Merge f0a31c0d30 into ae04218383

hwdb: add G-Mode key support (#37175 )
Add G-Mode key, usually Fn+F9. Closes #30824
2025-04-18 16:51:59 +08:00 · 2025-04-18 17:43:26 +09:00 · 2025-04-18 17:40:51 +09:00 · 2025-04-18 09:03:33 +02:00 · 2025-04-18 08:48:08 +02:00 · 2025-04-18 09:36:29 +09:00
194 changed files with 1577 additions and 3212 deletions
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@ -25,7 +25,7 @@ jobs:

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@7e4ec15aee6b98300b2ee14265bc647a716a9f8a
+      - uses: systemd/mkosi@dbb4020beee2cdf250f93a425794f1cf8b0fe693

      # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
      # immediately, we remove the files in the background. However, we first move them to a different location
@ -90,7 +90,6 @@ jobs:
          sudo mkosi sandbox -- \
            meson setup \
            --buildtype=debugoptimized \
-            -Dintegration-tests=true \
            build

      - name: Build image
@ -120,7 +119,8 @@ jobs:
            meson test \
            -C build \
            --no-rebuild \
-            --suite integration-tests \
+            --setup=integration \
+            --suite=integration-tests \
            --print-errorlogs \
            --no-stdsplit \
            --num-processes "$(($(nproc) - 1))" \
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@ -120,7 +120,7 @@ jobs:

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@7e4ec15aee6b98300b2ee14265bc647a716a9f8a
+      - uses: systemd/mkosi@dbb4020beee2cdf250f93a425794f1cf8b0fe693

      # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
      # immediately, we remove the files in the background. However, we first move them to a different location
@ -197,7 +197,6 @@ jobs:
          sudo mkosi sandbox -- \
            meson setup \
            --buildtype=debugoptimized \
-            -Dintegration-tests=true \
            -Dbpf-framework=disabled \
            build

@ -233,7 +232,8 @@ jobs:
            meson test \
            -C build \
            --no-rebuild \
-            --suite integration-tests \
+            --setup=integration \
+            --suite=integration-tests \
            --print-errorlogs \
            --no-stdsplit \
            --num-processes "$(($(nproc) - 1))" \
--- a/3
+++ b/3
@ -96,6 +96,9 @@ CHANGES WITH 258 in spe:
          continue to work, update to xf86-input-evdev >= 2.11.0 and
          xf86-input-libinput >= 1.5.0 before updating to systemd >= 258.

+        * The meson option 'integration-tests' has been deprecated, and will be
+          removed in a future release.
+
        — <place>, <date>

 CHANGES WITH 257:
--- a/7
+++ b/7
@ -128,6 +128,13 @@ Deprecations and removals:

 Features:

+* loginctl: show argv[] of "leader" process in tabular list-sessions output
+
+* loginctl: show "service identifier" in tabular list-sessions output, to make
+  run0 sessions easily visible.
+
+* run0: maybe enable utmp for run0 sessions, so that they are easily visible.
+
 * maybe replace nss-machines with logic in networkd that registers records with
  systemd-resolved, based on DHCP leases, so that we gain compat with VMs.
  Implementation idea: encode in an ifaltname the intended local name to expose this
--- a/docs/TESTING_WITH_SANITIZERS.md
+++ b/docs/TESTING_WITH_SANITIZERS.md
@ -18,7 +18,7 @@ compiler you want to use and which part of the test suite you want to run.
 To build with sanitizers in mkosi, create a file `mkosi/mkosi.local.conf` and add the following contents:

 ```
-[Content]
+[Build]
 Environment=SANITIZERS=address,undefined
 ```

--- a/hwdb.d/60-keyboard.hwdb
+++ b/hwdb.d/60-keyboard.hwdb
@ -383,6 +383,7 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:3:dmi:bvn*:bvr*:bd*:svncube:pni1-T
 ###########################################################

 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pn*:*
+ KEYBOARD_KEY_68=prog2                                  # G-Mode (Dell-specific)
 KEYBOARD_KEY_81=playpause                              # Play/Pause
 KEYBOARD_KEY_82=stopcd                                 # Stop
 KEYBOARD_KEY_83=previoussong                           # Previous song
--- a/man/bootctl.xml
+++ b/man/bootctl.xml
@ -398,10 +398,12 @@
      </varlistentry>

      <varlistentry>
-        <term><option>--no-variables</option></term>
-        <listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para>
+        <term><option>--variables=yes|no</option></term>
+        <listitem><para>Controls whether to touch the firmware's boot loader list stored in EFI variables,
+        and other EFI variables. If not specified defaults to no when execution in a container runtime is
+        detected, yes otherwise.</para>

-        <xi:include href="version-info.xml" xpointer="v220"/></listitem>
+        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
      </varlistentry>

      <varlistentry>
--- a/man/importctl.xml
+++ b/man/importctl.xml
@ -182,11 +182,12 @@
        archive, possibly compressed with
        <citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        <citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        <citerefentry project='die-net'><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        or
        <citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        It will then be unpacked into its own
        subvolume/directory. When <command>import-raw</command> is used, the file should be a qcow2 or raw
-        disk image, possibly compressed with xz, gzip or bzip2. If the second argument (the resulting image
+        disk image, possibly compressed with xz, gzip, zstd or bzip2. If the second argument (the resulting image
        name) is not specified, it is automatically derived from the file name. If the filename is passed as
        <literal>-</literal>, the image is read from standard input, in which case the second argument is
        mandatory.</para>
@ -222,6 +223,8 @@
        <citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        if it ends in <literal>.xz</literal>, with
        <citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        if it ends in <literal>.zst</literal>, with
+        <citerefentry project='die-net'><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        and if it ends in <literal>.bz2</literal>, with
        <citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        If the path ends in neither, the file is left uncompressed. If the second argument is missing, the image
@ -315,8 +318,8 @@
        <listitem><para>When used with the <option>export-tar</option> or <option>export-raw</option>
        commands, specifies the compression format to use for the resulting file. Takes one of
        <literal>uncompressed</literal>, <literal>xz</literal>, <literal>gzip</literal>,
-        <literal>bzip2</literal>. By default, the format is determined automatically from the output image
-        file name passed.</para>
+        <literal>zst</literal>, <literal>bzip2</literal>. By default, the format is determined
+        automatically from the output image file name passed.</para>

        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
      </varlistentry>
@ -450,6 +453,7 @@
      <member><citerefentry project='die-net'><refentrytitle>tar</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+      <member><citerefentry project='die-net'><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
    </simplelist></para>
  </refsect1>
--- a/man/machine-info.xml
+++ b/man/machine-info.xml
@ -154,6 +154,33 @@

        <xi:include href="version-info.xml" xpointer="v251"/></listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term><varname>HARDWARE_FAMILY=</varname></term>
+
+        <listitem><para>Specifies the hardware family. If unspecified, the hardware family set in DMI
+        will be used.</para>
+
+        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>HARDWARE_SKU=</varname></term>
+
+        <listitem><para>Specifies the hardware SKU (Stock-Keeping Unit). If unspecified, the hardware
+        SKU set in DMI will be used.</para>
+
+        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>HARDWARE_VERSION=</varname></term>
+
+        <listitem><para>Specifies the hardware version. If unspecified, the hardware version set in DMI
+        will be used.</para>
+
+        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+      </varlistentry>
    </variablelist>
  </refsect1>

--- a/man/machinectl.xml
+++ b/man/machinectl.xml
@ -872,6 +872,7 @@
      <member><citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+      <member><citerefentry project='die-net'><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
    </simplelist></para>
  </refsect1>

--- a/man/org.freedesktop.hostname1.xml
+++ b/man/org.freedesktop.hostname1.xml
@ -107,6 +107,12 @@ node /org/freedesktop/hostname1 {
      readonly u VSockCID = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly s ChassisAssetTag = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly s HardwareFamily = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly s HardwareSKU = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly s HardwareVersion = '...';
  };
  interface org.freedesktop.DBus.Peer { ... };
  interface org.freedesktop.DBus.Introspectable { ... };
@ -194,6 +200,12 @@ node /org/freedesktop/hostname1 {

    <variablelist class="dbus-property" generated="True" extra-ref="ChassisAssetTag"/>

+    <variablelist class="dbus-property" generated="True" extra-ref="HardwareFamily"/>
+
+    <variablelist class="dbus-property" generated="True" extra-ref="HardwareSKU"/>
+
+    <variablelist class="dbus-property" generated="True" extra-ref="HardwareVersion"/>
+
    <!--End of Autogenerated section-->

    <para>Whenever the hostname or other metadata is changed via the daemon,
@ -306,9 +318,10 @@ node /org/freedesktop/hostname1 {
    to the <varname>IMAGE_ID=</varname> and <varname>IMAGE_VERSION=</varname> fields of the
    <filename>os-release</filename> file.</para>

-    <para><varname>HardwareVendor</varname> and <varname>HardwareModel</varname> expose information about the
-    vendor of the hardware of the system. If no such information can be determined these properties are set
-    to empty strings.</para>
+    <para><varname>HardwareVendor</varname>, <varname>HardwareModel</varname>,
+    <varname>HardwareFamily</varname>, <varname>HardwareSKU</varname> and <varname>HardwareVersion</varname>
+    expose information about the vendor of the hardware of the system. If no such information can be
+    determined these properties are set to empty strings.</para>

    <para><varname>FirmwareVersion</varname> and <varname>FirmwareVendor</varname> expose information about
    the system's firmware, i.e. a version string and a vendor name. If no such information can be determined
@ -475,6 +488,9 @@ node /org/freedesktop/hostname1 {
      <varname>VSockCID</varname> were added in version 256.</para>
      <para><varname>ChassisAssetTag</varname>, <varname>OperatingSystemImageID</varname> and
      <varname>OperatingSystemImageVersion</varname> were added in version 258.</para>
+      <para><varname>HardwareFamily</varname>,
+      <varname>HardwareSKU</varname>, and
+      <varname>HardwareVersion</varname> were added in version v258.</para>
    </refsect2>
  </refsect1>

--- a/man/org.freedesktop.import1.xml
+++ b/man/org.freedesktop.import1.xml
@ -214,12 +214,13 @@ node /org/freedesktop/import1 {
      to the tar or raw file to import. It should reference a file on disk, a pipe or a socket. When
      <function>ImportTar()</function>/<function>ImportTarEx()</function> is used the file descriptor should
      refer to a tar file, optionally compressed with <citerefentry project="die-net"><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry project="die-net"><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project="die-net"><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>, or
      <citerefentry project="die-net"><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
      <command>systemd-importd</command> will detect the used compression scheme (if any) automatically. When
      <function>ImportRaw()</function>/<function>ImportRawEx()</function> is used the file descriptor should
      refer to a raw or qcow2 disk image containing an MBR or GPT disk label, also optionally compressed with
-      gzip, bzip2 or xz. In either case, if the file is specified as a file descriptor on disk, progress
+      gzip, zstd, bzip2 or xz. In either case, if the file is specified as a file descriptor on disk, progress
      information is generated for the import operation (as in that case we know the total size on disk). If
      a socket or pipe is specified, progress information is not available. The file descriptor argument is
      followed by a local name for the image. This should be a name suitable as a hostname and will be used
@ -250,9 +251,9 @@ node /org/freedesktop/import1 {
      name to export as their first parameter, followed by a file descriptor (opened for writing) where the
      tar or raw file will be written. It may either reference a file on disk or a pipe/socket. The third
      argument specifies in which compression format to write the image. It takes one of
-      <literal>uncompressed</literal>, <literal>xz</literal>, <literal>bzip2</literal> or
-      <literal>gzip</literal>, depending on which compression scheme is required. The image written to the
-      specified file descriptor will be a tar file in case of
+      <literal>uncompressed</literal>, <literal>xz</literal>, <literal>bzip2</literal>,
+      <literal>gzip</literal> or <literal>zstd</literal>, depending on which compression scheme is required.
+      The image written to the specified file descriptor will be a tar file in case of
      <function>ExportTar()</function>/<function>ExportTarEx()</function> or a raw disk image in case of
      <function>ExportRaw()</function>/<function>ExportRawEx()</function>. Note that currently raw disk
      images may not be exported as tar files, and vice versa. This restriction might be lifted
@ -267,8 +268,8 @@ node /org/freedesktop/import1 {
      <function>PullRaw()</function>/<function>PullRawEx()</function> may be used to download, verify and
      import a system image from a URL. They take a URL argument which should point to a tar or raw file on
      the <literal>http://</literal> or <literal>https://</literal> protocols, possibly compressed with xz,
-      bzip2 or gzip. The second argument is a local name for the image. It should be suitable as a hostname,
-      similarly to the matching argument of the
+      bzip2, gzip or zstd. The second argument is a local name for the image. It should be suitable as a
+      hostname, similarly to the matching argument of the
      <function>ImportTar()</function>/<function>ImportTarEx()</function> and
      <function>ImportRaw()</function>/<function>ImportRawEx()</function> methods above. The third argument
      indicates the verification mode for the image. It may be one of <literal>no</literal>,
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@ -477,8 +477,6 @@ node /org/freedesktop/systemd1 {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b DefaultCPUAccounting = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
-      readonly b DefaultBlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b DefaultIOAccounting = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b DefaultIPAccounting = ...;
@ -719,8 +717,6 @@ node /org/freedesktop/systemd1 {

