102 changed files with 526 additions and 1053 deletions
--- a/2
+++ b/2
@ -280,7 +280,7 @@ CHANGES WITH 245:
          such files in version 243.
        * systemd-logind will now validate access to the operation of changing
-          the virtual terminal via a polkit action. By default, only users
+          the virtual terminal via a PolicyKit action. By default, only users
          with at least one session on a local VT are granted permission.
        * When systemd sets up PAM sessions that invoked service processes
--- a/docs/PORTABILITY_AND_STABILITY.md
+++ b/docs/PORTABILITY_AND_STABILITY.md
@ -87,7 +87,7 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
 | [Boot Loader interface](https://systemd.io/BOOT_LOADER_INTERFACE) | EFI variables | yes | yes | gummiboot | yes | - | no |
 | [Service bus API](https://www.freedesktop.org/wiki/Software/systemd/dbus) | D-Bus | yes | yes | system-config-services | no | - | no |
 | [logind](https://www.freedesktop.org/wiki/Software/systemd/logind) | D-Bus | yes | yes | GNOME | no | - | no |
-| [sd-login.h API](https://www.freedesktop.org/software/systemd/man/sd-login.html) | C Library | yes | yes | GNOME, polkit, ... | no | - | no |
+| [sd-login.h API](https://www.freedesktop.org/software/systemd/man/sd-login.html) | C Library | yes | yes | GNOME, PolicyKit, ... | no | - | no |
 | [sd-daemon.h API](https://www.freedesktop.org/software/systemd/man/sd-daemon.html) | C Library or Drop-in | yes | yes | numerous | yes | - | yes |
 | [sd-id128.h API](https://www.freedesktop.org/software/systemd/man/sd-id128.html) | C Library | yes | yes | - | yes | - | no |
 | [sd-journal.h API](https://www.freedesktop.org/software/systemd/man/sd-journal.html) | C Library | yes | yes | - | maybe | - | no |
--- a/docs/USERDB_AND_DESKTOPS.md
+++ b/docs/USERDB_AND_DESKTOPS.md
@ -77,8 +77,7 @@ supports is directly available in these JSON records. Hence it makes sense for
 any user management UI to expose them directly.
 `systemd-homed` exposes APIs to add, remove and make changes to local users via
-D-Bus, with full [polkit](https://www.freedesktop.org/software/polkit/docs/latest/)
+D-Bus, with full PolicyKit hook-up. On the command line this is exposed via the
 hook-up. On the command line this is exposed via the
 `homectl` command. A graphical UI that exposes similar functionality would be
 very useful, exposing the various new account settings, and in particular
 providing a stream-lined UI for enrolling new-style authentication tokens such
--- a/man/org.freedesktop.hostname1.xml
+++ b/man/org.freedesktop.hostname1.xml
@ -89,6 +89,38 @@ node /org/freedesktop/hostname1 {
 };
    </programlisting>
    <!--method SetDeployment is not documented!-->
    <!--method SetLocation is not documented!-->
    <!--method GetProductUUID is not documented!-->
    <!--property Hostname is not documented!-->
    <!--property StaticHostname is not documented!-->
    <!--property PrettyHostname is not documented!-->
    <!--property IconName is not documented!-->
    <!--property Chassis is not documented!-->
    <!--property Deployment is not documented!-->
    <!--property Location is not documented!-->
    <!--property KernelName is not documented!-->
    <!--property KernelRelease is not documented!-->
    <!--property KernelVersion is not documented!-->
    <!--property OperatingSystemPrettyName is not documented!-->
    <!--property OperatingSystemCPEName is not documented!-->
    <!--property HomeURL is not documented!-->
    <!--Autogenerated cross-references for systemd.directives, do not edit-->
    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.hostname1"/>
@ -141,8 +173,7 @@ node /org/freedesktop/hostname1 {
    <para>Whenever the hostname or other metadata is changed via the daemon,
    <function>PropertyChanged</function> signals are sent out to subscribed clients. Changing a hostname
-    using this interface is authenticated via
+    using this interface is authenticated via PolicyKit.</para>
    <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>.</para>
  </refsect1>
  <refsect1>
@ -188,6 +219,10 @@ node /org/freedesktop/hostname1 {
    it could not be auto-detected. Set this property to the empty string to reenable the automatic detection of
    the chassis type from firmware information.</para>
    <para>A client that wants to change the local hostname for DHCP/mDNS should invoke
    <code>SetHostname("newname", false)</code> as soon as the name is available and afterwards reset it via
    <code>SetHostname("")</code>.</para>
    <para>Note that <filename>systemd-hostnamed</filename> starts only on request and terminates after a
    short idle period. This effectively means that <function>PropertyChanged</function> messages are not sent
    out for changes made directly on the files (as in: administrator edits the files with vi). This is
@ -209,91 +244,33 @@ node /org/freedesktop/hostname1 {
    <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    for that. For more information on these files and syscalls see the respective man pages.</para>
-    <refsect2>
+    <para>The <varname>user_interaction</varname> boolean parameters can be used to control whether PolicyKit
      <title>Methods and Properties</title>
      <para><function>SetHostname()</function> sets the transient (dynamic) hostname which is exposed by the
      <varname>Hostname</varname> property. If empty, the transient hostname is set to the static hostname.
      </para>
      <para><function>SetStaticHostname()</function> sets the static hostname which is exposed by the
      <varname>StaticHostname</varname> property. If empty, the built-in default of
      <literal>&FALLBACK_HOSTNAME;</literal> is used.</para>
      <para><function>SetPrettyHostname()</function> sets the pretty hostname which is exposed by the
      <varname>PrettyHostname</varname> property.</para>
      <para><function>SetIconName()</function>, <function>SetChassis()</function>,
      <function>SetDeployment()</function>, and <function>SetLocation()</function> set the properties
      <varname>IconName</varname> (the name of the icon representing for the machine),
      <varname>Chassis</varname> (the machine form factor), <varname>Deployment</varname> (the system
      deployment environment), and <varname>Location</varname> (physical system location), respectively.
      </para>
      <para><varname>PrettyHostname</varname>, <varname>IconName</varname>, <varname>Chassis</varname>,
      <varname>Deployment</varname>, and <varname>Location</varname> are stored in
      <filename>/etc/machine-info</filename>. See
      <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
      the semantics of those settings.</para>
      <para><function>GetProductUUID()</function> returns the "product uuid" as exposed by the kernel based
      on DMI information in <filename>/sys/class/dmi/id/product_uuid</filename>. Reading the file directly
      requires root privileges, and this method allows access to unprivileged clients through the polkit
      framework.</para>
      <para><varname>KernelName</varname>, <varname>KernelRelease</varname>, and
      <varname>KernelVersion</varname> expose the kernel name (e.g. <literal>Linux</literal>), release
      (e.g. <literal>5.0.0-11</literal>, and version (i.e. the build number, e.g. <literal>#11</literal>) as
      reported by
      <citerefentry project="man-pages"><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
      <varname>OperatingSystemPrettyName</varname>, <varname>OperatingSystemCPEName</varname>, and
      <varname>HomeURL</varname> expose the <varname>PRETTY_NAME=</varname>, <varname>CPE_NAME=</varname> and
      <varname>HOME_URL=</varname> fields from
      <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
      purpose of those properties is to allow remote clients to access this information over D-Bus. Local
      clients can access the information directly.</para>
    </refsect2>
    <refsect2>
      <title>Security</title>
      <para>The <varname>interactive</varname> boolean parameters can be used to control whether polkit
    should interactively ask the user for authentication credentials if required.</para>
-      <para>The polkit action for <function>SetHostname()</function> is
+    <para>The PolicyKit action for <function>SetHostname()</function> is
    <interfacename>org.freedesktop.hostname1.set-hostname</interfacename>. For
    <function>SetStaticHostname()</function> and <function>SetPrettyHostname()</function> it is
    <interfacename>org.freedesktop.hostname1.set-static-hostname</interfacename>. For
    <function>SetIconName()</function> and <function>SetChassis()</function> it is
    <interfacename>org.freedesktop.hostname1.set-machine-info</interfacename>.</para>
    </refsect2>
  </refsect1>
-  <refsect1>
+    <para>Here are three examples show how the pretty hostname and the icon name should be used:
    <title>Recommendations</title>
    <para>Here are three examples that show how the pretty hostname and the icon name should be used:
    <itemizedlist>
-      <listitem><para>When registering DNS-SD services: use the pretty hostname in the service name, and pass
+      <listitem><para>When registering DNS-SD services: use the pretty hostname in the service name, and
-      the icon name in the TXT data, if there is an icon name. Browsing clients can then show the server icon
+      pass the icon name in the TXT data, if there is an icon name. Browsing clients can then show the server
-      on each service. This is especially useful for WebDAV applications or UPnP media sharing.
+      icon on each service. This is especially useful for WebDAV applications or UPnP media sharing.
