udev/queue file being removed by on_post(). */
        sd_id128_t *copy = newdup(sd_id128_t, &uuid, 1);
        if (!copy)
                return log_oom_debug();
        /* Let's not wait for too many events, to make not udevd consume huge amount of memory.
         * Typically (but unfortunately, not always), the kernel provides events in the order we triggered.
         * Hence, remembering the newest UUID should be mostly enough. */
        while (set_size(manager->synthesized_events) >= 1024) {
                _cleanup_free_ sd_id128_t *id = ASSERT_PTR(set_steal_first(manager->synthesized_events));
                log_debug("Too many synthesized events are waiting, forgetting synthesized event with UUID %s.",
                          SD_ID128_TO_STRING(*id));
        }
        r = set_ensure_consume(&manager->synthesized_events, &id128_hash_ops_free, copy);
        if (r < 0)
                return log_oom_debug();
        r = event_reset_time_relative(
                        manager->event,
                        &manager->synthesized_events_clear_event_source,
                        CLOCK_MONOTONIC,
                        1 * USEC_PER_MINUTE,
                        USEC_PER_SEC,
                        on_synthesized_events_clear,
                        manager,
                        SD_EVENT_PRIORITY_NORMAL,
                        "synthesized-events-clear",
                        /* force_reset= */ true);
        if (r < 0)
                log_debug_errno(r, "Failed to reset timer event source for clearling synthesized event UUIDs: %m");
        return 0;
 }
@ -228,13 +180,13 @@ static int synthesize_change(Manager *manager, sd_device *dev) {
        if (r < 0)
                return r;
        if (r > 0)
-                return synthesize_change_one(manager, dev);
+                return synthesize_change_one(dev, dev);
        r = block_device_is_whole_disk(dev);
        if (r < 0)
                return r;
        if (r == 0)
-                return synthesize_change_one(manager, dev);
+                return synthesize_change_one(dev, dev);
        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
        r = pidref_safe_fork(
@ -290,7 +242,6 @@ static int manager_process_inotify(Manager *manager, const struct inotify_event
        log_device_debug(dev, "Received inotify event of watch handle %i.", e->wd);
        (void) manager_create_queue_file(manager);
        (void) manager_requeue_locked_events_by_device(manager, dev);
        (void) synthesize_change(manager, dev);
        return 0;
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@ -2451,11 +2451,9 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
                        return log_oom();
        }
        if (arg_console_mode != CONSOLE_GUI) {
        r = strv_prepend(&arg_kernel_cmdline_extra, "console=hvc0");
        if (r < 0)
                return log_oom();
        }
        for (size_t j = 0; j < arg_runtime_mounts.n_mounts; j++) {
                RuntimeMount *m = arg_runtime_mounts.mounts + j;
--- a/test/fuzz/.gitattributes
+++ b/test/fuzz/.gitattributes
@ -1,3 +1,10 @@
 /*/*                   -whitespace
-/*/*                   binary
+/fuzz-bus-match/*      binary
 /fuzz-compress/*       binary
 /fuzz-dhcp*/*          binary
 /fuzz-dns-packet/*     binary
 /fuzz-fido-id-desc/*   binary
 /fuzz-journald-audit/* binary
 /fuzz-lldp-rx/*        binary
 /fuzz-ndisc-rs/*       binary
 /*/*                   generated
--- a/test/fuzz/fuzz-journald-syslog/oss-fuzz-477990732
+++ b/test/fuzz/fuzz-journald-syslog/oss-fuzz-477990732