    <!--property DefaultCPUAccounting is not documented!-->

-    <!--property DefaultBlockIOAccounting is not documented!-->
-
    <!--property DefaultIOAccounting is not documented!-->

    <!--property DefaultIPAccounting is not documented!-->
@ -1167,8 +1163,6 @@ node /org/freedesktop/systemd1 {

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultCPUAccounting"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="DefaultBlockIOAccounting"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="DefaultIOAccounting"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultIPAccounting"/>
@ -2906,10 +2900,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t StartupCPUWeight = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPerSecUSec = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPeriodUSec = ...;
@ -2940,18 +2930,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(st) IODeviceLatencyTargetUSec = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryAccounting = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t DefaultMemoryLow = ...;
@ -2984,8 +2962,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryZSwapWriteback = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DevicePolicy = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(ss) DeviceAllow = [...];
@ -3565,10 +3541,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <!--property StartupCPUWeight is not documented!-->

-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
    <!--property CPUQuotaPerSecUSec is not documented!-->

    <!--property CPUQuotaPeriodUSec is not documented!-->
@ -3599,18 +3571,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <!--property IODeviceLatencyTargetUSec is not documented!-->

-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
    <!--property MemoryAccounting is not documented!-->

    <!--property DefaultMemoryLow is not documented!-->
@ -3643,8 +3603,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <!--property MemoryZSwapWriteback is not documented!-->

-    <!--property MemoryLimit is not documented!-->
-
    <!--property DevicePolicy is not documented!-->

    <!--property DeviceAllow is not documented!-->
@ -4237,10 +4195,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@ -4271,18 +4225,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@ -4315,8 +4257,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@ -5113,10 +5053,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t StartupCPUWeight = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPerSecUSec = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPeriodUSec = ...;
@ -5147,18 +5083,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(st) IODeviceLatencyTargetUSec = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryAccounting = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t DefaultMemoryLow = ...;
@ -5191,8 +5115,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryZSwapWriteback = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DevicePolicy = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(ss) DeviceAllow = [...];
@ -5784,10 +5706,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {

    <!--property StartupCPUWeight is not documented!-->

-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
    <!--property CPUQuotaPerSecUSec is not documented!-->

    <!--property CPUQuotaPeriodUSec is not documented!-->
@ -5818,18 +5736,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {

    <!--property IODeviceLatencyTargetUSec is not documented!-->

-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
    <!--property MemoryAccounting is not documented!-->

    <!--property DefaultMemoryLow is not documented!-->
@ -5862,8 +5768,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {

    <!--property MemoryZSwapWriteback is not documented!-->

-    <!--property MemoryLimit is not documented!-->
-
    <!--property DevicePolicy is not documented!-->

    <!--property DeviceAllow is not documented!-->
@ -6428,10 +6332,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {

    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@ -6462,18 +6362,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {

    <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@ -6506,8 +6394,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {

    <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@ -7136,10 +7022,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t StartupCPUWeight = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPerSecUSec = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPeriodUSec = ...;
@ -7170,18 +7052,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(st) IODeviceLatencyTargetUSec = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryAccounting = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t DefaultMemoryLow = ...;
@ -7214,8 +7084,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryZSwapWriteback = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DevicePolicy = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(ss) DeviceAllow = [...];
@ -7737,10 +7605,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {

    <!--property StartupCPUWeight is not documented!-->

-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
    <!--property CPUQuotaPerSecUSec is not documented!-->

    <!--property CPUQuotaPeriodUSec is not documented!-->
@ -7771,18 +7635,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {

    <!--property IODeviceLatencyTargetUSec is not documented!-->

-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
    <!--property MemoryAccounting is not documented!-->

    <!--property DefaultMemoryLow is not documented!-->
@ -7815,8 +7667,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {

    <!--property MemoryZSwapWriteback is not documented!-->

-    <!--property MemoryLimit is not documented!-->
-
    <!--property DevicePolicy is not documented!-->

    <!--property DeviceAllow is not documented!-->
@ -8297,10 +8147,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {

    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@ -8331,18 +8177,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {

    <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@ -8375,8 +8209,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {

    <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@ -9132,10 +8964,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t StartupCPUWeight = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPerSecUSec = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPeriodUSec = ...;
@ -9166,18 +8994,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(st) IODeviceLatencyTargetUSec = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryAccounting = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t DefaultMemoryLow = ...;
@ -9210,8 +9026,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryZSwapWriteback = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DevicePolicy = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(ss) DeviceAllow = [...];
@ -9715,10 +9529,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {

    <!--property StartupCPUWeight is not documented!-->

-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
    <!--property CPUQuotaPerSecUSec is not documented!-->

    <!--property CPUQuotaPeriodUSec is not documented!-->
@ -9749,18 +9559,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {

    <!--property IODeviceLatencyTargetUSec is not documented!-->

-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
    <!--property MemoryAccounting is not documented!-->

    <!--property DefaultMemoryLow is not documented!-->
@ -9793,8 +9591,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {

    <!--property MemoryZSwapWriteback is not documented!-->

-    <!--property MemoryLimit is not documented!-->
-
    <!--property DevicePolicy is not documented!-->

    <!--property DeviceAllow is not documented!-->
@ -10257,10 +10053,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {

    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@ -10291,18 +10083,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {

    <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@ -10335,8 +10115,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {

    <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@ -10945,10 +10723,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t StartupCPUWeight = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPerSecUSec = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPeriodUSec = ...;
@ -10979,18 +10753,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(st) IODeviceLatencyTargetUSec = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryAccounting = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t DefaultMemoryLow = ...;
@ -11023,8 +10785,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryZSwapWriteback = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DevicePolicy = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(ss) DeviceAllow = [...];
@ -11138,10 +10898,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {

    <!--property StartupCPUWeight is not documented!-->

-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
    <!--property CPUQuotaPerSecUSec is not documented!-->

    <!--property CPUQuotaPeriodUSec is not documented!-->
@ -11172,18 +10928,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {

    <!--property IODeviceLatencyTargetUSec is not documented!-->

-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
    <!--property MemoryAccounting is not documented!-->

    <!--property DefaultMemoryLow is not documented!-->
@ -11216,8 +10960,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {

    <!--property MemoryZSwapWriteback is not documented!-->

-    <!--property MemoryLimit is not documented!-->
-
    <!--property DevicePolicy is not documented!-->

    <!--property DeviceAllow is not documented!-->
@ -11338,10 +11080,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {

    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@ -11372,18 +11110,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {

    <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@ -11416,8 +11142,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {

    <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@ -11569,10 +11293,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t StartupCPUWeight = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPerSecUSec = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CPUQuotaPeriodUSec = ...;
@ -11603,18 +11323,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(st) IODeviceLatencyTargetUSec = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryAccounting = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t DefaultMemoryLow = ...;
@ -11647,8 +11355,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b MemoryZSwapWriteback = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DevicePolicy = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(ss) DeviceAllow = [...];
@ -11782,10 +11488,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {

    <!--property StartupCPUWeight is not documented!-->

-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
    <!--property CPUQuotaPerSecUSec is not documented!-->

    <!--property CPUQuotaPeriodUSec is not documented!-->
@ -11816,18 +11518,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {

    <!--property IODeviceLatencyTargetUSec is not documented!-->

-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
    <!--property MemoryAccounting is not documented!-->

    <!--property DefaultMemoryLow is not documented!-->
@ -11860,8 +11550,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {

    <!--property MemoryZSwapWriteback is not documented!-->

-    <!--property MemoryLimit is not documented!-->
-
    <!--property DevicePolicy is not documented!-->

    <!--property DeviceAllow is not documented!-->
@ -12012,10 +11700,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {

    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@ -12046,18 +11730,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {

    <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@ -12090,8 +11762,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {

    <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>

-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
    <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@ -1738,8 +1738,10 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
        <term><varname>FirewallMark=</varname></term>
        <listitem>
          <para>Specifies the iptables firewall mark value to match (a number in the range
-          1…4294967295). Optionally, the firewall mask (also a number between 1…4294967295) can be
-          suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>.</para>
+          0…4294967295). Optionally, the firewall mask (also a number between 0…4294967295) can be
+          suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>. When the
+          mark value is non-zero and no mask is explicitly specified, all bits of the mark are
+          compared. </para>

          <xi:include href="version-info.xml" xpointer="v235"/>
        </listitem>
--- a/meson.build
+++ b/meson.build
@ -13,6 +13,12 @@ project('systemd', 'c',
        meson_version : '>= 0.62.0',
 )

+add_test_setup(
+        'default',
+        exclude_suites : ['integration-tests'],
+        is_default : true,
+)
+
 project_major_version = meson.project_version().split('.')[0].split('~')[0]
 if meson.project_version().contains('.')
        project_minor_version = meson.project_version().split('.')[-1].split('~')[0]
@ -339,7 +345,6 @@ meson_build_sh = find_program('tools/meson-build.sh')
 want_tests = get_option('tests')
 want_slow_tests = want_tests != 'false' and get_option('slow-tests')
 want_fuzz_tests = want_tests != 'false' and get_option('fuzz-tests')
-want_integration_tests = want_tests != 'false' and get_option('integration-tests')
 install_tests = want_tests != 'false' and get_option('install-tests')

 if add_languages('cpp', native : false, required : fuzzer_build)
@ -2661,10 +2666,6 @@ endif
 #####################################################################

 mkosi = find_program('mkosi', required : false)
-if want_integration_tests and not mkosi.found()
-        error('Could not find mkosi which is required to run the integration tests')
-endif
-
 mkosi_depends = public_programs

 foreach executable : ['systemd-journal-remote', 'systemd-sbsign', 'systemd-keyutil']
--- a/meson_options.txt
+++ b/meson_options.txt
@ -509,7 +509,7 @@ option('install-tests', type : 'boolean', value : false,
       description : 'install test executables')
 option('log-message-verification', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
       description : 'do fake printf() calls to verify format strings')
-option('integration-tests', type : 'boolean', value : false,
+option('integration-tests', type : 'boolean', value : false, deprecated : true,
       description : 'run the integration tests')

 option('ok-color', type : 'combo',
--- a/mkosi/mkosi.conf
+++ b/mkosi/mkosi.conf
@ -1,7 +1,7 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