      </para></listitem>
      <listitem><para>Set the bluetooth name to the pretty hostname.</para></listitem>
-      <listitem><para>When your file browser has a "Computer" icon, replace the name with the pretty hostname
+      <listitem><para>When your file browser has a "Computer" icon, replace the name with the pretty hostname if set, and the icon with the icon name, if it is set.</para></listitem>
      if set, and the icon with the icon name, if it is set.</para></listitem>
    </itemizedlist></para>
    <para>To properly handle name lookups with changing local hostnames without having to edit
-    <filename>/etc/hosts</filename>, we recommend using <filename>systemd-hostnamed</filename> in combination
+    <filename>/etc/hosts</filename>, we recommend using <filename>systemd-hostnamed</filename> in
-    with <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+    combination with <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
    </para>
    <para>A client that wants to change the local hostname for DHCP/mDNS should invoke
    <code>SetHostname("newname", false)</code> as soon as the name is available and afterwards reset it via
    <code>SetHostname("")</code>.</para>
    <para>Here are some recommendations to follow when generating a static (internet) hostname from a pretty
    name:
    <itemizedlist>
@ -337,7 +314,7 @@ node /org/freedesktop/hostname1 {
    </itemizedlist></para>
    <para>Of course, an already valid internet hostname label you enter and pass through this
-    conversion should stay unmodified, so that users have direct control of it, if they want — by simply
+    conversion should stay unmodified, so that users have direct control of it, if they want -- by simply
    ignoring the fact that the pretty hostname is pretty and just edit it as if it was the normal internet
    name.</para>
  </refsect1>
--- a/man/org.freedesktop.locale1.xml
+++ b/man/org.freedesktop.locale1.xml
@ -126,8 +126,7 @@ node /org/freedesktop/locale1 {
      <para>Use the empty string for the keymap parameters you wish not to set.</para>
-      <para>The <varname>interactive</varname> boolean parameters can be used to control whether
+      <para>The <varname>interactive</varname> boolean parameters can be used to control whether PolicyKit
      <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
      should interactively ask the user for authentication credentials if required.</para>
    </refsect2>
@ -161,9 +160,9 @@ node /org/freedesktop/locale1 {
    <refsect2>
      <title>Security</title>
-      <para>Changing the system locale or keymap using this interface is authenticated via polkit. The
+      <para>Changing the system locale or keymap using this interface is authenticated via PolicyKit. The
-      polkit action for <function>SetLocale()</function> is
+      PolicyKit action for <function>SetLocale()</function> is
-      <constant>org.freedesktop.locale1.set-locale</constant>. The polkit action for
+      <constant>org.freedesktop.locale1.set-locale</constant>. The PolicyKit action for
      <function>SetX11Keyboard()</function> and <function>SetVConsoleKeyboard()</function> is
      <constant>org.freedesktop.locale1.set-keyboard</constant>.</para>
    </refsect2>
--- a/man/org.freedesktop.login1.xml
+++ b/man/org.freedesktop.login1.xml
@ -496,24 +496,22 @@ node /org/freedesktop/login1 {
      and seat are identified by their respective IDs.</para>
      <para><function>SetUserLinger()</function> enables or disables user lingering. If enabled, the runtime
-      directory of a user is kept around and they may continue to run processes while logged out. If
+      directory of a user is kept around and he may continue to run processes while he is logged out. If
      disabled, the runtime directory goes away as soon as they log out. <function>SetUserLinger()</function>
      expects three arguments: the UID, a boolean whether to enable/disable and a boolean controlling the
-      <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
+      PolicyKit authorization interactivity (see below). Note that the user linger state is persistently
      authorization interactivity (see below). Note that the user linger state is persistently
      stored on disk.</para>
      <para><function>AttachDevice()</function> may be used to assign a specific device to a specific
-      seat. The device is identified by its <filename>/sys</filename> path and must be eligible for seat
+      seat. The device is identified by its /sys path and must be eligible for seat assignments. <function>AttachDevice()</function> takes three
-      assignments. <function>AttachDevice()</function> takes three arguments: the seat id, the sysfs path,
+      arguments: the seat id, the sysfs path, and a boolean for controlling PolicyKit interactivity (see
-      and a boolean for controlling polkit interactivity (see below). Device assignments are persistently
+      below). Device assignments are persistently stored on disk. To create a new seat, simply specify a
-      stored on disk. To create a new seat, simply specify a previously unused seat id. For more information
+      previously unused seat id. For more information about the seat assignment logic see
      about the seat assignment logic see
      <ulink url="https://www.freedesktop.org/wiki/Software/systemd/multiseat">Multi-Seat for Linux</ulink>.
      </para>
      <para><function>FlushDevices()</function> removes all explicit seat assignments for devices, resetting
-      all assignments to the automatic defaults. The only argument it takes is the polkit interactivity
+      all assignments to the automatic defaults. The only argument it takes is the PolicyKit interactivity
      boolean (see below).</para>
      <para><function>PowerOff()</function>, <function>Reboot()</function>, <function>Halt()</function>,
@ -523,9 +521,9 @@ node /org/freedesktop/login1 {
      the machine is powered down). <function>HybridSleep()</function> results in the system entering a
      hybrid-sleep mode, i.e. the system is both hibernated and suspended.
      <function>SuspendThenHibernate()</function> results in the system being suspended, then later woken
-      using an RTC timer and hibernated. The only argument is the polkit interactivity boolean
+      using an RTC timer and hibernated. The only argument is the PolicyKit interactivity boolean
      <varname>interactive</varname> (see below). The main purpose of these calls is that they enforce
-      polkit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged
+      PolicyKit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged
      users. They also enforce inhibition locks. UIs should expose these calls as the primary mechanism to
      poweroff/reboot/suspend/hibernate the machine.</para>
@ -680,7 +678,7 @@ node /org/freedesktop/login1 {
    <refsect2>
      <title>Security</title>
-      <para>A number of operations are protected via the polkit privilege
+      <para>A number of operations are protected via the PolicyKit privilege
      system. <function>SetUserLinger()</function> requires the
      <interfacename>org.freedesktop.login1.set-user-linger</interfacename>
      privilege. <function>AttachDevice()</function> requires
@ -733,7 +731,7 @@ node /org/freedesktop/login1 {
      <interfacename>org.freedesktop.login1.inhibit-handle-lid-switch</interfacename> depending on the lock
      type and mode taken.</para>
-      <para>The <varname>interactive</varname> boolean parameters can be used to control whether polkit
+      <para>The <varname>interactive</varname> boolean parameters can be used to control whether PolicyKit
      should interactively ask the user for authentication credentials if required.</para>
    </refsect2>
  </refsect1>
@ -848,8 +846,8 @@ node /org/freedesktop/login1/seat/seat0 {
      encoded in a structure consisting of the ID and the object path.</para>
      <para>The <varname>IdleHint</varname>, <varname>IdleSinceHint</varname>, and
-      <varname>IdleSinceHintMonotonic</varname> properties encode the idle state, similar to the ones exposed
+      <varname>IdleSinceHint</varname> properties encode the idle state, similar to the one exposed on the
-      on the <interfacename>Manager</interfacename> object, but specific for this seat.</para>
+      Manager object, but specific for this seat.</para>
    </refsect2>
  </refsect1>
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@ -40,10 +40,9 @@
    <para>Properties exposing time values are usually encoded in microseconds (usec) on the bus, even if
    their corresponding settings in the unit files are in seconds.</para>
-    <para>In contrast to most of the other services of the systemd suite, PID 1 does not use
+    <para>In contrast to most of the other services of the systemd suite, PID 1 does not use PolicyKit for
-    <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
+    controlling access to privileged operations, but relies exclusively on the low-level D-Bus policy
-    for controlling access to privileged operations, but relies exclusively on the low-level D-Bus policy
+    language. (This is done in order to avoid a cyclic dependency between PolicyKit and systemd/PID 1.) This
    language. (This is done in order to avoid a cyclic dependency between polkit and systemd/PID 1.) This
    means that sensitive operations exposed by PID 1 on the bus are generally not available to unprivileged
    processes directly. However, some operations (such as shutdown/reboot/suspend) are made available through the D-Bus
    API of logind, see
@ -1464,7 +1463,7 @@ node /org/freedesktop/systemd1 {
      <title>Security</title>
      <para>Read access is generally granted to all clients. Additionally, for unprivileged clients, some
-      operations are allowed through the polkit privilege system. Operations which modify unit state
+      operations are allowed through the PolicyKit privilege system. Operations which modify unit state
      (<function>StartUnit()</function>, <function>StopUnit()</function>, <function>KillUnit()</function>,
      <function>RestartUnit()</function> and similar, <function>SetProperty</function>) require
      <interfacename>org.freedesktop.systemd1.manage-units</interfacename>. Operations which modify unit file
@ -2128,7 +2127,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
      allowed for everyone. All operations are allowed for clients with the
      <constant>CAP_SYS_ADMIN</constant> capability or when the
      <interfacename>org.freedesktop.systemd1.manage-units</interfacename> privilege is granted by
-      polkit.</para>
+      PolicyKit.</para>
    </refsect2>
  </refsect1>
--- a/man/org.freedesktop.timedate1.xml
+++ b/man/org.freedesktop.timedate1.xml
@ -72,6 +72,22 @@ node /org/freedesktop/timedate1 {
 };
    </programlisting>
    <!--method ListTimezones is not documented!-->
    <!--property Timezone is not documented!-->
    <!--property LocalRTC is not documented!-->
    <!--property CanNTP is not documented!-->
    <!--property NTP is not documented!-->
    <!--property NTPSynchronized is not documented!-->
    <!--property TimeUSec is not documented!-->
    <!--property RTCTimeUSec is not documented!-->
    <!--Autogenerated cross-references for systemd.directives, do not edit-->
    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.timedate1"/>
@ -132,51 +148,25 @@ node /org/freedesktop/timedate1 {
      network using <filename>systemd-timesyncd</filename>. This will enable and start or disable and stop
      the chosen time synchronization service.</para>
-      <para><function>ListTimezones()</function> returns a list of time zones known on the local system as an
+      <para>Whenever the timezone and local_rtc settings are changed via the daemon,
-      array of names (<literal>["Africa/Abidjan", "Africa/Accra", ..., "UTC"]</literal>).</para>
+      <function>PropertyChanged</function> signals are sent out to which clients can subscribe. Changing the
-    </refsect2>
+      time settings using this interface is authenticated via PolicyKit.</para>
    <refsect2>
      <title>Properties</title>
      <para><varname>Timezone</varname> shows the currently configured time zone.
      <varname>LocalRTC</varname> shows whether the RTC is configured to use UTC (false), or the local time
      zone (true). <varname>CanNTP</varname> shows whether a service to perform time synchronization over the
      network is available, and <varname>NTP</varname> shows whether such a service is enabled.</para>
      <para><varname>NTPSynchronized</varname> shows whether the kernel reports the time as synchronized
      (c.f.
      <citerefentry project="man-pages"><refentrytitle>adjtimex</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
      <varname>TimeUSec</varname> and <varname>RTCTimeUSec</varname> show the current time on the system and
      in the RTC. The purpose of those three properties is to allow remote clients to access this information
      over D-Bus. Local clients can access the information directly.</para>
      <para>Whenever the <varname>Timezone</varname> and <varname>LocalRTC</varname> settings are changed via
      the daemon, <function>PropertyChanged</function> signals are sent out to which clients can subscribe.
      </para>
      <para>Note that this service will not inform you about system time changes. Use
      <citerefentry project="man-pages"><refentrytitle>timerfd</refentrytitle><manvolnum>3</manvolnum></citerefentry>
      with <constant>CLOCK_REALTIME</constant> and <constant>TFD_TIMER_CANCEL_ON_SET</constant> for that.
      </para>
    </refsect2>
-    <refsect2>
+      <para>The <varname>user_interaction</varname> boolean parameters can be used to control whether
-      <title>Security</title>
+      PolicyKit should interactively ask the user for authentication credentials if required.</para>
-      <para>The <varname>interactive</varname> boolean parameters can be used to control whether
+      <para>The PolicyKit action for <function>SetTimezone()</function> is
      <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
      should interactively ask the user for authentication credentials if required.</para>
      <para>The polkit action for <function>SetTimezone()</function> is
      <interfacename>org.freedesktop.timedate1.set-timezone</interfacename>. For
      <function>SetLocalRTC()</function> it is
      <interfacename>org.freedesktop.timedate1.set-local-rtc</interfacename>, for
      <function>SetTime()</function> it is <interfacename>org.freedesktop.timedate1.set-time</interfacename>
      and for <function>SetNTP()</function> it is
-      <interfacename>org.freedesktop.timedate1.set-ntp</interfacename>.
+      <interfacename>org.freedesktop.timedate1.set-ntp</interfacename>.</para>
      <function>ListTimezones()</function> does not require any privileges.
      </para>
    </refsect2>
  </refsect1>
--- a/man/rules/meson.build
+++ b/man/rules/meson.build
@ -262,7 +262,6 @@ manpages = [
  ['sd_bus_get_events', 'sd_bus_get_timeout', 'sd_bus_set_fd'],
  ''],
 ['sd_bus_get_n_queued_read', '3', ['sd_bus_get_n_queued_write'], ''],
 ['sd_bus_get_name_machine_id', '3', [], ''],
 ['sd_bus_is_open', '3', ['sd_bus_is_ready'], ''],
 ['sd_bus_list_names', '3', [], ''],
 ['sd_bus_message_append', '3', ['sd_bus_message_appendv'], ''],
@ -292,8 +291,7 @@ manpages = [
  ''],
 ['sd_bus_message_get_type',
  '3',
-  ['sd_bus_message_get_creds',
+  ['sd_bus_message_get_errno',
   'sd_bus_message_get_errno',
   'sd_bus_message_get_error',
   'sd_bus_message_is_method_call',
   'sd_bus_message_is_method_error',
@ -321,16 +319,7 @@ manpages = [
   'sd_bus_message_new_method_errorf'],
  ''],
 ['sd_bus_message_new_signal', '3', [], ''],
- ['sd_bus_message_open_container',
+ ['sd_bus_message_read', '3', ['sd_bus_message_readv'], ''],
  '3',
  ['sd_bus_message_close_container',
   'sd_bus_message_enter_container',
   'sd_bus_message_exit_container'],
  ''],
 ['sd_bus_message_read',
  '3',
  ['sd_bus_message_peek_type', 'sd_bus_message_readv'],
  ''],
 ['sd_bus_message_read_array', '3', [], ''],
 ['sd_bus_message_read_basic', '3', [], ''],
 ['sd_bus_message_read_strv', '3', [], ''],
@ -390,7 +379,7 @@ manpages = [
   'sd_bus_release_name_async',
   'sd_bus_request_name_async'],
  ''],
- ['sd_bus_send', '3', ['sd_bus_send_to'], ''],
+ ['sd_bus_send', '3', [], ''],
 ['sd_bus_set_address', '3', ['sd_bus_get_address', 'sd_bus_set_exec'], ''],
 ['sd_bus_set_close_on_exit', '3', ['sd_bus_get_close_on_exit'], ''],
 ['sd_bus_set_connected_signal', '3', ['sd_bus_get_connected_signal'], ''],
--- a/man/sd-bus-container-append.c
+++ b/man/sd-bus-container-append.c
@ -1,17 +0,0 @@
 #include <systemd/sd-bus.h>
 int append_strings_to_message(sd_bus_message *m, const char *const *arr) {
  int r;
  r = sd_bus_message_open_container(m, 'a', "s");
  if (r < 0)
    return r;
  for (const char *s = *arr; *s; s++) {
    r = sd_bus_message_append(m, "s", s);
    if (r < 0)
      return r;
  }
  return sd_bus_message_close_container(m);
 }
--- a/man/sd-bus-container-read.c
+++ b/man/sd-bus-container-read.c
@ -1,25 +0,0 @@
 #include <stdio.h>
 #include <systemd/sd-bus.h>
 int read_strings_from_message(sd_bus_message *m) {
  int r;
  r = sd_bus_message_enter_container(m, 'a', "s");
  if (r < 0)
    return r;
  for (;;) {
    const char *s;
    r = sd_bus_message_read(m, "s", &s);
    if (r < 0)
      return r;
    if (r == 0)
      break;
    printf("%s\n", s);
  }
  return sd_bus_message_exit_container(m);
 }
--- a/man/sd-bus.xml
+++ b/man/sd-bus.xml
@ -82,7 +82,6 @@
 <citerefentry><refentrytitle>sd_bus_get_fd</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_method_call_timeout</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_n_queued_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_name_machine_id</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_scope</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_tid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_get_unique_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
@ -96,14 +95,10 @@
 <citerefentry><refentrytitle>sd_bus_message_append_string_memfd</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_append_strv</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_at_end</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_close_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_copy</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_dump</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_enter_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_exit_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_cookie</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_get_monotonic_usec</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
@ -118,8 +113,6 @@
 <citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_new_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_new_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_open_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_peek_type</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_read_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_message_read_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
@ -140,7 +133,6 @@
 <citerefentry><refentrytitle>sd_bus_reply_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_request_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_send_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_set_address</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_set_allow_interactive_authorization</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 <citerefentry><refentrytitle>sd_bus_set_bus_client</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
--- a/man/sd_bus_get_name_machine_id.xml
+++ b/man/sd_bus_get_name_machine_id.xml
@ -1,98 +0,0 @@
 <?xml version='1.0'?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
 <!-- SPDX-License-Identifier: LGPL-2.1+ -->
 <refentry id="sd_bus_get_name_machine_id" xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>sd_bus_get_name_machine_id</title>
    <productname>systemd</productname>
  </refentryinfo>
  <refmeta>
    <refentrytitle>sd_bus_get_name_machine_id</refentrytitle>
    <manvolnum>3</manvolnum>
  </refmeta>
  <refnamediv>
    <refname>sd_bus_get_name_machine_id</refname>
    <refpurpose>Retrieve a bus client's machine identity</refpurpose>
  </refnamediv>
  <refsynopsisdiv>
    <funcsynopsis>
      <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
      <funcprototype>
        <funcdef>int <function>sd_bus_get_name_machine_id</function></funcdef>
        <paramdef>sd_bus *<parameter>bus</parameter></paramdef>
        <paramdef>const char *<parameter>name</parameter></paramdef>
        <paramdef>sd_id128_t *<parameter>machine</parameter></paramdef>
      </funcprototype>
    </funcsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
    <para><function>sd_bus_get_name_machine_id()</function> retrieves the D-Bus machine identity of the
    machine that the bus client identified by <parameter>name</parameter> is running on. Internally, it calls
    the <function>GetMachineId</function> method of the <constant>org.freedesktop.DBus.Peer</constant>
    interface. The D-Bus machine identity is a 128-bit UUID. On Linux systems running systemd, this
    corresponds to the contents of <filename>/etc/machine-id</filename>. On success, the machine identity is
    stored in <parameter>machine</parameter>.</para>
  </refsect1>
  <refsect1>
    <title>Return Value</title>
    <para>On success, this function returns a non-negative integer. On failure, it returns a negative
    errno-style error code.</para>
    <refsect2>
      <title>Errors</title>
      <para>Returned errors may indicate the following problems:</para>
      <variablelist>
        <varlistentry>
          <term><constant>-EINVAL</constant></term>
          <listitem><para>An argument is invalid.</para></listitem>
        </varlistentry>
        <varlistentry>
          <term><constant>-ENOPKG</constant></term>
          <listitem><para>The bus cannot be resolved.</para></listitem>
        </varlistentry>
        <varlistentry>
          <term><constant>-ECHILD</constant></term>
          <listitem><para>The bus was created in a different process.</para></listitem>
        </varlistentry>
        <varlistentry>
          <term><constant>-ENOMEM</constant></term>
          <listitem><para>Memory allocation failed.</para></listitem>
        </varlistentry>
      </variablelist>
    </refsect2>
  </refsect1>
  <xi:include href="libsystemd-pkgconfig.xml" />
  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    </para>
  </refsect1>
 </refentry>
--- a/man/sd_bus_message_append.xml
+++ b/man/sd_bus_message_append.xml
@ -229,8 +229,7 @@ sd_bus_message_append(m, "ynqiuxtd", y, n, q, i, u, x, t, d);</programlisting>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_message_append_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_message_append_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_append_array</refentrytitle><manvolnum>3</manvolnum></citerefentry>
      <citerefentry><refentrytitle>sd_bus_message_open_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    </para>
  </refsect1>
--- a/man/sd_bus_message_append_array.xml
+++ b/man/sd_bus_message_append_array.xml
@ -34,7 +34,7 @@
        <funcdef>int sd_bus_message_append_array</funcdef>
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
        <paramdef>char <parameter>type</parameter></paramdef>
-        <paramdef>void *<parameter>ptr</parameter></paramdef>
+        <paramdef>char void *<parameter>ptr</parameter></paramdef>
        <paramdef>size_t <parameter>size</parameter></paramdef>
      </funcprototype>
--- a/man/sd_bus_message_get_type.xml
+++ b/man/sd_bus_message_get_type.xml
@ -19,12 +19,11 @@
    <refname>sd_bus_message_get_type</refname>
    <refname>sd_bus_message_get_error</refname>
    <refname>sd_bus_message_get_errno</refname>
    <refname>sd_bus_message_get_creds</refname>
    <refname>sd_bus_message_is_signal</refname>
    <refname>sd_bus_message_is_method_call</refname>
    <refname>sd_bus_message_is_method_error</refname>
-    <refpurpose>Query bus message addressing/credentials metadata</refpurpose>
+    <refpurpose>Query bus message addressing metadata</refpurpose>
  </refnamediv>
  <refsynopsisdiv>
@ -47,11 +46,6 @@
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
      </funcprototype>
      <funcprototype>
        <funcdef>sd_bus_creds* <function>sd_bus_message_get_creds</function></funcdef>
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
      </funcprototype>
      <funcprototype>
        <funcdef>int <function>sd_bus_message_is_signal</function></funcdef>
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
@ -99,11 +93,6 @@
    <citerefentry><refentrytitle>sd_bus_error_add_map</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
    </para>
    <para><function>sd_bus_message_get_creds()</function> returns the message credentials attached to the
    message <parameter>m</parameter>. If no credentials are attached to the message, it returns
    <constant>NULL</constant>. Ownership of the credentials instance is not transferred to the caller and
    hence should not be freed.</para>
    <para><function>sd_bus_message_is_signal()</function> checks if message <parameter>m</parameter> is a
    signal message. If <parameter>interface</parameter> is non-null, it also checks if the message has the
    same interface set. If <parameter>member</parameter> is non-null, it also checks if the message has the