 [Config]
-MinimumVersion=commit:7e4ec15aee6b98300b2ee14265bc647a716a9f8a
+MinimumVersion=commit:dbb4020beee2cdf250f93a425794f1cf8b0fe693
 Dependencies=
        exitrd
        initrd
@ -78,8 +78,7 @@ KernelCommandLine=
        oops=panic
        panic=-1
        softlockup_panic=1
-        # Disabled due to BTRFS issue, waiting for the fix to become available
-        panic_on_warn=0
+        panic_on_warn=1
        psi=1
        mitigations=off

--- a/mkosi/mkosi.conf.d/arch/mkosi.conf
+++ b/mkosi/mkosi.conf.d/arch/mkosi.conf
@ -4,6 +4,7 @@
 Distribution=arch

 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
        systemd
        systemd-libs
--- a/mkosi/mkosi.conf.d/arch/systemd.prepare
+++ b/mkosi/mkosi.conf.d/arch/systemd.prepare
@ -17,6 +17,7 @@ for PACKAGE in "${PACKAGES[@]}"; do
            sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it.
    )"

+    if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
        DEPS="$DEPS $(
            pacman --sync --info "$PACKAGE" |
                sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
@ -25,6 +26,7 @@ for PACKAGE in "${PACKAGES[@]}"; do
                sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
                tr '\n' ' ' # Transform newlines to whitespace.
        )"
+    fi
 done

 echo "$DEPS" |
--- a/mkosi/mkosi.conf.d/centos-fedora/mkosi.conf
+++ b/mkosi/mkosi.conf.d/centos-fedora/mkosi.conf
@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora

 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
        systemd
        systemd-boot
--- a/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
+++ b/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
@ -8,7 +8,12 @@ fi

 mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")

-for DEPS in --requires --recommends --suggests; do
+DEP_TYPES=(--requires)
+if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+    DEP_TYPES+=(--recommends --suggests)
+fi
+
+for DEPS in "${DEP_TYPES[@]}"; do
    # We need --latest-limit=1 to only consider the newest version of the packages.
    # --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
    # are not considered on x86-64.
--- a/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf
+++ b/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf
@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu

 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
        libnss-myhostname
        libnss-mymachines
--- a/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
+++ b/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
@ -22,9 +22,14 @@ for PACKAGE in "${PACKAGES[@]}"; do
    # Get all the dependencies of the systemd packages including recommended and suggested dependencies.
    PATTERNS+=(
        "?and(?reverse-depends(?exact-name($PACKAGE)), $COMMON)"
+    )
+
+    if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+        PATTERNS+=(
            "?and(?reverse-recommends(?exact-name($PACKAGE)), $COMMON)"
            "?and(?reverse-suggests(?exact-name($PACKAGE)), $COMMON)"
        )
+    fi
 done

 mkosi-install "${PATTERNS[@]}"
--- a/mkosi/mkosi.conf.d/opensuse/mkosi.conf
+++ b/mkosi/mkosi.conf.d/opensuse/mkosi.conf
@ -11,6 +11,7 @@ Repositories=non-oss
 SandboxTrees=macros.db_backend:/etc/rpm/macros.db_backend

 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
        libsystemd0
        libudev1
--- a/mkosi/mkosi.conf.d/opensuse/systemd.prepare
+++ b/mkosi/mkosi.conf.d/opensuse/systemd.prepare
@ -9,11 +9,15 @@ fi
 mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")

 DEPS=""
+DEP_TYPES=(--requires)
+if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+    DEP_TYPES+=(--recommends --suggests)
+fi

 for PACKAGE in "${PACKAGES[@]}"; do
    # zypper's output is not machine readable so we make do with sed instead.
    DEPS="$DEPS\n$(
-        zypper info --requires --recommends --suggests "$PACKAGE" |
+        zypper info "${DEP_TYPES[@]}" "$PACKAGE" |
            sed '/Requires/,$!d' | # Remove everything before Requires line
            sed --quiet 's/^    //p' # All indented lines have dependencies
    )"
--- a/mkosi/mkosi.images/exitrd/mkosi.conf
+++ b/mkosi/mkosi.images/exitrd/mkosi.conf
@ -3,6 +3,9 @@
 [Output]
 Format=directory

+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 Bootable=no
 Locale=C.UTF-8
@ -11,6 +14,7 @@ CleanPackageMetadata=yes
 MakeInitrd=yes

 Packages=
+        coreutils
        bash

 [Include]
--- a/mkosi/mkosi.images/exitrd/mkosi.conf.d/arch.conf
+++ b/mkosi/mkosi.images/exitrd/mkosi.conf.d/arch.conf
@ -4,6 +4,7 @@
 Distribution=arch

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 VolatilePackages=
        systemd
        systemd-libs
--- a/mkosi/mkosi.images/exitrd/mkosi.conf.d/centos-fedora.conf
+++ b/mkosi/mkosi.images/exitrd/mkosi.conf.d/centos-fedora.conf
@ -5,5 +5,6 @@ Distribution=|centos
 Distribution=|fedora

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 VolatilePackages=
        systemd-standalone-shutdown
--- a/mkosi/mkosi.images/exitrd/mkosi.conf.d/debian.conf
+++ b/mkosi/mkosi.images/exitrd/mkosi.conf.d/debian.conf
@ -4,5 +4,6 @@
 Distribution=debian

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 VolatilePackages=
        systemd-standalone-shutdown
--- a/mkosi/mkosi.images/exitrd/mkosi.conf.d/opensuse.conf
+++ b/mkosi/mkosi.images/exitrd/mkosi.conf.d/opensuse.conf
@ -4,6 +4,7 @@
 Distribution=opensuse

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
        diffutils
        grep
--- a/mkosi/mkosi.images/exitrd/mkosi.conf.d/ubuntu.conf
+++ b/mkosi/mkosi.images/exitrd/mkosi.conf.d/ubuntu.conf
@ -4,6 +4,7 @@
 Distribution=ubuntu

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 VolatilePackages=
        libsystemd-shared
        libsystemd0
--- a/mkosi/mkosi.images/initrd/mkosi.conf
+++ b/mkosi/mkosi.images/initrd/mkosi.conf
@ -6,10 +6,14 @@ Include=
        %D/mkosi/mkosi.sanitizers
        %D/mkosi/mkosi.coverage

+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 ExtraTrees=%D/mkosi/mkosi.extra.common

 Packages=
+        coreutils
        findutils
        grep
        sed
--- a/mkosi/mkosi.images/initrd/mkosi.conf.d/arch.conf
+++ b/mkosi/mkosi.images/initrd/mkosi.conf.d/arch.conf
@ -4,6 +4,7 @@
 Distribution=arch

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 Packages=
        btrfs-progs
        tpm2-tools
--- a/mkosi/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf
+++ b/mkosi/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf
@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 Packages=
        tpm2-tools

--- a/mkosi/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf
+++ b/mkosi/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf
@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 Packages=
        btrfs-progs
        tpm2-tools
--- a/mkosi/mkosi.images/initrd/mkosi.conf.d/opensuse.conf
+++ b/mkosi/mkosi.images/initrd/mkosi.conf.d/opensuse.conf
@ -4,6 +4,7 @@
 Distribution=opensuse

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
        btrfs-progs
        kmod
--- a/mkosi/mkosi.images/minimal-base/mkosi.conf
+++ b/mkosi/mkosi.images/minimal-base/mkosi.conf
@ -3,6 +3,9 @@
 [Output]
 Format=directory

+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 Bootable=no
 Locale=C.UTF-8
--- a/mkosi/mkosi.images/minimal-base/mkosi.conf.d/arch.conf
+++ b/mkosi/mkosi.images/minimal-base/mkosi.conf.d/arch.conf
@ -4,6 +4,7 @@
 Distribution=arch

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 Packages=
        inetutils
        iproute
--- a/mkosi/mkosi.images/minimal-base/mkosi.conf.d/centos-fedora.conf
+++ b/mkosi/mkosi.images/minimal-base/mkosi.conf.d/centos-fedora.conf
@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 Packages=
        hostname
        iproute
--- a/mkosi/mkosi.images/minimal-base/mkosi.conf.d/debian-ubuntu.conf
+++ b/mkosi/mkosi.images/minimal-base/mkosi.conf.d/debian-ubuntu.conf
@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 Packages=
        hostname
        iproute2
--- a/mkosi/mkosi.images/minimal-base/mkosi.conf.d/opensuse.conf
+++ b/mkosi/mkosi.images/minimal-base/mkosi.conf.d/opensuse.conf
@ -4,6 +4,7 @@
 Distribution=opensuse

 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
        diffutils
        grep
--- a/rules.d/70-uaccess.rules.in
+++ b/rules.d/70-uaccess.rules.in
@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess"
 # media player raw devices (for user-mode drivers, Android SDK, etc.)
 SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess"

+# Android devices (ADB DbC, ADB, Fastboot)
+# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see:
+# * https://developer.android.com/tools/adb
+# * https://source.android.com/docs/setup/test/running
+# * https://source.android.com/docs/setup/test/flash
+#
+# The bInterfaceClass and bInterfaceSubClass used are documented in source code here:
+# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199
+# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244
+#
+# Since it's using a generic vendor specific interface class, this can potentially result
+# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android".
+SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android"
+
 # software-defined radio communication devices
 ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess"

@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess"
 # As defined in https://en.wikipedia.org/wiki/3Dconnexion
 SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess"

+# Debug interfaces (e.g. Android Debug Bridge)
+ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess"
+
 LABEL="uaccess_end"
--- a/shell-completion/bash/importctl
+++ b/shell-completion/bash/importctl
@ -73,7 +73,7 @@ _importctl() {
                comps='no checksum signature'
                ;;
            --format)
-                comps='uncompressed xz gzip bzip2'
+                comps='uncompressed xz gzip bzip2 zstd'
                ;;
            --class)
                comps='machine portable sysext confext'
--- a/shell-completion/bash/machinectl
+++ b/shell-completion/bash/machinectl
@ -85,7 +85,7 @@ _machinectl() {
                comps=$( machinectl --verify=help 2>/dev/null )
                ;;
            --format)
-                comps='uncompressed xz gzip bzip2'
+                comps='uncompressed xz gzip bzip2 zstd'
                ;;
        esac
        COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
--- a/src/analyze/analyze-verify-util.c
+++ b/src/analyze/analyze-verify-util.c
@ -31,7 +31,7 @@ static void log_syntax_callback(const char *unit, int level, void *userdata) {

        r = set_put_strdup(s, unit);
        if (r < 0) {
-                set_free_free(*s);
+                set_free(*s);
                *s = POINTER_MAX;
        }
 }
@ -265,7 +265,7 @@ static int verify_unit(Unit *u, bool check_man, const char *root) {
 static void set_destroy_ignore_pointer_max(Set **s) {
        if (*s == POINTER_MAX)
                return;
-        set_free_free(*s);
+        set_free(*s);
 }

 int verify_units(
--- a/src/basic/conf-files.c
+++ b/src/basic/conf-files.c
@ -19,7 +19,6 @@
 #include "nulstr-util.h"
 #include "path-util.h"
 #include "set.h"
-#include "sort-util.h"
 #include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
@ -122,29 +121,22 @@ static int files_add(
        return 0;
 }

-static int base_cmp(char * const *a, char * const *b) {
-        assert(a);
-        assert(b);
-        return path_compare_filename(*a, *b);
-}
-
 static int copy_and_sort_files_from_hashmap(Hashmap *fh, char ***ret) {
        _cleanup_free_ char **sv = NULL;
        char **files;
+        int r;

        assert(ret);

-        sv = hashmap_get_strv(fh);
-        if (!sv)
-                return -ENOMEM;
+        r = hashmap_dump_sorted(fh, (void***) &sv, /* ret_n = */ NULL);
+        if (r < 0)
+                return r;

-        /* The entries in the array given by hashmap_get_strv() are still owned by the hashmap. */
+        /* The entries in the array given by hashmap_dump_sorted() are still owned by the hashmap. */
        files = strv_copy(sv);
        if (!files)
                return -ENOMEM;