@ -128,10 +117,9 @@
  <refsect1>
    <title>Return Value</title>
-    <para>On success, these functions (except <function>sd_bus_message_get_error()</function> and
+    <para>On success, these functions return a non-negative integer. On failure, they return a negative
-    <function>sd_bus_message_get_creds()</function>) return a non-negative integer. On failure, they return a
+    errno-style error code. <function>sd_bus_message_get_errno()</function> always returns a non-negative
-    negative errno-style error code. <function>sd_bus_message_get_errno()</function> always returns a
+    integer, even on failure.</para>
    non-negative integer, even on failure.</para>
    <refsect2>
      <title>Errors</title>
--- a/man/sd_bus_message_open_container.xml
+++ b/man/sd_bus_message_open_container.xml
@ -1,165 +0,0 @@
 <?xml version='1.0'?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
 <!-- SPDX-License-Identifier: LGPL-2.1+ -->
 <refentry id="sd_bus_message_open_container"
          xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>sd_bus_message_open_container</title>
    <productname>systemd</productname>
  </refentryinfo>
  <refmeta>
    <refentrytitle>sd_bus_message_open_container</refentrytitle>
    <manvolnum>3</manvolnum>
  </refmeta>
  <refnamediv>
    <refname>sd_bus_message_open_container</refname>
    <refname>sd_bus_message_close_container</refname>
    <refname>sd_bus_message_enter_container</refname>
    <refname>sd_bus_message_exit_container</refname>
    <refpurpose>Create and move between containers in D-Bus messages</refpurpose>
  </refnamediv>
  <refsynopsisdiv>
    <funcsynopsis>
      <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
      <funcprototype>
        <funcdef>int sd_bus_message_open_container</funcdef>
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
        <paramdef>char <parameter>type</parameter></paramdef>
        <paramdef>const char *<parameter>contents</parameter></paramdef>
      </funcprototype>
      <funcprototype>
        <funcdef>int sd_bus_message_close_container</funcdef>
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
      </funcprototype>
      <funcprototype>
        <funcdef>int sd_bus_message_enter_container</funcdef>
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
        <paramdef>char <parameter>type</parameter></paramdef>
        <paramdef>const char *<parameter>contents</parameter></paramdef>
      </funcprototype>
      <funcprototype>
        <funcdef>int sd_bus_message_exit_container</funcdef>
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
      </funcprototype>
    </funcsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
    <para><function>sd_bus_message_open_container()</function> appends a new container to the message
    <parameter>m</parameter>. After opening a new container, it can be filled with content using
    <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    and similar functions. Containers behave like a stack. To nest containers inside each other, call
    <function>sd_bus_message_open_container()</function> multiple times without calling
    <function>sd_bus_message_close_container()</function> inbetween. Each container will be nested inside the
    previous container. <parameter>type</parameter> represents the container type and should be one of
    <literal>r</literal>, <literal>a</literal>, <literal>v</literal> or <literal>e</literal> as described in
    <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
    Instead of literals, the corresponding constants <constant>SD_BUS_TYPE_STRUCT</constant>,
    <constant>SD_BUS_TYPE_ARRAY</constant>, <constant>SD_BUS_TYPE_VARIANT</constant> or
    <constant>SD_BUS_TYPE_DICT_ENTRY</constant> can also be used. <parameter>contents</parameter> describes
    the type of the container's elements and should be a D-Bus type string following the rules described in
    <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
    </para>
    <para><function>sd_bus_message_close_container()</function> closes the last container opened with
    <function>sd_bus_message_open_container()</function>. On success, the write pointer of the message
    <parameter>m</parameter> is positioned after the closed container in its parent container or in
    <parameter>m</parameter> itself if there is no parent container.</para>
    <para><function>sd_bus_message_enter_container()</function> enters the next container of the message
    <parameter>m</parameter>. It behaves mostly the same as
    <function>sd_bus_message_open_container()</function>. Entering a container allows reading its contents
    with
    <citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    and similar functions. <parameter>type</parameter> and <parameter>contents</parameter> are the same as in
    <function>sd_bus_message_open_container()</function>.</para>
    <para><function>sd_bus_message_exit_container()</function> exits the scope of the last container entered
    with <function>sd_bus_message_enter_container()</function>. It behaves mostly the same as
    <function>sd_bus_message_close_container()</function>.</para>
  </refsect1>
  <refsect1>
    <title>Return Value</title>
    <para>On success, these functions return a non-negative integer. On failure, they return a negative
    errno-style error code.</para>
    <refsect2>
      <title>Errors</title>
      <para>Returned errors may indicate the following problems:</para>
      <variablelist>
        <varlistentry>
          <term><constant>-EINVAL</constant></term>
          <listitem><para><parameter>m</parameter> or <parameter>contents</parameter> are
          <constant>NULL</constant> or <parameter>type</parameter> is invalid.</para></listitem>
        </varlistentry>
        <varlistentry>
          <term><constant>-EPERM</constant></term>
          <listitem><para>The message <parameter>m</parameter> is already sealed.</para></listitem>
        </varlistentry>
        <varlistentry>
          <term><constant>-ESTALE</constant></term>
          <listitem><para>The message <parameter>m</parameter> is in an invalid state.</para></listitem>
        </varlistentry>
        <varlistentry>
          <term><constant>-ENOMEM</constant></term>
          <listitem><para>Memory allocation failed.</para></listitem>
        </varlistentry>
      </variablelist>
    </refsect2>
  </refsect1>
  <xi:include href="libsystemd-pkgconfig.xml" />
  <refsect1>
    <title>Examples</title>
    <example>
      <title>Append an array of strings to a message</title>
      <programlisting><xi:include href="sd-bus-container-append.c" parse="text" /></programlisting>
    </example>
    <example>
      <title>Read an array of strings from a message</title>
      <programlisting><xi:include href="sd-bus-container-read.c" parse="text" /></programlisting>
    </example>
  </refsect1>
  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_message_read</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <ulink url="https://dbus.freedesktop.org/doc/dbus-specification.html">The D-Bus specification</ulink>
    </para>
  </refsect1>
 </refentry>
--- a/man/sd_bus_message_read.xml
+++ b/man/sd_bus_message_read.xml
@ -19,7 +19,6 @@
  <refnamediv>
    <refname>sd_bus_message_read</refname>
    <refname>sd_bus_message_readv</refname>
    <refname>sd_bus_message_peek_type</refname>
    <refpurpose>Read a sequence of values from a message</refpurpose>
  </refnamediv>
@ -41,42 +40,38 @@
        <paramdef>const char *<parameter>types</parameter></paramdef>
        <paramdef>va_list <parameter>ap</parameter></paramdef>
      </funcprototype>
      <funcprototype>
        <funcdef>int <function>sd_bus_message_peek_type</function></funcdef>
        <paramdef>char *<parameter>type</parameter></paramdef>
        <paramdef>const char **<parameter>contents</parameter></paramdef>
      </funcprototype>
    </funcsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
-    <para><function>sd_bus_message_read()</function> reads a sequence of fields from the D-Bus message object
+    <para><function>sd_bus_message_read()</function> reads a sequence of fields from
-    <parameter>m</parameter> and advances the read position in the message. The type string
+    the D-Bus message object <parameter>m</parameter> and advances the read position
-    <parameter>types</parameter> describes the types of items expected in the message and the field arguments
+    in the message. The type string <parameter>types</parameter> describes the types
-    that follow. The type string may be <constant>NULL</constant> or empty, in which case nothing is read.
+    of items expected in the message and the field arguments that follow. The type
-    </para>
+    string may be <constant>NULL</constant> or empty, in which case nothing is
    read.</para>
    <para>The type string is composed of the elements described in
    <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-    i.e. basic and container types. It must contain zero or more single "complete types". The type string is
+    i.e. basic and container types. It must contain zero or more single "complete
-    <constant>NUL</constant>-terminated.</para>
+    types". The type string is <constant>NUL</constant>-terminated.</para>
-    <para>For each type specified in the type string, one or more arguments need to be specified after the
+    <para>For each type specified in the type string, one or more arguments need to be specified
-    <parameter>types</parameter> parameter, in the same order. The arguments must be pointers to appropriate
+    after the <parameter>types</parameter> parameter, in the same order. The arguments must be
-    types (a pointer to <type>int8_t</type> for a <literal>y</literal> in the type string, a pointer to
+    pointers to appropriate types (a pointer to <type>int8_t</type> for a <literal>y</literal> in
-    <type>int32_t</type> for an <literal>i</literal>, a pointer to <type>const char*</type> for an
+    the type string, a pointer to <type>int32_t</type> for an <literal>i</literal>, a pointer to
-    <literal>s</literal>, ...)  which are set based on the values in the message. As an exception, in case of
+    <type>const char*</type> for an <literal>s</literal>, ...)  which are set based on the values in
-    array and variant types, the first argument is an "input" argument that further specifies how the message
+    the message. As an exception, in case of array and variant types, the first argument is an
-    should be read. See the table below for a complete list of allowed arguments and their types. Note that,
+    "input" argument that further specifies how the message should be read. See the table below for
-    if the basic type is a pointer (e.g., <type>const char *</type> in the case of a string), the argument is
+    a complete list of allowed arguments and their types. Note that, if the basic type is a pointer
-    a pointer to a pointer, and also the pointer value that is written is only borrowed and the contents must
+    (e.g., <type>const char *</type> in the case of a string), the argument is a pointer to a
-    be copied if they are to be used after the end of the messages lifetime.</para>
+    pointer, and also the pointer value that is written is only borrowed and the contents must be
    copied if they are to be used after the end of the messages lifetime.</para>
-    <para>Each argument may also be <constant>NULL</constant>, in which case the value is read and ignored.
+    <para>Each argument may also be <constant>NULL</constant>, in which case the value is read and
-    </para>
+    ignored.</para>
    <table>
      <title>Item type specifiers</title>
@ -144,29 +139,24 @@
      </tgroup>
    </table>
-    <para>If objects of the specified types are not present at the current position in the message, an error
+    <para>If objects of the specified types are not present at the current position
-    is returned.</para>
+    in the message, an error is returned.
    </para>
    <para>The <function>sd_bus_message_readv()</function> is equivalent to the
-    <function>sd_bus_message_read()</function>, except that it is called with a <literal>va_list</literal>
+    <function>sd_bus_message_read()</function>, except that it is called with a
-    instead of a variable number of arguments. This function does not call the <function>va_end()</function>
+    <literal>va_list</literal> instead of a variable number of arguments. This
-    macro. Because it invokes the <function>va_arg()</function> macro, the value of <parameter>ap</parameter>
+    function does not call the <function>va_end()</function> macro. Because it
-    is undefined after the call.</para>
+    invokes the <function>va_arg()</function> macro, the value of
-
+    <parameter>ap</parameter> is undefined after the call.</para>
    <para><function>sd_bus_message_peek_type()</function> determines the type of the next element in
    <parameter>m</parameter> to be read by <function>sd_bus_message_read()</function> or similar functions.
    On success, the type is stored in <parameter>type</parameter>, if it is not <constant>NULL</constant>.
    If the type is a container type, the type of its elements is stored in <parameter>contents</parameter>,
    if it is not <constant>NULL</constant>. If this function successfully determines the type of the next
    element in <parameter>m</parameter>, it returns a positive integer. If there are no more elements to be
    read, it returns zero.</para>
  </refsect1>
  <refsect1>
    <title>Return Value</title>
-    <para>On success, these functions return a non-negative integer. On failure, they return a negative
+    <para>On success, <function>sd_bus_message_read()</function> and
-    errno-style error code.</para>
+    <function>sd_bus_message_readv()</function> return 0 or a positive integer. On failure, they return a
    negative errno-style error code.</para>
    <xi:include href="sd_bus_message_read_basic.xml" xpointer="errors" />
  </refsect1>
@ -238,8 +228,7 @@ sd_bus_message_read(m, "a{is}", 3, &amp;i, &amp;s, &amp;j, &amp;t, &amp;k, &amp;
      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_message_read_basic</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_message_skip</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>
      <citerefentry><refentrytitle>sd_bus_message_enter_container</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    </para>
  </refsect1>
--- a/man/sd_bus_send.xml
+++ b/man/sd_bus_send.xml
@ -18,7 +18,6 @@
  <refnamediv>
    <refname>sd_bus_send</refname>
    <refname>sd_bus_send_to</refname>
    <refpurpose>Queue a D-Bus message for transfer</refpurpose>
  </refnamediv>
@ -33,48 +32,35 @@
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
        <paramdef>uint64_t *<parameter>cookie</parameter></paramdef>
      </funcprototype>
      <funcprototype>
        <funcdef>int <function>sd_bus_send_to</function></funcdef>
        <paramdef>sd_bus *<parameter>bus</parameter></paramdef>
        <paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
        <paramdef>const char *<parameter>destination</parameter></paramdef>
        <paramdef>uint64_t *<parameter>cookie</parameter></paramdef>
      </funcprototype>
    </funcsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
-    <para><function>sd_bus_send()</function> queues the bus message object <parameter>m</parameter> for
+    <para><function>sd_bus_send()</function> queues the bus message object <parameter>m</parameter>
-    transfer. If <parameter>bus</parameter> is <constant>NULL</constant>, the bus that
+    for transfer. If <parameter>bus</parameter> is <constant>NULL</constant>, the bus that
-    <parameter>m</parameter> is attached to is used. <parameter>bus</parameter> only needs to be set when the
+    <parameter>m</parameter> is attached to is used. <parameter>bus</parameter> only needs to be set
-    message is sent to a different bus than the one it's attached to, for example when forwarding messages.
+    when the message is sent to a different bus than the one it's attached to, for example when
-    If the output parameter <parameter>cookie</parameter> is not <constant>NULL</constant>, it is set to the
+    forwarding messages. If the output parameter <parameter>cookie</parameter> is not
-    message identifier. This value can later be used to match incoming replies to their corresponding
+    <constant>NULL</constant>, it is set to the message identifier. This value can later be used to
-    messages. If <parameter>cookie</parameter> is set to <constant>NULL</constant> and the message is not
+    match incoming replies to their corresponding messages. If <parameter>cookie</parameter> is set
-    sealed, <function>sd_bus_send()</function> assumes the message <parameter>m</parameter> doesn't expect a
+    to <constant>NULL</constant> and the message is not sealed, <function>sd_bus_send()</function>
-    reply and adds the necessary headers to indicate this.</para>
+    assumes the message <parameter>m</parameter> doesn't expect a reply and adds the necessary
    headers to indicate this.</para>
    <para>Note that in most scenarios, <function>sd_bus_send()</function> should not be called
    directly. Instead, use higher level functions such as
    <citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry> and
    <citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    which call <function>sd_bus_send()</function> internally.</para>
    <para><function>sd_bus_send_to()</function> is a shorthand for sending a message to a specific
    destination. It's main use case is to simplify sending unicast signal messages (signals that only have a
    single receiver). It's behavior is similar to calling
    <citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    followed by calling <function>sd_bus_send()</function>.</para>
  </refsect1>
  <refsect1>
    <title>Return Value</title>
-    <para>On success, these functions return a non-negative integer. On failure, they return a negative
+    <para>On success, this function returns a non-negative integer. On failure, it returns a
-    errno-style error code.</para>
+    negative errno-style error code.</para>
    <refsect2 id='errors'>
      <title>Errors</title>
@ -99,8 +85,8 @@
        <varlistentry>
          <term><constant>-ECHILD</constant></term>
-          <listitem><para>The bus connection was allocated in a parent process and is being reused in a child
+          <listitem><para>The bus connection was allocated in a parent process and is being reused
-          process after <function>fork()</function>.</para></listitem>
+          in a child process after <function>fork()</function>.</para></listitem>
        </varlistentry>
        <varlistentry>
@ -142,7 +128,8 @@
      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_call_method</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_message_set_destination</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>sd_bus_reply_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_send_to</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    </para>
  </refsect1>
--- a/man/systemd-binfmt.service.xml
+++ b/man/systemd-binfmt.service.xml
@ -41,14 +41,6 @@
  <refsect1><title>Options</title>
    <variablelist>
      <varlistentry>
        <term><option>--unregister</option></term>
        <listitem><para>If passed, instead of registering configured binary formats in the kernel, the
        reverse operation is executed: all currently registered binary formats are unregistered from the
        kernel.</para></listitem>
      </varlistentry>
      <xi:include href="standard-options.xml" xpointer="cat-config" />
      <xi:include href="standard-options.xml" xpointer="no-pager" />
      <xi:include href="standard-options.xml" xpointer="help" />
--- a/man/systemd-resolved.service.xml
+++ b/man/systemd-resolved.service.xml
@ -69,7 +69,7 @@
    <filename>/etc/systemd/resolved.conf</filename>, the per-link static settings in
    <filename>/etc/systemd/network/*.network</filename> files (in case
    <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-    is used), the per-link dynamic settings received over DHCP, information provided via
+    is used), the per-link dynamic settings received over DHCP, user request made via
    <citerefentry><refentrytitle>resolvectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, and any
    DNS server information made available by other system services. See
    <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
@ -104,8 +104,6 @@
      <listitem><para>The mappings defined in <filename>/etc/hosts</filename> are resolved to their
      configured addresses and back, but they will not affect lookups for non-address types (like MX).
      Support for <filename>/etc/hosts</filename> may be disabled with <varname>ReadEtcHosts=no</varname>,
      see <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
      </para></listitem>
    </itemizedlist>
  </refsect1>
@ -113,48 +111,32 @@
  <refsect1>
    <title>Protocols and Routing</title>
-    <para>Lookup requests are routed to the available DNS servers, LLMNR, and MulticastDNS interfaces
+    <para>Lookup requests are routed to the available DNS servers, LLMNR and MulticastDNS interfaces
    according to the following rules:</para>
    <itemizedlist>
-      <listitem><para>Names for which synthetic records are generated (as listed in the previous section) are
+      <listitem><para>Lookups for the special hostname <literal>localhost</literal> are never routed to the
-      never routed to the network and a reply is sent immediately. In particular this means that lookups for
+      network. (A few other, special domains are handled the same way.)</para></listitem>
      <literal>localhost</literal> are never routed to the network.</para></listitem>
-      <listitem><para>Single-label names are routed to all local interfaces capable of IP multicasting, where
+      <listitem><para>Single-label names are routed to all local interfaces capable of IP multicasting, using
-      LLMNR is not disabled, using the LLMNR protocol. Lookups for IPv4 addresses are only sent via LLMNR on
+      the LLMNR protocol. Lookups for IPv4 addresses are only sent via LLMNR on IPv4, and lookups for IPv6
-      IPv4, and lookups for IPv6 addresses are only sent via LLMNR on IPv6. Lookups for the locally
+      addresses are only sent via LLMNR on IPv6. Lookups for the locally configured host name and the
-      configured hostname and the <literal>_gateway</literal> hostname are never routed to LLMNR.