-        typesafe_qsort(files, strv_length(files), base_cmp);
-
        *ret = files;
        return 0;
 }
@ -237,7 +229,7 @@ int conf_files_insert(char ***strv, const char *root, char **dirs, const char *p
        for (i = 0; i < n; i++) {
                int c;

-                c = base_cmp((char* const*) *strv + i, (char* const*) &path);
+                c = path_compare_filename((*strv)[i], path);
                if (c == 0)
                        /* Oh, there already is an entry with a matching name (the last component). */
                        STRV_FOREACH(dir, dirs) {
--- a/src/basic/fd-util.c
+++ b/src/basic/fd-util.c
@ -1001,13 +1001,13 @@ int fd_verify_safe_flags_full(int fd, int extra_flags) {
        if (flags < 0)
                return -errno;

-        unexpected_flags = flags & ~(O_ACCMODE|O_NOFOLLOW|RAW_O_LARGEFILE|extra_flags);
+        unexpected_flags = flags & ~(O_ACCMODE_STRICT|O_NOFOLLOW|RAW_O_LARGEFILE|extra_flags);
        if (unexpected_flags != 0)
                return log_debug_errno(SYNTHETIC_ERRNO(EREMOTEIO),
                                       "Unexpected flags set for extrinsic fd: 0%o",
                                       (unsigned) unexpected_flags);

-        return flags & (O_ACCMODE | extra_flags); /* return the flags variable, but remove the noise */
+        return flags & (O_ACCMODE_STRICT | extra_flags); /* return the flags variable, but remove the noise */
 }

 int read_nr_open(void) {
@ -1132,7 +1132,7 @@ int fds_are_same_mount(int fd1, int fd2) {
 }

 const char* accmode_to_string(int flags) {
-        switch (flags & O_ACCMODE) {
+        switch (flags & O_ACCMODE_STRICT) {
        case O_RDONLY:
                return "ro";
        case O_WRONLY:
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@ -1036,7 +1036,7 @@ int open_mkdir_at_full(int dirfd, const char *path, int flags, XOpenFlags xopen_

        if (flags & ~(O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_EXCL|O_NOATIME|O_NOFOLLOW|O_PATH))
                return -EINVAL;
-        if ((flags & O_ACCMODE) != O_RDONLY)
+        if ((flags & O_ACCMODE_STRICT) != O_RDONLY)
                return -EINVAL;

        /* Note that O_DIRECTORY|O_NOFOLLOW is implied, but we allow specifying it anyway. The following
--- a/src/basic/hashmap.c
+++ b/src/basic/hashmap.c
@ -912,24 +912,20 @@ static void hashmap_free_no_clear(HashmapBase *h) {
                free(h);
 }

-HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
+HashmapBase* _hashmap_free(HashmapBase *h) {
        if (h) {
-                _hashmap_clear(h, default_free_key, default_free_value);
+                _hashmap_clear(h);
                hashmap_free_no_clear(h);
        }

        return NULL;
 }

-void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
-        free_func_t free_key, free_value;
+void _hashmap_clear(HashmapBase *h) {
        if (!h)
                return;

-        free_key = h->hash_ops->free_key ?: default_free_key;
-        free_value = h->hash_ops->free_value ?: default_free_value;
-
-        if (free_key || free_value) {
+        if (h->hash_ops->free_key || h->hash_ops->free_value) {

                /* If destructor calls are defined, let's destroy things defensively: let's take the item out of the
                 * hash table, and only then call the destructor functions. If these destructors then try to unregister
@ -941,11 +937,11 @@ void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t de

                        v = _hashmap_first_key_and_value(h, true, &k);

-                        if (free_key)
-                                free_key(k);
+                        if (h->hash_ops->free_key)
+                                h->hash_ops->free_key(k);

-                        if (free_value)
-                                free_value(v);
+                        if (h->hash_ops->free_value)
+                                h->hash_ops->free_value(v);
                }
        }

@ -1780,7 +1776,7 @@ HashmapBase* _hashmap_copy(HashmapBase *h  HASHMAP_DEBUG_PARAMS) {
        }

        if (r < 0)
-                return _hashmap_free(copy, NULL, NULL);
+                return _hashmap_free(copy);

        return copy;
 }
--- a/src/basic/hashmap.h
+++ b/src/basic/hashmap.h
@ -90,13 +90,15 @@ OrderedHashmap* _ordered_hashmap_new(const struct hash_ops *hash_ops  HASHMAP_DE

 #define hashmap_free_and_replace(a, b)                          \
        free_and_replace_full(a, b, hashmap_free)
+#define ordered_hashmap_free_and_replace(a, b)                  \
+        free_and_replace_full(a, b, ordered_hashmap_free)

-HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
+HashmapBase* _hashmap_free(HashmapBase *h);
 static inline Hashmap* hashmap_free(Hashmap *h) {
-        return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, NULL);
+        return (void*) _hashmap_free(HASHMAP_BASE(h));
 }
 static inline OrderedHashmap* ordered_hashmap_free(OrderedHashmap *h) {
-        return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, NULL);
+        return (void*) _hashmap_free(HASHMAP_BASE(h));
 }

 IteratedCache* iterated_cache_free(IteratedCache *cache);
@ -264,12 +266,12 @@ static inline bool ordered_hashmap_iterate(OrderedHashmap *h, Iterator *i, void
        return _hashmap_iterate(HASHMAP_BASE(h), i, value, key);
 }

-void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
+void _hashmap_clear(HashmapBase *h);
 static inline void hashmap_clear(Hashmap *h) {
-        _hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
+        _hashmap_clear(HASHMAP_BASE(h));
 }
 static inline void ordered_hashmap_clear(OrderedHashmap *h) {
-        _hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
+        _hashmap_clear(HASHMAP_BASE(h));
 }

 /*
@ -329,27 +331,6 @@ static inline void *ordered_hashmap_first_key(OrderedHashmap *h) {
        return _hashmap_first_key(HASHMAP_BASE(h), false);
 }

-#define hashmap_clear_with_destructor(h, f)                     \
-        ({                                                      \
-                Hashmap *_h = (h);                              \
-                void *_item;                                    \
-                while ((_item = hashmap_steal_first(_h)))       \
-                        f(_item);                               \
-                _h;                                             \
-        })
-#define hashmap_free_with_destructor(h, f)                      \
-        hashmap_free(hashmap_clear_with_destructor(h, f))
-#define ordered_hashmap_clear_with_destructor(h, f)                     \
-        ({                                                              \
-                OrderedHashmap *_h = (h);                               \
-                void *_item;                                            \
-                while ((_item = ordered_hashmap_steal_first(_h)))       \
-                        f(_item);                                       \
-                _h;                                                     \
-        })
-#define ordered_hashmap_free_with_destructor(h, f)                      \
-        ordered_hashmap_free(ordered_hashmap_clear_with_destructor(h, f))
-
 /* no hashmap_next */
 void* ordered_hashmap_next(OrderedHashmap *h, const void *key);

--- a/src/basic/missing_fcntl.h
+++ b/src/basic/missing_fcntl.h
@ -43,3 +43,9 @@
 #ifndef AT_HANDLE_FID
 #define AT_HANDLE_FID AT_REMOVEDIR
 #endif
+
+/* On musl, O_ACCMODE is defined as (03|O_SEARCH), unlike glibc which defines it as
+ * (O_RDONLY|O_WRONLY|O_RDWR). Additionally, O_SEARCH is simply defined as O_PATH. This changes the behaviour
+ * of O_ACCMODE in certain situations, which we don't want. This definition is copied from glibc and works
+ * around the problems with musl's definition. */
+#define O_ACCMODE_STRICT (O_RDONLY|O_WRONLY|O_RDWR)
--- a/src/basic/ordered-set.h
+++ b/src/basic/ordered-set.h
@ -83,17 +83,6 @@ void ordered_set_print(FILE *f, const char *field, OrderedSet *s);
 #define ORDERED_SET_FOREACH(e, s) \
        _ORDERED_SET_FOREACH(e, s, UNIQ_T(i, UNIQ))

-#define ordered_set_clear_with_destructor(s, f)                 \
-        ({                                                      \
-                OrderedSet *_s = (s);                           \
-                void *_item;                                    \
-                while ((_item = ordered_set_steal_first(_s)))   \
-                        f(_item);                               \
-                _s;                                             \
-        })
-#define ordered_set_free_with_destructor(s, f)                  \
-        ordered_set_free(ordered_set_clear_with_destructor(s, f))
-
 DEFINE_TRIVIAL_CLEANUP_FUNC(OrderedSet*, ordered_set_free);

 #define _cleanup_ordered_set_free_ _cleanup_(ordered_set_freep)
--- a/src/basic/set.h
+++ b/src/basic/set.h
@ -12,15 +12,9 @@ Set* _set_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
 #define set_new(ops) _set_new(ops HASHMAP_DEBUG_SRC_ARGS)

 static inline Set* set_free(Set *s) {
-        return (Set*) _hashmap_free(HASHMAP_BASE(s), NULL, NULL);
+        return (Set*) _hashmap_free(HASHMAP_BASE(s));
 }

-static inline Set* set_free_free(Set *s) {
-        return (Set*) _hashmap_free(HASHMAP_BASE(s), free, NULL);
-}
-
-/* no set_free_free_free */
-
 #define set_copy(s) ((Set*) _hashmap_copy(HASHMAP_BASE(s)  HASHMAP_DEBUG_SRC_ARGS))

 int _set_ensure_allocated(Set **s, const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
@ -77,30 +71,13 @@ static inline bool set_iterate(const Set *s, Iterator *i, void **value) {
 }

 static inline void set_clear(Set *s) {
-        _hashmap_clear(HASHMAP_BASE(s), NULL, NULL);
+        _hashmap_clear(HASHMAP_BASE(s));
 }

-static inline void set_clear_free(Set *s) {
-        _hashmap_clear(HASHMAP_BASE(s), free, NULL);
-}
-
-/* no set_clear_free_free */
-
 static inline void *set_steal_first(Set *s) {
        return _hashmap_first_key_and_value(HASHMAP_BASE(s), true, NULL);
 }

-#define set_clear_with_destructor(s, f)                 \
-        ({                                              \
-                Set *_s = (s);                          \
-                void *_item;                            \
-                while ((_item = set_steal_first(_s)))   \
-                        f(_item);                       \
-                _s;                                     \
-        })
-#define set_free_with_destructor(s, f)                  \
-        set_free(set_clear_with_destructor(s, f))
-
 /* no set_steal_first_key */
 /* no set_first_key */

@ -145,10 +122,8 @@ int set_put_strsplit(Set *s, const char *v, const char *separators, ExtractFlags
        for (; ({ e = set_first(s); assert_se(!e || set_move_one(d, s, e) >= 0); e; }); )

 DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free);
-DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free_free);

 #define _cleanup_set_free_ _cleanup_(set_freep)
-#define _cleanup_set_free_free_ _cleanup_(set_free_freep)

 int set_strjoin(Set *s, const char *separator, bool wrap_with_separator, char **ret);

--- a/src/basic/xattr-util.c
+++ b/src/basic/xattr-util.c
@ -104,7 +104,7 @@ static ssize_t getxattr_pinned_internal(
        if (n < 0)
                return -errno;

-        assert((size_t) n <= size);
+        assert(size == 0 || (size_t) n <= size);
        return n;
 }

@ -234,7 +234,7 @@ static int listxattr_pinned_internal(
        if (n < 0)
                return -errno;

-        assert((size_t) n <= size);
+        assert(size == 0 || (size_t) n <= size);

        if (n > INT_MAX) /* We couldn't return this as 'int' anymore */
                return -E2BIG;
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@ -865,17 +865,6 @@ static int install_variables(
        uint16_t slot;
        int r;

-        if (arg_root) {
-                log_info("Acting on %s, skipping EFI variable setup.",
-                         arg_image ? "image" : "root directory");
-                return 0;
-        }
-
-        if (!is_efi_boot()) {
-                log_warning("Not booted with EFI, skipping EFI variable setup.");
-                return 0;
-        }
-
        r = chase_and_access(path, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, F_OK, NULL);
        if (r == -ENOENT)
                return 0;
@ -1075,7 +1064,7 @@ int verb_install(int argc, char *argv[], void *userdata) {