+      <literal>_gateway</literal> host name are never routed to LLMNR.</para></listitem>
      </para></listitem>
      <listitem><para>Multi-label names with the domain suffix <literal>.local</literal> are routed to all
-      local interfaces capable of IP multicasting, where MulticastDNS is not disabled, using the MulticastDNS
+      local interfaces capable of IP multicasting, using the MulticastDNS protocol. As with LLMNR IPv4
-      protocol. As with LLMNR, IPv4 address lookups are sent via IPv4 and IPv6 address lookups are sent via
+      address lookups are sent via IPv4 and IPv6 address lookups are sent via IPv6.</para></listitem>
      IPv6.</para></listitem>
      <listitem><para>Resolution of address records (A and AAAA) via unicast DNS (i.e. not LLMNR or
      MulticastDNS) for non-synthesized single-label names is only allowed for non-top-level domains. This
      means that such records can only be resolved when search domains are defined. For any interface which
      defines search domains, such look-ups are routed to that interface, suffixed with each of the search
      domains defined on that interface in turn. When global search domains are defined, such look-ups are
      routed to all interfaces, suffixed by each of the global search domains in turn. The details of which
      servers are queried and how the final reply is chosen are described below. Note that this means that
      address queries for single-label names are never sent out to remote DNS servers, and if no search
      domains are defined, resolution will fail.</para></listitem>
      <listitem><para>Other multi-label names are routed to all local interfaces that have a DNS server
-      configured, plus the globally configured DNS servers if there are any. Note that by default, lookups for
+      configured, plus the globally configured DNS server if there is one. Address lookups from the
-      domains with the <literal>.local</literal> suffix are not routed to DNS servers, unless the domain is
+      link-local address range are never routed to DNS. Note that by default lookups for domains with the
-      specified explicitly as routing or search domain for the DNS server and interface. This means that on
+      <literal>.local</literal> suffix are not routed to DNS servers, unless the domain is specified
-      networks where the <literal>.local</literal> domain is defined in a site-specific DNS server, explicit
+      explicitly as routing or search domain for the DNS server and interface. This means that on networks
-      search or routing domains need to be configured to make lookups within this DNS domain work. Note that
+      where the <literal>.local</literal> domain is defined in a site-specific DNS server, explicit search or
-      these days, it's generally recommended to avoid defining <literal>.local</literal> in a DNS server, as
+      routing domains need to be configured to make lookups within this DNS domain work. Note that today it's
-      <ulink url="https://tools.ietf.org/html/rfc6762">RFC6762</ulink> reserves this domain for exclusive
+      generally recommended to avoid defining <literal>.local</literal> in a DNS server, as <ulink
      url="https://tools.ietf.org/html/rfc6762">RFC6762</ulink> reserves this domain for exclusive
      MulticastDNS use.</para></listitem>
      <listitem><para>Address lookups are routed similarly to multi-label names, with the exception that
      addresses from the link-local address range are never routed to unicast DNS and are only resolved using
      LLMNR and MulticastDNS (when enabled).</para></listitem>
    </itemizedlist>
    <para>If lookups are routed to multiple interfaces, the first successful response is returned (thus
@ -169,18 +151,12 @@
    <itemizedlist>
      <listitem><para>If a name to look up matches (that is: is equal to or has as suffix) any of the
-      configured search or route-only domains of any link (see
+      configured search or route-only domains of any link (or the globally configured DNS settings), the
      <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
      or the globally configured DNS settings (see the discussion of <varname>Domains=</varname> in
      <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
      "best matching" search/route-only domain is determined: the matching one with the most labels. The
      query is then sent to all DNS servers of any links or the globally configured DNS servers associated
      with this "best matching" search/route-only domain. (Note that more than one link might have this same
      "best matching" search/route-only domain configured, in which case the query is sent to all of them in
-      parallel).</para>
+      parallel).</para></listitem>
      <para>In case of single-label names, when search domains are defined, the same logic applies, except
      that the name is first suffixed by the search domain.</para></listitem>
      <listitem><para>If a query does not match any configured search/route-only domain (neither per-link nor
      global), it is sent to all DNS servers that are configured on links with the "DNS default route" option
@ -198,15 +174,14 @@
    configured DNS domains for a link: if there's any route-only domain (not matching <literal>~.</literal>)
    it defaults to false, otherwise to true.</para>
-    <para>Effectively this means: in order to support single-label non-synthetized names, define appropriate
+    <para>Effectively this means: in order to preferably route all DNS queries not explicitly matched by
-    search domains. In order to preferably route all DNS queries not explicitly matched by search/route-only
+    search/route-only domain configuration to a specific link, configure a <literal>~.</literal> route-only
-    domain configuration to a specific link, configure a <literal>~.</literal> route-only domain on it. This
+    domain on it. This will ensure that other links will not be considered for the queries (unless they too
-    will ensure that other links will not be considered for these queries (unless they too carry such a
+    carry such a route-only domain). In order to route all such DNS queries to a specific link only in case
-    route-only domain). In order to route all such DNS queries to a specific link only if no other link
+    no other link is preferable, then set the "DNS default route" option for the link to true, and do not
-    is preferable, set the "DNS default route" option for the link to true and do not configure a
+    configure a <literal>~.</literal> route-only domain on it. Finally, in order to ensure that a specific
-    <literal>~.</literal> route-only domain on it. Finally, in order to ensure that a specific link never
+    link never receives any DNS traffic not matching any of its configured search/route-only domains, set the
-    receives any DNS traffic not matching any of its configured search/route-only domains, set the "DNS
+    "DNS default route" option for it to false.</para>
    default route" option for it to false.</para>
    <para>See the <ulink url="https://www.freedesktop.org/wiki/Software/systemd/resolved">resolved D-Bus API
    Documentation</ulink> for information about the APIs <filename>systemd-resolved</filename> provides.
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@ -901,9 +901,9 @@ ssize_t receive_one_fd_iov(
         * combination with send_one_fd().
         */
-        k = recvmsg_safe(transport_fd, &mh, MSG_CMSG_CLOEXEC | flags);
+        k = recvmsg(transport_fd, &mh, MSG_CMSG_CLOEXEC | flags);
        if (k < 0)
-                return k;
+                return (ssize_t) -errno;
        CMSG_FOREACH(cmsg, &mh) {
                if (cmsg->cmsg_level == SOL_SOCKET &&
@ -915,13 +915,12 @@ ssize_t receive_one_fd_iov(
                }
        }
-        if (!found) {
+        if (!found)
                cmsg_close_all(&mh);
        /* If didn't receive an FD or any data, return an error. */
-                if (k == 0)
+        if (k == 0 && !found)
                return -EIO;
        }
        if (found)
                *ret_fd = *(int*) CMSG_DATA(found);
@ -1172,24 +1171,3 @@ int socket_bind_to_ifindex(int fd, int ifindex) {
        return socket_bind_to_ifname(fd, ifname);
 }
 ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags) {
        ssize_t n;
        /* A wrapper around recvmsg() that checks for MSG_CTRUNC, and turns it into an error, in a reasonably
         * safe way, closing any SCM_RIGHTS fds in the error path.
         *
         * Note that unlike our usual coding style this might modify *msg on failure. */
        n = recvmsg(sockfd, msg, flags);
        if (n < 0)
                return -errno;
        if (FLAGS_SET(msg->msg_flags, MSG_CTRUNC)) {
                cmsg_close_all(msg);
                return -EXFULL; /* a recognizable error code */
        }
        return n;
 }
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@ -199,5 +199,3 @@ static inline int setsockopt_int(int fd, int level, int optname, int value) {
 int socket_bind_to_ifname(int fd, const char *ifname);
 int socket_bind_to_ifindex(int fd, int ifindex);
 ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags);
--- a/src/binfmt/binfmt.c
+++ b/src/binfmt/binfmt.c
@ -10,7 +10,6 @@
 #include <sys/types.h>
 #include "alloc-util.h"
 #include "binfmt-util.h"
 #include "conf-files.h"
 #include "def.h"
 #include "fd-util.h"
@ -25,7 +24,6 @@
 static bool arg_cat_config = false;
 static PagerFlags arg_pager_flags = 0;
 static bool arg_unregister = false;
 static int delete_rule(const char *rule) {
        _cleanup_free_ char *x = NULL, *fn = NULL;
@ -34,17 +32,18 @@ static int delete_rule(const char *rule) {
        assert(rule);
        assert(rule[0]);
-        e = strchrnul(rule + 1, rule[0]);
+        x = strdup(rule);
        x = strndup(rule + 1, e - rule - 1);
        if (!x)
                return log_oom();
-        if (!filename_is_valid(x) ||
+        e = strchrnul(x+1, x[0]);
-            STR_IN_SET(x, "register", "status"))
+        *e = 0;
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Rule file name '%s' is not valid, refusing.", x);
-        fn = path_join("/proc/sys/fs/binfmt_misc", x);
+        if (!filename_is_valid(x + 1))
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Rule file name '%s' is not valid, refusing.", x + 1);
        fn = path_join("/proc/sys/fs/binfmt_misc", x+1);
        if (!fn)
                return log_oom();
@ -117,7 +116,6 @@ static int help(void) {
               "     --version          Show package version\n"
               "     --cat-config       Show configuration files\n"
               "     --no-pager         Do not pipe output into a pager\n"
               "     --unregister       Unregister all existing entries\n"
               "\nSee the %s for details.\n"
               , program_invocation_short_name
               , link
@ -131,7 +129,6 @@ static int parse_argv(int argc, char *argv[]) {
                ARG_VERSION = 0x100,
                ARG_CAT_CONFIG,
                ARG_NO_PAGER,
                ARG_UNREGISTER,
        };
        static const struct option options[] = {
@ -139,7 +136,6 @@ static int parse_argv(int argc, char *argv[]) {
                { "version",    no_argument, NULL, ARG_VERSION    },
                { "cat-config", no_argument, NULL, ARG_CAT_CONFIG },
                { "no-pager",   no_argument, NULL, ARG_NO_PAGER   },
                { "unregister", no_argument, NULL, ARG_UNREGISTER },
                {}
        };
@ -166,10 +162,6 @@ static int parse_argv(int argc, char *argv[]) {
                        arg_pager_flags |= PAGER_DISABLE;
                        break;
                case ARG_UNREGISTER:
                        arg_unregister = true;
                        break;
                case '?':
                        return -EINVAL;
@ -177,9 +169,9 @@ static int parse_argv(int argc, char *argv[]) {
                        assert_not_reached("Unhandled option");
                }
-        if ((arg_unregister || arg_cat_config) && argc > optind)
+        if (arg_cat_config && argc > optind)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Positional arguments are not allowed with --cat-config or --unregister");
+                                       "Positional arguments are not allowed with --cat-config");
        return 1;
 }
@ -197,9 +189,6 @@ static int run(int argc, char *argv[]) {
        r = 0;