        (void) sync_everything();

-        if (!arg_touch_variables)
+        if (!touch_variables())
                return 0;

        if (arg_arch_all) {
@ -1206,9 +1195,6 @@ static int remove_variables(sd_id128_t uuid, const char *path, bool in_order) {
        uint16_t slot;
        int r;

-        if (arg_root || !is_efi_boot())
-                return 0;
-
        r = find_slot(uuid, path, &slot);
        if (r != 1)
                return 0;
@ -1327,7 +1313,7 @@ int verb_remove(int argc, char *argv[], void *userdata) {

        (void) sync_everything();

-        if (!arg_touch_variables)
+        if (!touch_variables())
                return r;

        if (arg_arch_all) {
--- a/src/bootctl/bootctl-random-seed.c
+++ b/src/bootctl/bootctl-random-seed.c
@ -58,20 +58,9 @@ static int set_system_token(void) {
        size_t token_size;
        int r;

-        if (!arg_touch_variables)
+        if (!touch_variables())
                return 0;

-        if (arg_root) {
-                log_warning("Acting on %s, skipping EFI variable setup.",
-                             arg_image ? "image" : "root directory");
-                return 0;
-        }
-
-        if (!is_efi_boot()) {
-                log_notice("Not booted with EFI, skipping EFI variable setup.");
-                return 0;
-        }
-
        r = getenv_bool("SYSTEMD_WRITE_SYSTEM_TOKEN");
        if (r < 0) {
                if (r != -ENXIO)
--- a/src/bootctl/bootctl-set-efivar.c
+++ b/src/bootctl/bootctl-set-efivar.c
@ -105,11 +105,20 @@ static int parse_loader_entry_target_arg(const char *arg1, char16_t **ret_target
 int verb_set_efivar(int argc, char *argv[], void *userdata) {
        int r;

+        /* Note: changing EFI variables is the primary purpose of these verbs, hence unlike in the other
+         * verbs that might touch EFI variables where we skip things gracefully, here we fail loudly if we
+         * are not run on EFI or EFI variable modifications were turned off. */
+
+        if (arg_touch_variables < 0) {
                if (arg_root)
                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                       "Acting on %s, skipping EFI variable setup.",
+                                               "Acting on %s, refusing EFI variable setup.",
                                               arg_image ? "image" : "root directory");

+                if (detect_container() > 0)
+                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                               "'%s' operation not supported in a container.",
+                                               argv[0]);
                if (!is_efi_boot())
                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                                               "Not booted with UEFI.");
@ -123,14 +132,9 @@ int verb_set_efivar(int argc, char *argv[], void *userdata) {
                        return log_error_errno(errno, "Failed to detect whether boot loader supports '%s' operation: %m", argv[0]);
                }

-        if (detect_container() > 0)
-                return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                       "'%s' operation not supported in a container.",
-                                       argv[0]);
-
-        if (!arg_touch_variables)
+        } else if (!arg_touch_variables)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "'%s' operation cannot be combined with --no-variables.",
+                                       "'%s' operation cannot be combined with --variables=no.",
                                       argv[0]);

        const char *variable;
--- a/src/bootctl/bootctl.c
+++ b/src/bootctl/bootctl.c
@ -43,7 +43,7 @@ bool arg_print_dollar_boot_path = false;
 bool arg_print_loader_path = false;
 bool arg_print_stub_path = false;
 unsigned arg_print_root_device = 0;
-bool arg_touch_variables = true;
+int arg_touch_variables = -1;
 bool arg_install_random_seed = true;
 PagerFlags arg_pager_flags = 0;
 bool arg_graceful = false;
@ -213,6 +213,29 @@ static int print_loader_or_stub_path(void) {
        return 0;
 }

+bool touch_variables(void) {
+        /* If we run in a container or on a non-EFI system, automatically turn off EFI file system access,
+         * unless explicitly overriden. */
+
+        if (arg_touch_variables >= 0)
+                return arg_touch_variables;
+
+        if (arg_root) {
+                log_once(LOG_NOTICE,
+                         "Operating on %s, skipping EFI variable modifications.",
+                         arg_image ? "image" : "root directory");
+                return false;
+        }
+
+        if (!is_efi_boot()) { /* NB: this internally checks if we run in a container */
+                log_once(LOG_NOTICE,
+                         "Not booted with EFI or running in a container, skipping EFI variable modifications.");
+                return false;
+        }
+
+        return true;
+}
+
 static int help(int argc, char *argv[], void *userdata) {
        _cleanup_free_ char *link = NULL;
        int r;
@ -271,7 +294,8 @@ static int help(int argc, char *argv[], void *userdata) {
               "                       Specify disk image dissection policy\n"
               "     --install-source=auto|image|host\n"
               "                       Where to pick files when using --root=/--image=\n"
-               "     --no-variables    Don't touch EFI variables\n"
+               "     --variables=yes|no\n"
+               "                       Whether to modify EFI variables\n"
               "     --random-seed=yes|no\n"
               "                       Whether to create random-seed file during install\n"
               "     --no-pager        Do not pipe output into a pager\n"
@ -327,6 +351,7 @@ static int parse_argv(int argc, char *argv[]) {
                ARG_IMAGE_POLICY,
                ARG_INSTALL_SOURCE,
                ARG_VERSION,
+                ARG_VARIABLES,
                ARG_NO_VARIABLES,
                ARG_RANDOM_SEED,
                ARG_NO_PAGER,
@ -362,7 +387,8 @@ static int parse_argv(int argc, char *argv[]) {
                { "print-loader-path",           no_argument,       NULL, ARG_PRINT_LOADER_PATH           },
                { "print-stub-path",             no_argument,       NULL, ARG_PRINT_STUB_PATH             },
                { "print-root-device",           no_argument,       NULL, 'R'                             },
-                { "no-variables",                no_argument,       NULL, ARG_NO_VARIABLES                },
+                { "variables",                   required_argument, NULL, ARG_VARIABLES                   },
+                { "no-variables",                no_argument,       NULL, ARG_NO_VARIABLES                }, /* Compability */
                { "random-seed",                 required_argument, NULL, ARG_RANDOM_SEED                 },
                { "no-pager",                    no_argument,       NULL, ARG_NO_PAGER                    },
                { "graceful",                    no_argument,       NULL, ARG_GRACEFUL                    },
@ -460,6 +486,12 @@ static int parse_argv(int argc, char *argv[]) {
                        arg_print_root_device++;
                        break;

+                case ARG_VARIABLES:
+                        r = parse_tristate_argument("--variables=", optarg, &arg_touch_variables);
+                        if (r < 0)
+                                return r;
+                        break;
+
                case ARG_NO_VARIABLES:
                        arg_touch_variables = false;
                        break;
@ -643,10 +675,6 @@ static int run(int argc, char *argv[]) {

        log_setup();

-        /* If we run in a container, automatically turn off EFI file system access */
-        if (detect_container() > 0)
-                arg_touch_variables = false;
-
        r = parse_argv(argc, argv);
        if (r <= 0)
                return r;
--- a/src/bootctl/bootctl.h
+++ b/src/bootctl/bootctl.h
@ -20,7 +20,7 @@ extern char *arg_xbootldr_path;
 extern bool arg_print_esp_path;
 extern bool arg_print_dollar_boot_path;
 extern unsigned arg_print_root_device;
-extern bool arg_touch_variables;
+extern int arg_touch_variables;
 extern bool arg_install_random_seed;
 extern PagerFlags arg_pager_flags;
 extern bool arg_graceful;
@ -54,3 +54,5 @@ static inline const char* arg_dollar_boot_path(void) {

 int acquire_esp(int unprivileged_mode, bool graceful, uint32_t *ret_part, uint64_t *ret_pstart, uint64_t *ret_psize, sd_id128_t *ret_uuid, dev_t *ret_devid);
 int acquire_xbootldr(int unprivileged_mode, sd_id128_t *ret_uuid, dev_t *ret_devid);
+
+bool touch_variables(void);
--- a/src/core/bpf-devices.c
+++ b/src/core/bpf-devices.c
@ -261,11 +261,10 @@ int bpf_devices_supported(void) {
        static int supported = -1;
        int r;

-        /* Checks whether BPF device controller is supported. For this, we check five things:
+        /* Checks whether BPF device controller is supported. For this, we check two things:
         *
         * a) whether we are privileged
-         * b) whether the unified hierarchy is being used
-         * c) the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_DEVICE programs, which we require
+         * b) the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_DEVICE programs, which we require
         */

        if (supported >= 0)
@ -276,14 +275,6 @@ int bpf_devices_supported(void) {
                return supported = 0;
        }

-        r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
-        if (r < 0)
-                return log_error_errno(r, "Can't determine whether the unified hierarchy is used: %m");
-        if (r == 0) {
-                log_debug("Not running with unified cgroups, BPF device control is not supported.");
-                return supported = 0;
-        }
-
        r = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE, "sd_devices", &program);
        if (r < 0) {
                log_debug_errno(r, "Can't allocate CGROUP DEVICE BPF program, BPF device control is not supported: %m");
@ -315,38 +306,15 @@ static int allow_list_device_pattern(

        assert(IN_SET(type, 'b', 'c'));

-        if (cg_all_unified() > 0) {
        if (!prog)
                return 0;

        if (major != UINT_MAX && minor != UINT_MAX)
                return bpf_prog_allow_list_device(prog, type, major, minor, p);
-                else if (major != UINT_MAX)
+        if (major != UINT_MAX)
                return bpf_prog_allow_list_major(prog, type, major, p);
-                else
+
        return bpf_prog_allow_list_class(prog, type, p);
-
-        } else {
-                char buf[2+DECIMAL_STR_MAX(unsigned)*2+2+4];
-                int r;
-
-                if (major != UINT_MAX && minor != UINT_MAX)
-                        xsprintf(buf, "%c %u:%u %s", type, major, minor, cgroup_device_permissions_to_string(p));
-                else if (major != UINT_MAX)
-                        xsprintf(buf, "%c %u:* %s", type, major, cgroup_device_permissions_to_string(p));
-                else
-                        xsprintf(buf, "%c *:* %s", type, cgroup_device_permissions_to_string(p));
-
-                /* Changing the devices list of a populated cgroup might result in EINVAL, hence ignore
-                 * EINVAL here. */
-
-                r = cg_set_attribute("devices", path, "devices.allow", buf);
-                if (r < 0)
-                        log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES, -EPERM) ? LOG_DEBUG : LOG_WARNING,
-                                       r, "Failed to set devices.allow on %s: %m", path);
-
-                return r;
-        }
 }

 int bpf_devices_allow_list_device(
--- a/src/core/bpf-firewall.c
+++ b/src/core/bpf-firewall.c
@ -845,23 +845,12 @@ int bpf_firewall_supported(void) {

        /* Checks whether BPF firewalling is supported. For this, we check the following things:
         *
-         * - whether the unified hierarchy is being used
         * - the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_SKB programs, which we require
         * - the BPF implementation in the kernel supports the BPF_PROG_DETACH call, which we require
         */
        if (supported >= 0)
                return supported;

-        r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
-        if (r < 0)
-                return log_error_errno(r, "bpf-firewall: Can't determine whether the unified hierarchy is used: %m");
-        if (r == 0) {
-                bpf_firewall_unsupported_reason =
-                        log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
-                                        "bpf-firewall: Not running with unified cgroup hierarchy, BPF firewalling is not supported.");
-                return supported = BPF_FIREWALL_UNSUPPORTED;
-        }
-
        /* prog_name is NULL since it is supported only starting from v4.15 kernel. */
        r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, NULL, &program);
        if (r < 0) {
--- a/src/core/bpf-foreign.h
+++ b/src/core/bpf-foreign.h
@ -4,10 +4,6 @@

 #include "unit.h"

-static inline int bpf_foreign_supported(void) {
-        return cg_all_unified();
-}
-
 /*
 * Attach cgroup-bpf programs foreign to systemd, i.e. loaded to the kernel by an entity
 * external to systemd.
--- a/src/core/bpf-util.c
+++ b/src/core/bpf-util.c
@ -13,17 +13,6 @@ bool cgroup_bpf_supported(void) {
        if (supported >= 0)
                return supported;

-        r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
-        if (r < 0) {
-                log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
-                return (supported = false);
-        }
-
-        if (r == 0) {
-                log_info("Not running with unified cgroup hierarchy, disabling cgroup BPF features.");
-                return (supported = false);
-        }
-
        r = dlopen_bpf();
        if (r < 0) {
                log_full_errno(in_initrd() ? LOG_DEBUG : LOG_INFO,
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@ -34,8 +34,6 @@ typedef struct CGroupDeviceAllow CGroupDeviceAllow;
 typedef struct CGroupIODeviceWeight CGroupIODeviceWeight;
 typedef struct CGroupIODeviceLimit CGroupIODeviceLimit;
 typedef struct CGroupIODeviceLatency CGroupIODeviceLatency;
-typedef struct CGroupBlockIODeviceWeight CGroupBlockIODeviceWeight;
-typedef struct CGroupBlockIODeviceBandwidth CGroupBlockIODeviceBandwidth;
 typedef struct CGroupBPFForeignProgram CGroupBPFForeignProgram;
 typedef struct CGroupSocketBindItem CGroupSocketBindItem;
 typedef struct CGroupRuntime CGroupRuntime;
@ -98,19 +96,6 @@ struct CGroupIODeviceLatency {
        usec_t target_usec;
 };

-struct CGroupBlockIODeviceWeight {
-        LIST_FIELDS(CGroupBlockIODeviceWeight, device_weights);
-        char *path;
-        uint64_t weight;
-};
-
-struct CGroupBlockIODeviceBandwidth {
-        LIST_FIELDS(CGroupBlockIODeviceBandwidth, device_bandwidths);
-        char *path;
-        uint64_t rbps;
-        uint64_t wbps;
-};
-
 struct CGroupBPFForeignProgram {
        LIST_FIELDS(CGroupBPFForeignProgram, programs);
        uint32_t attach_type;
@ -140,7 +125,6 @@ typedef enum CGroupPressureWatch {
 struct CGroupContext {
        bool cpu_accounting;
        bool io_accounting;
-        bool blockio_accounting;
        bool memory_accounting;
        bool tasks_accounting;
        bool ip_accounting;
@ -212,17 +196,6 @@ struct CGroupContext {
        Set *restrict_network_interfaces;
        bool restrict_network_interfaces_is_allow_list;

-        /* For legacy hierarchies */
-        uint64_t cpu_shares;
-        uint64_t startup_cpu_shares;
-
-        uint64_t blockio_weight;
-        uint64_t startup_blockio_weight;
-        LIST_HEAD(CGroupBlockIODeviceWeight, blockio_device_weights);
-        LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths);
-
-        uint64_t memory_limit;
-
        CGroupDevicePolicy device_policy;
        LIST_HEAD(CGroupDeviceAllow, device_allow);

@ -396,8 +369,6 @@ void cgroup_context_free_device_allow(CGroupContext *c, CGroupDeviceAllow *a);
 void cgroup_context_free_io_device_weight(CGroupContext *c, CGroupIODeviceWeight *w);
 void cgroup_context_free_io_device_limit(CGroupContext *c, CGroupIODeviceLimit *l);
 void cgroup_context_free_io_device_latency(CGroupContext *c, CGroupIODeviceLatency *l);
-void cgroup_context_free_blockio_device_weight(CGroupContext *c, CGroupBlockIODeviceWeight *w);
-void cgroup_context_free_blockio_device_bandwidth(CGroupContext *c, CGroupBlockIODeviceBandwidth *b);
 void cgroup_context_remove_bpf_foreign_program(CGroupContext *c, CGroupBPFForeignProgram *p);
 void cgroup_context_remove_socket_bind(CGroupSocketBindItem **head);

@ -417,8 +388,6 @@ static inline int cgroup_context_add_bpf_foreign_program_dup(CGroupContext *c, c
 int cgroup_context_add_io_device_limit_dup(CGroupContext *c, const CGroupIODeviceLimit *l);
 int cgroup_context_add_io_device_weight_dup(CGroupContext *c, const CGroupIODeviceWeight *w);
 int cgroup_context_add_io_device_latency_dup(CGroupContext *c, const CGroupIODeviceLatency *l);
-int cgroup_context_add_block_io_device_weight_dup(CGroupContext *c, const CGroupBlockIODeviceWeight *w);
-int cgroup_context_add_block_io_device_bandwidth_dup(CGroupContext *c, const CGroupBlockIODeviceBandwidth *b);
 int cgroup_context_add_device_allow_dup(CGroupContext *c, const CGroupDeviceAllow *a);
 int cgroup_context_add_socket_bind_item_allow_dup(CGroupContext *c, const CGroupSocketBindItem *i);
 int cgroup_context_add_socket_bind_item_deny_dup(CGroupContext *c, const CGroupSocketBindItem *i);
@ -438,7 +407,6 @@ void unit_invalidate_cgroup_members_masks(Unit *u);

 void unit_add_family_to_cgroup_realize_queue(Unit *u);

-const char* unit_get_realized_cgroup_path(Unit *u, CGroupMask mask);
 int unit_default_cgroup_path(const Unit *u, char **ret);
 int unit_set_cgroup_path(Unit *u, const char *path);
 int unit_pick_cgroup_path(Unit *u);
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@ -35,6 +35,8 @@ static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_de
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_mode, managed_oom_mode, ManagedOOMMode);
 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_preference, managed_oom_preference, ManagedOOMPreference);

+static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_blockio_ast, "a(st)", 0);
+
 static int property_get_cgroup_mask(
                sd_bus *bus,
                const char *path,
@ -196,72 +198,6 @@ static int property_get_io_device_latency(
        return sd_bus_message_close_container(reply);
 }

-static int property_get_blockio_device_weight(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        CGroupContext *c = ASSERT_PTR(userdata);
-        int r;
-
-        assert(bus);
-        assert(reply);
-
-        r = sd_bus_message_open_container(reply, 'a', "(st)");
-        if (r < 0)
-                return r;
-
-        LIST_FOREACH(device_weights, w, c->blockio_device_weights) {
-                r = sd_bus_message_append(reply, "(st)", w->path, w->weight);
-                if (r < 0)
-                        return r;
-        }
-
-        return sd_bus_message_close_container(reply);
-}
-
-static int property_get_blockio_device_bandwidths(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        CGroupContext *c = ASSERT_PTR(userdata);
-        int r;
-
-        assert(bus);
-        assert(reply);
-
-        r = sd_bus_message_open_container(reply, 'a', "(st)");
-        if (r < 0)
-                return r;
-
-        LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
-                uint64_t v;
-
-                if (streq(property, "BlockIOReadBandwidth"))
-                        v = b->rbps;
-                else
-                        v = b->wbps;
-
-                if (v == CGROUP_LIMIT_MAX)
-                        continue;
-
-                r = sd_bus_message_append(reply, "(st)", b->path, v);
-                if (r < 0)
-                        return r;
-        }
-
-        return sd_bus_message_close_container(reply);
-}
-
 static int property_get_device_allow(
                sd_bus *bus,
                const char *path,
@ -450,8 +386,6 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
        SD_BUS_PROPERTY("CPUAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpu_accounting), 0),
        SD_BUS_PROPERTY("CPUWeight", "t", NULL, offsetof(CGroupContext, cpu_weight), 0),
        SD_BUS_PROPERTY("StartupCPUWeight", "t", NULL, offsetof(CGroupContext, startup_cpu_weight), 0),
-        SD_BUS_PROPERTY("CPUShares", "t", NULL, offsetof(CGroupContext, cpu_shares), 0),
-        SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0),
        SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0),
        SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0),
        SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0),
@ -467,12 +401,6 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
        SD_BUS_PROPERTY("IOReadIOPSMax", "a(st)", property_get_io_device_limits, 0, 0),
        SD_BUS_PROPERTY("IOWriteIOPSMax", "a(st)", property_get_io_device_limits, 0, 0),
        SD_BUS_PROPERTY("IODeviceLatencyTargetUSec", "a(st)", property_get_io_device_latency, 0, 0),
-        SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, blockio_accounting), 0),
-        SD_BUS_PROPERTY("BlockIOWeight", "t", NULL, offsetof(CGroupContext, blockio_weight), 0),
-        SD_BUS_PROPERTY("StartupBlockIOWeight", "t", NULL, offsetof(CGroupContext, startup_blockio_weight), 0),
-        SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_device_weight, 0, 0),
-        SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0),
-        SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0),
        SD_BUS_PROPERTY("MemoryAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, memory_accounting), 0),
        SD_BUS_PROPERTY("DefaultMemoryLow", "t", NULL, offsetof(CGroupContext, default_memory_low), 0),
        SD_BUS_PROPERTY("DefaultStartupMemoryLow", "t", NULL, offsetof(CGroupContext, default_startup_memory_low), 0),
@ -489,7 +417,6 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
        SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0),
        SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0),
        SD_BUS_PROPERTY("MemoryZSwapWriteback", "b", bus_property_get_bool, offsetof(CGroupContext, memory_zswap_writeback), 0),
-        SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0),
        SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0),
        SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0),
        SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0),
@ -513,6 +440,16 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
        SD_BUS_PROPERTY("MemoryPressureThresholdUSec", "t", bus_property_get_usec, offsetof(CGroupContext, memory_pressure_threshold_usec), 0),
        SD_BUS_PROPERTY("NFTSet", "a(iiss)", property_get_cgroup_nft_set, 0, 0),
        SD_BUS_PROPERTY("CoredumpReceive", "b", bus_property_get_bool, offsetof(CGroupContext, coredump_receive), 0),
+        /* deprecated cgroup v1 properties */
+        SD_BUS_PROPERTY("MemoryLimit", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("CPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("StartupCPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("StartupBlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
        SD_BUS_VTABLE_END
 };

@ -777,17 +714,6 @@ static int bus_cgroup_set_transient_property(
                                return r;

                        unit_write_setting(u, flags, name, buf);
-
-                        if (c->bpf_foreign_programs) {
-                                r = bpf_foreign_supported();
-                                if (r < 0)
-                                        return r;
-                                if (r == 0)
-                                        log_full(LOG_DEBUG,
-                                                 "Transient unit %s configures a BPF program pinned to BPF "
-                                                 "filesystem, but the local system does not support that.\n"
-                                                 "Starting this unit will fail!", u->id);
-                        }
                }

                return 1;
@ -993,9 +919,7 @@ static int bus_cgroup_set_boolean(
        }

 DISABLE_WARNING_TYPE_LIMITS;
-BUS_DEFINE_SET_CGROUP_WEIGHT(cpu_shares, CGROUP_MASK_CPU, CGROUP_CPU_SHARES_IS_OK, CGROUP_CPU_SHARES_INVALID);
 BUS_DEFINE_SET_CGROUP_WEIGHT(io_weight, CGROUP_MASK_IO, CGROUP_WEIGHT_IS_OK, CGROUP_WEIGHT_INVALID);
-BUS_DEFINE_SET_CGROUP_WEIGHT(blockio_weight, CGROUP_MASK_BLKIO, CGROUP_BLKIO_WEIGHT_IS_OK, CGROUP_BLKIO_WEIGHT_INVALID);
 BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1);
 BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
 BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
@ -1127,12 +1051,6 @@ int bus_cgroup_set_property(
        if (streq(name, "StartupCPUWeight"))
                return bus_cgroup_set_cpu_weight(u, name, &c->startup_cpu_weight, message, flags, error);