        if (arg_unregister)
                return disable_binfmt();
        if (argc > optind) {
                int i;
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -1647,6 +1647,8 @@ static int apply_lock_personality(const Unit* u, const ExecContext *c) {
 #endif
 static int apply_protect_hostname(const Unit *u, const ExecContext *c, int *ret_exit_status) {
        int r;
        assert(u);
        assert(c);
@ -1666,8 +1668,6 @@ static int apply_protect_hostname(const Unit *u, const ExecContext *c, int *ret_
                log_unit_warning(u, "ProtectHostname=yes is configured, but the kernel does not support UTS namespaces, ignoring namespace setup.");
 #if HAVE_SECCOMP
        int r;
        if (skip_seccomp_unavailable(u, "ProtectHostname="))
                return 0;
--- a/src/core/manager.c
+++ b/src/core/manager.c
@ -2360,20 +2360,20 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
                return 0;
        }
-        n = recvmsg_safe(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC|MSG_TRUNC);
+        n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC|MSG_TRUNC);
-        if (IN_SET(n, -EAGAIN, -EINTR))
+        if (n < 0) {
                if (IN_SET(errno, EAGAIN, EINTR))
                        return 0; /* Spurious wakeup, try again */
-        if (n < 0)
+
-                /* If this is any other, real error, then let's stop processing this socket. This of course
+                /* If this is any other, real error, then let's stop processing this socket. This of course means we
-                 * means we won't take notification messages anymore, but that's still better than busy
+                 * won't take notification messages anymore, but that's still better than busy looping around this:
-                 * looping around this: being woken up over and over again but being unable to actually read
+                 * being woken up over and over again but being unable to actually read the message off the socket. */
-                 * the message off the socket. */
+                return log_error_errno(errno, "Failed to receive notification message: %m");
-                return log_error_errno(n, "Failed to receive notification message: %m");
+        }
        CMSG_FOREACH(cmsg, &msghdr) {
                if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
                        assert(!fd_array);
                        fd_array = (int*) CMSG_DATA(cmsg);
                        n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
@ -2381,7 +2381,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
                           cmsg->cmsg_type == SCM_CREDENTIALS &&
                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
                        assert(!ucred);
                        ucred = (struct ucred*) CMSG_DATA(cmsg);
                }
        }
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@ -911,10 +911,10 @@ static int process_socket(int fd) {
                mh.msg_iov = &iovec;
-                n = recvmsg_safe(fd, &mh, MSG_CMSG_CLOEXEC);
+                n = recvmsg(fd, &mh, MSG_CMSG_CLOEXEC);
                if (n < 0)  {
                        free(iovec.iov_base);
-                        r = log_error_errno(n, "Failed to receive datagram: %m");
+                        r = log_error_errno(errno, "Failed to receive datagram: %m");
                        goto finish;
                }
@ -935,17 +935,15 @@ static int process_socket(int fd) {
                        }
                        if (!found) {
-                                cmsg_close_all(&mh);
+                                log_error("Coredump file descriptor missing.");
-                                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
+                                r = -EBADMSG;
                                                    "Coredump file descriptor missing.");
                                goto finish;
                        }
                        assert(input_fd < 0);
                        input_fd = *(int*) CMSG_DATA(found);
                        break;
-                } else
+                }
                        cmsg_close_all(&mh);
                /* Add trailing NUL byte, in case these are strings */
                ((char*) iovec.iov_base)[n] = 0;
@ -954,6 +952,8 @@ static int process_socket(int fd) {
                r = iovw_put(&iovw, iovec.iov_base, iovec.iov_len);
                if (r < 0)
                        goto finish;
                cmsg_close_all(&mh);
        }
        /* Make sure we got all data we really need */
--- a/src/home/homed-manager.c
+++ b/src/home/homed-manager.c
@ -981,9 +981,9 @@ static ssize_t read_datagram(int fd, struct ucred *ret_sender, void **ret) {
                        .msg_controllen = sizeof(control),
                };
-                m = recvmsg_safe(fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+                m = recvmsg(fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
                if (m < 0)
-                        return m;
+                        return -errno;
                cmsg_close_all(&mh);
--- a/src/home/pwquality-util.c
+++ b/src/home/pwquality-util.c
@ -148,7 +148,7 @@ int suggest_passwords(void) {
        pwquality_maybe_disable_dictionary(pwq);
-        suggestions = new0(char*, N_SUGGESTIONS+1);
+        suggestions = new0(char*, N_SUGGESTIONS);
        if (!suggestions)
                return log_oom();
--- a/src/import/importd.c
+++ b/src/import/importd.c
@ -566,11 +566,13 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void
        ssize_t n;
        int r;
-        n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (IN_SET(n, -EAGAIN, -EINTR))
+        if (n < 0) {
                if (IN_SET(errno, EAGAIN, EINTR))
                        return 0;
-        if (n < 0)
+
-                return (int) n;
+                return -errno;
        }
        cmsg_close_all(&msghdr);
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@ -1317,35 +1317,29 @@ int server_process_datagram(
        iovec = IOVEC_MAKE(s->buffer, s->buffer_size - 1); /* Leave room for trailing NUL we add later */
-        n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (IN_SET(n, -EINTR, -EAGAIN))
+        if (n < 0) {
-                return 0;
+                if (IN_SET(errno, EINTR, EAGAIN))
        if (n == -EXFULL) {
                log_warning("Got message with truncated control data (too many fds sent?), ignoring.");
                        return 0;
                return log_error_errno(errno, "recvmsg() failed: %m");
        }
        if (n < 0)
                return log_error_errno(n, "recvmsg() failed: %m");
        CMSG_FOREACH(cmsg, &msghdr)
                if (cmsg->cmsg_level == SOL_SOCKET &&
                    cmsg->cmsg_type == SCM_CREDENTIALS &&
-                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
+                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
                        assert(!ucred);
                        ucred = (struct ucred*) CMSG_DATA(cmsg);
-                } else if (cmsg->cmsg_level == SOL_SOCKET &&
+                else if (cmsg->cmsg_level == SOL_SOCKET &&
                         cmsg->cmsg_type == SCM_SECURITY) {
                        assert(!label);
                        label = (char*) CMSG_DATA(cmsg);
                        label_len = cmsg->cmsg_len - CMSG_LEN(0);
                } else if (cmsg->cmsg_level == SOL_SOCKET &&
                           cmsg->cmsg_type == SO_TIMESTAMP &&
-                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) {
+                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
                        assert(!tv);
                        tv = (struct timeval*) CMSG_DATA(cmsg);
-                } else if (cmsg->cmsg_level == SOL_SOCKET &&
+                else if (cmsg->cmsg_level == SOL_SOCKET &&
                         cmsg->cmsg_type == SCM_RIGHTS) {
                        assert(!fds);
                        fds = (int*) CMSG_DATA(cmsg);
                        n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
                }
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@ -545,7 +545,6 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents,
                if (cmsg->cmsg_level == SOL_SOCKET &&
                    cmsg->cmsg_type == SCM_CREDENTIALS &&
                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
                        assert(!ucred);
                        ucred = (struct ucred *)CMSG_DATA(cmsg);
                        break;
                }
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@ -557,24 +557,17 @@ static int bus_socket_read_auth(sd_bus *b) {
                mh.msg_control = &control;
                mh.msg_controllen = sizeof(control);
-                k = recvmsg_safe(b->input_fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+                k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-                if (k == -ENOTSOCK) {
+                if (k < 0 && errno == ENOTSOCK) {
                        b->prefer_readv = true;
                        k = readv(b->input_fd, &iov, 1);
                        if (k < 0)
                                k = -errno;
                } else
                        handle_cmsg = true;
        }
        if (k == -EAGAIN)
                return 0;
        if (k < 0)
-                return (int) k;
+                return errno == EAGAIN ? 0 : -errno;
-        if (k == 0) {
+        if (k == 0)
                if (handle_cmsg)
                        cmsg_close_all(&mh); /* paranoia, we shouldn't have gotten any fds on EOF */
                return -ECONNRESET;
        }
        b->rbuffer_size += k;
@ -1200,24 +1193,17 @@ int bus_socket_read_message(sd_bus *bus) {
                mh.msg_control = &control;
                mh.msg_controllen = sizeof(control);
-                k = recvmsg_safe(bus->input_fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+                k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-                if (k == -ENOTSOCK) {
+                if (k < 0 && errno == ENOTSOCK) {
                        bus->prefer_readv = true;
                        k = readv(bus->input_fd, &iov, 1);
                        if (k < 0)
                                k = -errno;
                } else
                        handle_cmsg = true;
        }
        if (k == -EAGAIN)
                return 0;
        if (k < 0)
-                return (int) k;
+                return errno == EAGAIN ? 0 : -errno;
-        if (k == 0) {
+        if (k == 0)
                if (handle_cmsg)
                        cmsg_close_all(&mh); /* On EOF we shouldn't have gotten an fd, but let's make sure */
                return -ECONNRESET;
        }
        bus->rbuffer_size += k;
--- a/src/network/networkd-lldp-rx.c
+++ b/src/network/networkd-lldp-rx.c
@ -12,7 +12,6 @@
 #include "networkd-network.h"
 #include "string-table.h"
 #include "string-util.h"
 #include "strv.h"
 #include "tmpfile-util.h"
 DEFINE_CONFIG_PARSE_ENUM(config_parse_lldp_mode, lldp_mode, LLDPMode, "Failed to parse LLDP= setting.");
@ -37,10 +36,10 @@ bool link_lldp_rx_enabled(Link *link) {
        if (!link->network)
                return false;
-        /* LLDP should be handled on bridge and bond slaves as those have a direct connection to their peers,
+        /* LLDP should be handled on bridge slaves as those have a direct
-         * not on the bridge/bond master. Linux doesn't even (by default) forward lldp packets to the bridge
+         * connection to their peers not on the bridge master. Linux doesn't
-         * master.*/
+         * even (by default) forward lldp packets to the bridge master.*/
-        if (link->kind && STR_IN_SET(link->kind, "bridge", "bond"))
+        if (streq_ptr("bridge", link->kind))
                return false;
        return link->network->lldp_mode != LLDP_MODE_NO;
--- a/src/network/networkd-lldp-tx.c
+++ b/src/network/networkd-lldp-tx.c
@ -6,8 +6,8 @@
 #include <net/if_arp.h>
 #include "alloc-util.h"
 #include "env-file.h"
 #include "escape.h"
 #include "env-file.h"
 #include "fd-util.h"
 #include "hostname-util.h"
 #include "missing_network.h"
@ -18,7 +18,6 @@
 #include "random-util.h"
 #include "socket-util.h"
 #include "string-util.h"
 #include "strv.h"
 #include "unaligned.h"
 #include "web-util.h"
@ -55,9 +54,6 @@ bool link_lldp_emit_enabled(Link *link) {
        if (!link->network)
                return false;
        if (link->kind && STR_IN_SET(link->kind, "bridge", "bond"))
                return false;
        return link->network->lldp_emit != LLDP_EMIT_NO;
 }
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@ -3713,12 +3713,13 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
                return 0;
        }
-        n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (IN_SET(n, -EAGAIN, -EINTR))
+        if (n < 0) {
                if (IN_SET(errno, EAGAIN, EINTR))
                        return 0;
        if (n < 0)
                return log_warning_errno(n, "Couldn't read notification socket: %m");
                return log_warning_errno(errno, "Couldn't read notification socket: %m");
        }
        cmsg_close_all(&msghdr);
        CMSG_FOREACH(cmsg, &msghdr) {
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@ -310,12 +310,7 @@ enum nss_status _nss_systemd_setpwent(int stayopen) {
        getpwent_data.iterator = userdb_iterator_free(getpwent_data.iterator);
        getpwent_data.by_membership = false;
-        /* Don't synthesize root/nobody when iterating. Let nss-files take care of that. If the two records
+        r = userdb_all(nss_glue_userdb_flags(), &getpwent_data.iterator);
         * are missing there, then that's fine, after all getpwent() is known to be possibly incomplete
         * (think: LDAP/NIS type situations), and our synthesizing of root/nobody is a robustness fallback
         * only, which matters for getpwnam()/getpwuid() primarily, which are the main NSS entrypoints to the
         * user database. */
        r = userdb_all(nss_glue_userdb_flags() | USERDB_DONT_SYNTHESIZE, &getpwent_data.iterator);
        return r < 0 ? NSS_STATUS_UNAVAIL : NSS_STATUS_SUCCESS;
 }
@ -334,8 +329,7 @@ enum nss_status _nss_systemd_setgrent(int stayopen) {
        getgrent_data.iterator = userdb_iterator_free(getgrent_data.iterator);
        getpwent_data.by_membership = false;
-        /* See _nss_systemd_setpwent() for an explanation why we use USERDB_DONT_SYNTHESIZE here */
+        r = groupdb_all(nss_glue_userdb_flags(), &getgrent_data.iterator);
        r = groupdb_all(nss_glue_userdb_flags() | USERDB_DONT_SYNTHESIZE, &getgrent_data.iterator);
        return r < 0 ? NSS_STATUS_UNAVAIL : NSS_STATUS_SUCCESS;
 }
--- a/src/portable/portable.c
+++ b/src/portable/portable.c
@ -190,9 +190,9 @@ static int recv_item(
        assert(ret_name);
        assert(ret_fd);
-        n = recvmsg_safe(socket_fd, &mh, MSG_CMSG_CLOEXEC);
+        n = recvmsg(socket_fd, &mh, MSG_CMSG_CLOEXEC);
        if (n < 0)
-                return (int) n;
+                return -errno;
        CMSG_FOREACH(cmsg, &mh) {
                if (cmsg->cmsg_level == SOL_SOCKET &&
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@ -775,14 +775,17 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
        iov = IOVEC_MAKE(DNS_PACKET_DATA(p), p->allocated);
-        l = recvmsg_safe(fd, &mh, 0);
+        l = recvmsg(fd, &mh, 0);
-        if (IN_SET(l, -EAGAIN, -EINTR))
+        if (l < 0) {
                if (IN_SET(errno, EAGAIN, EINTR))
                        return 0;
-        if (l < 0)
+
-                return l;
+                return -errno;
        }
        if (l == 0)
                return 0;
        assert(!(mh.msg_flags & MSG_CTRUNC));
        assert(!(mh.msg_flags & MSG_TRUNC));
        p->size = (size_t) l;
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@ -925,11 +925,12 @@ int ask_password_agent(
                msghdr.msg_control = &control;
                msghdr.msg_controllen = sizeof(control);
-                n = recvmsg_safe(socket_fd, &msghdr, 0);
+                n = recvmsg(socket_fd, &msghdr, 0);
                if (IN_SET(n, -EAGAIN, -EINTR))
                        continue;
                if (n < 0) {
-                        r = (int) n;
+                        if (IN_SET(errno, EAGAIN, EINTR))
                                continue;
                        r = -errno;
                        goto finish;
                }
--- a/src/shared/binfmt-util.c
+++ b/src/shared/binfmt-util.c
@ -1,33 +0,0 @@
 #include <sys/stat.h>
 #include <sys/statvfs.h>
 #include <sys/vfs.h>
 #include "binfmt-util.h"
 #include "fileio.h"
 #include "missing_magic.h"
 #include "stat-util.h"
 int disable_binfmt(void) {
        int r;
        /* Flush out all rules. This is important during shutdown to cover for rules using "F", since those
         * might pin a file and thus block us from unmounting stuff cleanly.
         *
         * We are a bit careful here, since binfmt_misc might still be an autofs which we don't want to
         * trigger. */
        r = path_is_fs_type("/proc/sys/fs/binfmt_misc", BINFMTFS_MAGIC);
        if (r == 0 || r == -ENOENT) {
                log_debug("binfmt_misc is not mounted, not detaching entries.");
                return 0;
        }
        if (r < 0)
                return log_warning_errno(r, "Failed to determine whether binfmt_misc is mounted: %m");
        r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
        if (r < 0)
                return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m");
        log_debug("Unregistered all remaining binfmt_misc entries.");
        return 0;
 }
--- a/src/shared/binfmt-util.h
+++ b/src/shared/binfmt-util.h
@ -1,4 +0,0 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 #pragma once
 int disable_binfmt(void);
--- a/src/shared/bus-wait-for-units.c
+++ b/src/shared/bus-wait-for-units.c
@ -80,15 +80,6 @@ static WaitForItem *wait_for_item_free(WaitForItem *item) {
 DEFINE_TRIVIAL_CLEANUP_FUNC(WaitForItem*, wait_for_item_free);
 static void call_unit_callback_and_wait(BusWaitForUnits *d, WaitForItem *item, bool good) {
        d->current = item;
        if (item->unit_callback)
                item->unit_callback(d, item->bus_path, good, item->userdata);
        wait_for_item_free(item);
 }
 static void bus_wait_for_units_clear(BusWaitForUnits *d) {
        WaitForItem *item;
@ -97,8 +88,13 @@ static void bus_wait_for_units_clear(BusWaitForUnits *d) {
        d->slot_disconnected = sd_bus_slot_unref(d->slot_disconnected);
        d->bus = sd_bus_unref(d->bus);
-        while ((item = hashmap_first(d->items)))
+        while ((item = hashmap_first(d->items))) {
-                call_unit_callback_and_wait(d, item, false);
+                d->current = item;
                if (item->unit_callback)
                        item->unit_callback(d, item->bus_path, false, item->userdata);
                wait_for_item_free(item);
        }
        d->items = hashmap_free(d->items);
 }
@ -217,7 +213,13 @@ static void wait_for_item_check_ready(WaitForItem *item) {
                        return;
        }
-        call_unit_callback_and_wait(d, item, true);
+        if (item->unit_callback) {
                d->current = item;
                item->unit_callback(d, item->bus_path, true, item->userdata);
        }
        wait_for_item_free(item);
        bus_wait_for_units_check_ready(d);
 }
@ -302,7 +304,10 @@ static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error
                log_debug_errno(sd_bus_error_get_errno(error), "GetAll() failed for %s: %s",
                                item->bus_path, error->message);
-                call_unit_callback_and_wait(d, item, false);
+                d->current = item;
                item->unit_callback(d, item->bus_path, false, item->userdata);
                wait_for_item_free(item);
                bus_wait_for_units_check_ready(d);
                return 0;
        }
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@ -12,8 +12,6 @@ shared_sources = files('''
        barrier.h
        base-filesystem.c
        base-filesystem.h
        binfmt-util.c
        binfmt-util.h
        bitmap.c
        bitmap.h
        blkid-util.h
--- a/src/shutdown/shutdown.c
+++ b/src/shutdown/shutdown.c
@ -16,7 +16,6 @@
 #include "alloc-util.h"
 #include "async.h"
 #include "binfmt-util.h"
 #include "cgroup-setup.h"
 #include "cgroup-util.h"
 #include "def.h"
@ -387,7 +386,6 @@ int main(int argc, char *argv[]) {
                sync_with_progress();
        disable_coredumps();
        disable_binfmt();
        log_info("Sending SIGTERM to remaining processes...");
        broadcast_signal(SIGTERM, true, true, arg_timeout);
--- a/src/timesync/timesyncd-manager.c
+++ b/src/timesync/timesyncd-manager.c
@ -438,11 +438,12 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re
                return manager_connect(m);
        }
-        len = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT);
+        len = recvmsg(fd, &msghdr, MSG_DONTWAIT);
        if (len == -EAGAIN)
                return 0;
        if (len < 0) {
-                log_warning_errno(len, "Error receiving message, disconnecting: %m");
+                if (errno == EAGAIN)
                        return 0;
                log_warning("Error receiving message. Disconnecting.");
                return manager_connect(m);
        }
--- a/src/udev/udev-ctrl.c
+++ b/src/udev/udev-ctrl.c
@ -212,11 +212,13 @@ static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32
        if (size == 0)
                return 0; /* Client disconnects? */
-        size = recvmsg_safe(fd, &smsg, 0);
+        size = recvmsg(fd, &smsg, 0);
-        if (size == -EINTR)
+        if (size < 0) {
                if (errno != EINTR)
                        return log_error_errno(errno, "Failed to receive ctrl message: %m");
                return 0;
-        if (size < 0)
+        }
                return log_error_errno(size, "Failed to receive ctrl message: %m");
        cmsg_close_all(&smsg);
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@ -1092,9 +1092,7 @@ static int rule_add_line(UdevRules *rules, const char *line_str, unsigned line_n
        if (isempty(line_str))
                return 0;
-        /* We use memdup_suffix0() here, since we want to add a second NUL byte to the end, since possibly
+        line = strdup(line_str);
         * some parsers might turn this into a "nulstr", which requires an extra NUL at the end. */
        line = memdup_suffix0(line_str, strlen(line_str) + 1);
        if (!line)
                return log_oom();
@ -1330,7 +1328,11 @@ static bool token_match_string(UdevRuleToken *token, const char *str) {
                match = isempty(str);
                break;
        case MATCH_TYPE_SUBSYSTEM:
-                match = STR_IN_SET(str, "subsystem", "class", "bus");
+                NULSTR_FOREACH(i, "subsystem\0class\0bus\0")
                        if (streq(i, str)) {
                                match = true;
                                break;
                        }
                break;
        case MATCH_TYPE_PLAIN_WITH_EMPTY:
                if (isempty(str)) {
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@ -921,18 +921,16 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat
                struct ucred *ucred = NULL;
                struct worker *worker;
-                size = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT);
+                size = recvmsg(fd, &msghdr, MSG_DONTWAIT);
-                if (size == -EINTR)
+                if (size < 0) {
                        if (errno == EINTR)
                                continue;
-                if (size == -EAGAIN)
+                        else if (errno == EAGAIN)
                                /* nothing more to read */
                                break;
                if (size < 0)
                        return log_error_errno(size, "Failed to receive message: %m");
-                cmsg_close_all(&msghdr);
+                        return log_error_errno(errno, "Failed to receive message: %m");
-
+                } else if (size != sizeof(struct worker_message)) {
                if (size != sizeof(struct worker_message)) {
                        log_warning("Ignoring worker message with invalid size %zi bytes", size);
                        continue;
                }
--- a/units/systemd-binfmt.service.in
+++ b/units/systemd-binfmt.service.in
@ -28,5 +28,4 @@ ConditionDirectoryNotEmpty=|/run/binfmt.d
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=@rootlibexecdir@/systemd-binfmt
 ExecStop=@rootlibexecdir@/systemd-binfmt --unregister
 TimeoutSec=90s