-        if (streq(name, "CPUShares"))
-                return bus_cgroup_set_cpu_shares(u, name, &c->cpu_shares, message, flags, error);
-
-        if (streq(name, "StartupCPUShares"))
-                return bus_cgroup_set_cpu_shares(u, name, &c->startup_cpu_shares, message, flags, error);
-
        if (streq(name, "IOAccounting"))
                return bus_cgroup_set_boolean(u, name, &c->io_accounting, CGROUP_MASK_IO, message, flags, error);

@ -1142,15 +1060,6 @@ int bus_cgroup_set_property(
        if (streq(name, "StartupIOWeight"))
                return bus_cgroup_set_io_weight(u, name, &c->startup_io_weight, message, flags, error);

-        if (streq(name, "BlockIOAccounting"))
-                return bus_cgroup_set_boolean(u, name, &c->blockio_accounting, CGROUP_MASK_BLKIO, message, flags, error);
-
-        if (streq(name, "BlockIOWeight"))
-                return bus_cgroup_set_blockio_weight(u, name, &c->blockio_weight, message, flags, error);
-
-        if (streq(name, "StartupBlockIOWeight"))
-                return bus_cgroup_set_blockio_weight(u, name, &c->startup_blockio_weight, message, flags, error);
-
        if (streq(name, "MemoryAccounting"))
                return bus_cgroup_set_boolean(u, name, &c->memory_accounting, CGROUP_MASK_MEMORY, message, flags, error);

@ -1236,9 +1145,6 @@ int bus_cgroup_set_property(
                return r;
        }

-        if (streq(name, "MemoryLimit"))
-                return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error);
-
        if (streq(name, "MemoryMinScale")) {
                r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error);
                if (r > 0)
@ -1279,9 +1185,6 @@ int bus_cgroup_set_property(
        if (streq(name, "MemoryMaxScale"))
                return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error);

-        if (streq(name, "MemoryLimitScale"))
-                return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error);
-
        if (streq(name, "MemoryZSwapWriteback"))
                return bus_cgroup_set_boolean(u, name, &c->memory_zswap_writeback, CGROUP_MASK_MEMORY, message, flags, error);

@ -1622,180 +1525,6 @@ int bus_cgroup_set_property(

                return 1;

-        } else if (STR_IN_SET(name, "BlockIOReadBandwidth", "BlockIOWriteBandwidth")) {
-                const char *path;
-                unsigned n = 0;
-                uint64_t u64;
-                bool read;
-
-                read = streq(name, "BlockIOReadBandwidth");
-
-                r = sd_bus_message_enter_container(message, 'a', "(st)");
-                if (r < 0)
-                        return r;
-
-                while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) {
-
-                        if (!path_is_normalized(path))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
-
-                        if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                                CGroupBlockIODeviceBandwidth *a = NULL;
-
-                                LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
-                                        if (path_equal(path, b->path)) {
-                                                a = b;
-                                                break;
-                                        }
-
-                                if (!a) {
-                                        a = new0(CGroupBlockIODeviceBandwidth, 1);
-                                        if (!a)
-                                                return -ENOMEM;
-
-                                        a->rbps = CGROUP_LIMIT_MAX;
-                                        a->wbps = CGROUP_LIMIT_MAX;
-                                        a->path = strdup(path);
-                                        if (!a->path) {
-                                                free(a);
-                                                return -ENOMEM;
-                                        }
-
-                                        LIST_APPEND(device_bandwidths, c->blockio_device_bandwidths, a);
-                                }
-
-                                if (read)
-                                        a->rbps = u64;
-                                else
-                                        a->wbps = u64;
-                        }
-
-                        n++;
-                }
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(message);
-                if (r < 0)
-                        return r;
-
-                if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                        _cleanup_(memstream_done) MemStream m = {};
-                        _cleanup_free_ char *buf = NULL;
-                        FILE *f;
-
-                        if (n == 0)
-                                LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) {
-                                        if (read)
-                                                a->rbps = CGROUP_LIMIT_MAX;
-                                        else
-                                                a->wbps = CGROUP_LIMIT_MAX;
-                                }
-
-                        unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO);
-
-                        f = memstream_init(&m);
-                        if (!f)
-                                return -ENOMEM;
-
-                        if (read) {
-                                fputs("BlockIOReadBandwidth=\n", f);
-                                LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths)
-                                        if (a->rbps != CGROUP_LIMIT_MAX)
-                                                fprintf(f, "BlockIOReadBandwidth=%s %" PRIu64 "\n", a->path, a->rbps);
-                        } else {
-                                fputs("BlockIOWriteBandwidth=\n", f);
-                                LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths)
-                                        if (a->wbps != CGROUP_LIMIT_MAX)
-                                                fprintf(f, "BlockIOWriteBandwidth=%s %" PRIu64 "\n", a->path, a->wbps);
-                        }
-
-                        r = memstream_finalize(&m, &buf, NULL);
-                        if (r < 0)
-                                return r;
-
-                        unit_write_setting(u, flags, name, buf);
-                }
-
-                return 1;
-
-        } else if (streq(name, "BlockIODeviceWeight")) {
-                const char *path;
-                uint64_t weight;
-                unsigned n = 0;
-
-                r = sd_bus_message_enter_container(message, 'a', "(st)");
-                if (r < 0)
-                        return r;
-
-                while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) {
-
-                        if (!path_is_normalized(path))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
-
-                        if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight) || weight == CGROUP_BLKIO_WEIGHT_INVALID)
-                                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "BlockIODeviceWeight= out of range");
-
-                        if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                                CGroupBlockIODeviceWeight *a = NULL;
-
-                                LIST_FOREACH(device_weights, b, c->blockio_device_weights)
-                                        if (path_equal(b->path, path)) {
-                                                a = b;
-                                                break;
-                                        }
-
-                                if (!a) {
-                                        a = new0(CGroupBlockIODeviceWeight, 1);
-                                        if (!a)
-                                                return -ENOMEM;
-
-                                        a->path = strdup(path);
-                                        if (!a->path) {
-                                                free(a);
-                                                return -ENOMEM;
-                                        }
-                                        LIST_APPEND(device_weights, c->blockio_device_weights, a);
-                                }
-
-                                a->weight = weight;
-                        }
-
-                        n++;
-                }
-
-                r = sd_bus_message_exit_container(message);
-                if (r < 0)
-                        return r;
-
-                if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                        _cleanup_(memstream_done) MemStream m = {};
-                        _cleanup_free_ char *buf = NULL;
-                        FILE *f;
-
-                        if (n == 0)
-                                while (c->blockio_device_weights)
-                                        cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
-
-                        unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO);
-
-                        f = memstream_init(&m);
-                        if (!f)
-                                return -ENOMEM;
-
-                        fputs("BlockIODeviceWeight=\n", f);
-                        LIST_FOREACH(device_weights, a, c->blockio_device_weights)
-                                fprintf(f, "BlockIODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight);
-
-                        r = memstream_finalize(&m, &buf, NULL);
-                        if (r < 0)
-                                return r;
-
-                        unit_write_setting(u, flags, name, buf);
-                }
-
-                return 1;
-
        } else if (streq(name, "DevicePolicy")) {
                const char *policy;
                CGroupDevicePolicy p;
@ -2319,6 +2048,26 @@ int bus_cgroup_set_property(
                return 1;
        }

+        /* deprecated CGroup v1 properties */
+        if (STR_IN_SET(name,
+                       "MemoryLimit",
+                       "MemoryLimitScale",
+                       "CPUShares",
+                       "StartupCPUShares",
+                       "BlockIOAccounting",
+                       "BlockIOWeight",
+                       "StartupBlockIOWeight",
+                       "BlockIODeviceWeight",
+                       "BlockIOReadBandwidth",
+                       "BlockIOWriteBandwidth")) {
+
+                r = sd_bus_message_skip(message, NULL);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+
        /* must be last */
        if (streq(name, "DisableControllers") || (u->transient && u->load_state == UNIT_STUB))
                return bus_cgroup_set_transient_property(u, c, name, message, flags, error);
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@ -3057,7 +3057,6 @@ const sd_bus_vtable bus_manager_vtable[] = {
        SD_BUS_PROPERTY("DefaultStartLimitInterval", "t", bus_property_get_usec, offsetof(Manager, defaults.start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
        SD_BUS_PROPERTY("DefaultStartLimitBurst", "u", bus_property_get_unsigned, offsetof(Manager, defaults.start_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("DefaultCPUAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpu_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("DefaultIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.io_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
@ -3102,6 +3101,8 @@ const sd_bus_vtable bus_manager_vtable[] = {
        SD_BUS_PROPERTY("DefaultOOMScoreAdjust", "i", property_get_oom_score_adjust, 0, SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("CtrlAltDelBurstAction", "s", bus_property_get_emergency_action, offsetof(Manager, cad_burst_action), SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("SoftRebootsCount", "u", bus_property_get_unsigned, offsetof(Manager, soft_reboots_count), SD_BUS_VTABLE_PROPERTY_CONST),
+        /* deprecated cgroup v1 property */
+        SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),

        SD_BUS_METHOD_WITH_ARGS("GetUnit",
                                SD_BUS_ARGS("s", name),
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@ -267,7 +267,7 @@ static int acquire_path(const char *path, int flags, mode_t mode) {

        assert(path);

-        if (IN_SET(flags & O_ACCMODE, O_WRONLY, O_RDWR))
+        if (IN_SET(flags & O_ACCMODE_STRICT, O_WRONLY, O_RDWR))
                flags |= O_CREAT;

        fd = open(path, flags|O_NOCTTY, mode);
@ -291,9 +291,9 @@ static int acquire_path(const char *path, int flags, mode_t mode) {
        if (r < 0)
                return r;

-        if ((flags & O_ACCMODE) == O_RDONLY)
+        if ((flags & O_ACCMODE_STRICT) == O_RDONLY)
                r = shutdown(fd, SHUT_WR);
-        else if ((flags & O_ACCMODE) == O_WRONLY)
+        else if ((flags & O_ACCMODE_STRICT) == O_WRONLY)
                r = shutdown(fd, SHUT_RD);
        else
                r = 0;
@ -4967,7 +4967,7 @@ int exec_invoke(
                        return log_exec_error_errno(context, params, r, "Failed to acquire cgroup path: %m");
                }

-                r = cg_attach_everywhere(params->cgroup_supported, p, 0);
+                r = cg_attach(p, 0);
                if (r == -EUCLEAN) {
                        *exit_status = EXIT_CGROUP;
                        return log_exec_error_errno(context, params, r,
@ -5190,7 +5190,7 @@ int exec_invoke(
                if (params->flags & EXEC_CGROUP_DELEGATE) {
                        _cleanup_free_ char *p = NULL;

-                        r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, uid, gid);
+                        r = cg_set_access(params->cgroup_path, uid, gid);
                        if (r < 0) {
                                *exit_status = EXIT_CGROUP;
                                return log_exec_error_errno(context, params, r, "Failed to adjust control group access: %m");
@ -5202,7 +5202,7 @@ int exec_invoke(
                                return log_exec_error_errno(context, params, r, "Failed to acquire cgroup path: %m");
                        }
                        if (r > 0) {
-                                r = cg_set_access_recursive(SYSTEMD_CGROUP_CONTROLLER, p, uid, gid);
+                                r = cg_set_access_recursive(p, uid, gid);
                                if (r < 0) {
                                        *exit_status = EXIT_CGROUP;
                                        return log_exec_error_errno(context, params, r, "Failed to adjust control subgroup access: %m");
@ -5210,7 +5210,7 @@ int exec_invoke(
                        }
                }

-                if (cg_unified() > 0 && is_pressure_supported() > 0) {
+                if (is_pressure_supported() > 0) {
                        if (cgroup_context_want_memory_pressure(cgroup_context)) {
                                r = cg_get_path("memory", params->cgroup_path, "memory.pressure", &memory_pressure_path);
                                if (r < 0) {
--- a/src/core/execute-serialize.c
+++ b/src/core/execute-serialize.c
@ -40,10 +40,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
        if (r < 0)
                return r;

-        r = serialize_bool_elide(f, "exec-cgroup-context-block-io-accounting", c->blockio_accounting);
-        if (r < 0)
-                return r;
-
        r = serialize_bool_elide(f, "exec-cgroup-context-memory-accounting", c->memory_accounting);
        if (r < 0)
                return r;
@ -72,18 +68,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
                        return r;
        }

-        if (c->cpu_shares != CGROUP_CPU_SHARES_INVALID) {
-                r = serialize_item_format(f, "exec-cgroup-context-cpu-shares", "%" PRIu64, c->cpu_shares);
-                if (r < 0)
-                        return r;
-        }
-
-        if (c->startup_cpu_shares != CGROUP_CPU_SHARES_INVALID) {
-                r = serialize_item_format(f, "exec-cgroup-context-startup-cpu-shares", "%" PRIu64, c->startup_cpu_shares);
-                if (r < 0)
-                        return r;
-        }
-
        if (c->cpu_quota_per_sec_usec != USEC_INFINITY) {
                r = serialize_usec(f, "exec-cgroup-context-cpu-quota-per-sec-usec", c->cpu_quota_per_sec_usec);
                if (r < 0)
@ -140,18 +124,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
                        return r;
        }

-        if (c->blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID) {
-                r = serialize_item_format(f, "exec-cgroup-context-block-io-weight", "%" PRIu64, c->blockio_weight);
-                if (r < 0)
-                        return r;
-        }
-
-        if (c->startup_blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID) {
-                r = serialize_item_format(f, "exec-cgroup-context-startup-block-io-weight", "%" PRIu64, c->startup_blockio_weight);
-                if (r < 0)
-                        return r;
-        }
-
        if (c->default_memory_min > 0) {
                r = serialize_item_format(f, "exec-cgroup-context-default-memory-min", "%" PRIu64, c->default_memory_min);
                if (r < 0)
@ -234,12 +206,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
        if (r < 0)
                return r;

-        if (c->memory_limit != CGROUP_LIMIT_MAX) {
-                r = serialize_item_format(f, "exec-cgroup-context-memory-limit", "%" PRIu64, c->memory_limit);
-                if (r < 0)
-                        return r;
-        }
-
        if (c->tasks_max.value != UINT64_MAX) {
                r = serialize_item_format(f, "exec-cgroup-context-tasks-max-value", "%" PRIu64, c->tasks_max.value);
                if (r < 0)
@ -390,31 +356,6 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
                                return r;
                }

-        LIST_FOREACH(device_weights, w, c->blockio_device_weights) {
-                r = serialize_item_format(f, "exec-cgroup-context-blockio-device-weight", "%s %" PRIu64,
-                                          w->path,
-                                          w->weight);
-                if (r < 0)
-                        return r;
-        }
-
-        LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
-                if (b->rbps != CGROUP_LIMIT_MAX) {
-                        r = serialize_item_format(f, "exec-cgroup-context-blockio-read-bandwidth", "%s %" PRIu64,
-                                                  b->path,
-                                                  b->rbps);
-                        if (r < 0)
-                                return r;
-                }
-                if (b->wbps != CGROUP_LIMIT_MAX) {
-                        r = serialize_item_format(f, "exec-cgroup-context-blockio-write-bandwidth", "%s %" PRIu64,
-                                                  b->path,
-                                                  b->wbps);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
        SET_FOREACH(iaai, c->ip_address_allow) {
                r = serialize_item(f,
                                   "exec-cgroup-context-ip-address-allow",
@ -512,11 +453,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                        if (r < 0)
                                return r;
                        c->io_accounting = r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-accounting="))) {
-                        r = parse_boolean(val);
-                        if (r < 0)
-                                return r;
-                        c->blockio_accounting = r;
                } else if ((val = startswith(l, "exec-cgroup-context-memory-accounting="))) {
                        r = parse_boolean(val);
                        if (r < 0)
@ -545,14 +481,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                        r = safe_atou64(val, &c->startup_cpu_weight);
                        if (r < 0)
                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-cpu-shares="))) {
-                        r = safe_atou64(val, &c->cpu_shares);
-                        if (r < 0)
-                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-startup-cpu-shares="))) {
-                        r = safe_atou64(val, &c->startup_cpu_shares);
-                        if (r < 0)
-                                return r;
                } else if ((val = startswith(l, "exec-cgroup-context-cpu-quota-per-sec-usec="))) {
                        r = deserialize_usec(val, &c->cpu_quota_per_sec_usec);
                        if (r < 0)
@ -625,14 +553,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                        r = safe_atou64(val, &c->startup_io_weight);
                        if (r < 0)
                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-weight="))) {
-                        r = safe_atou64(val, &c->blockio_weight);
-                        if (r < 0)
-                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-startup-block-io-weight="))) {
-                        r = safe_atou64(val, &c->startup_blockio_weight);
-                        if (r < 0)
-                                return r;
                } else if ((val = startswith(l, "exec-cgroup-context-default-memory-min="))) {
                        r = safe_atou64(val, &c->default_memory_min);
                        if (r < 0)
@ -690,10 +610,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                        if (r < 0)
                                return r;
                        c->memory_zswap_writeback = r;
-                } else if ((val = startswith(l, "exec-cgroup-context-memory-limit="))) {
-                        r = safe_atou64(val, &c->memory_limit);
-                        if (r < 0)
-                                return r;
                } else if ((val = startswith(l, "exec-cgroup-context-tasks-max-value="))) {
                        r = safe_atou64(val, &c->tasks_max.value);
                        if (r < 0)
@ -912,87 +828,6 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
                        r = safe_atou64(limits, &limit->limits[t]);
                        if (r < 0)
                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-device-weight="))) {
-                        _cleanup_free_ char *path = NULL, *weight = NULL;
-                        CGroupBlockIODeviceWeight *a = NULL;
-
-                        r = extract_many_words(&val, " ", 0, &path, &weight);
-                        if (r < 0)
-                                return r;
-                        if (r != 2)
-                                return -EINVAL;
-
-                        a = new0(CGroupBlockIODeviceWeight, 1);
-                        if (!a)
-                                return log_oom_debug();
-
-                        a->path = TAKE_PTR(path);
-
-                        LIST_PREPEND(device_weights, c->blockio_device_weights, a);
-
-                        r = safe_atou64(weight, &a->weight);
-                        if (r < 0)
-                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-read-bandwidth="))) {
-                        _cleanup_free_ char *path = NULL, *bw = NULL;
-                        CGroupBlockIODeviceBandwidth *a = NULL;
-
-                        r = extract_many_words(&val, " ", 0, &path, &bw);
-                        if (r < 0)
-                                return r;
-                        if (r != 2)
-                                return -EINVAL;
-
-                        LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
-                                if (path_equal(b->path, path)) {
-                                        a = b;
-                                        break;
-                                }
-
-                        if (!a) {
-                                a = new0(CGroupBlockIODeviceBandwidth, 1);
-                                if (!a)
-                                        return log_oom_debug();
-
-                                a->path = TAKE_PTR(path);
-                                a->wbps = CGROUP_LIMIT_MAX;
-
-                                LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, a);
-                        }
-
-                        r = safe_atou64(bw, &a->rbps);
-                        if (r < 0)
-                                return r;
-                } else if ((val = startswith(l, "exec-cgroup-context-block-io-write-bandwidth="))) {
-                        _cleanup_free_ char *path = NULL, *bw = NULL;
-                        CGroupBlockIODeviceBandwidth *a = NULL;
-
-                        r = extract_many_words(&val, " ", 0, &path, &bw);
-                        if (r < 0)
-                                return r;
-                        if (r != 2)
-                                return -EINVAL;
-
-                        LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths)
-                                if (path_equal(b->path, path)) {
-                                        a = b;
-                                        break;
-                                }
-
-                        if (!a) {
-                                a = new0(CGroupBlockIODeviceBandwidth, 1);
-                                if (!a)
-                                        return log_oom_debug();
-
-                                a->path = TAKE_PTR(path);
-                                a->rbps = CGROUP_LIMIT_MAX;
-
-                                LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, a);
-                        }
-
-                        r = safe_atou64(bw, &a->wbps);
-                        if (r < 0)
-                                return r;
                } else if ((val = startswith(l, "exec-cgroup-context-ip-address-allow="))) {
                        struct in_addr_prefix a;

--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -508,7 +508,7 @@ int exec_spawn(
                        /* If there's a subcgroup, then let's create it here now (the main cgroup was already
                         * realized by the unit logic) */

-                        r = cg_create(SYSTEMD_CGROUP_CONTROLLER, subcgroup_path);
+                        r = cg_create(subcgroup_path);
                        if (r < 0)
                                return log_unit_error_errno(unit, r, "Failed to create subcgroup '%s': %m", subcgroup_path);
                }
@ -576,7 +576,7 @@ int exec_spawn(
                                  "--log-level", max_log_levels,
                                  "--log-target", log_target_to_string(manager_get_executor_log_target(unit->manager))),
                        environ,
-                        cg_unified() > 0 ? subcgroup_path : NULL,
+                        subcgroup_path,
                        &pidref);

        /* Drop the ambient set again, so no processes other than sd-executore spawned from the manager inherit it. */
@ -593,7 +593,7 @@ int exec_spawn(
         * executed outside of the cgroup) and in the parent (so that we can be sure that when we kill the cgroup the
         * process will be killed too). */
        if (r == 0 && subcgroup_path)
-                (void) cg_attach(SYSTEMD_CGROUP_CONTROLLER, subcgroup_path, pidref.pid);
+                (void) cg_attach(subcgroup_path, pidref.pid);
        /* r > 0: Already in the right cgroup thanks to CLONE_INTO_CGROUP */

        log_unit_debug(unit, "Forked %s as " PID_FMT " (%s CLONE_INTO_CGROUP)",
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@ -204,8 +204,8 @@
 {{type}}.CPUAccounting,                       config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.cpu_accounting)
 {{type}}.CPUWeight,                           config_parse_cg_cpu_weight,                         0,                                  offsetof({{type}}, cgroup_context.cpu_weight)
 {{type}}.StartupCPUWeight,                    config_parse_cg_cpu_weight,                         0,                                  offsetof({{type}}, cgroup_context.startup_cpu_weight)
-{{type}}.CPUShares,                           config_parse_cpu_shares,                            0,                                  offsetof({{type}}, cgroup_context.cpu_shares)
-{{type}}.StartupCPUShares,                    config_parse_cpu_shares,                            0,                                  offsetof({{type}}, cgroup_context.startup_cpu_shares)
+{{type}}.CPUShares,                           config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.StartupCPUShares,                    config_parse_warn_compat,                           DISABLED_LEGACY,                    0
 {{type}}.CPUQuota,                            config_parse_cpu_quota,                             0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.CPUQuotaPeriodSec,                   config_parse_sec_def_infinity,                      0,                                  offsetof({{type}}, cgroup_context.cpu_quota_period_usec)
 {{type}}.MemoryAccounting,                    config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.memory_accounting)
@ -224,7 +224,7 @@
 {{type}}.MemoryZSwapMax,                      config_parse_memory_limit,                          0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.StartupMemoryZSwapMax,               config_parse_memory_limit,                          0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.MemoryZSwapWriteback,                config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.memory_zswap_writeback)
-{{type}}.MemoryLimit,                         config_parse_memory_limit,                          0,                                  offsetof({{type}}, cgroup_context)
+{{type}}.MemoryLimit,                         config_parse_warn_compat,                           DISABLED_LEGACY,                    0
 {{type}}.DeviceAllow,                         config_parse_device_allow,                          0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.DevicePolicy,                        config_parse_device_policy,                         0,                                  offsetof({{type}}, cgroup_context.device_policy)
 {{type}}.IOAccounting,                        config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.io_accounting)
@ -236,12 +236,12 @@
 {{type}}.IOReadIOPSMax,                       config_parse_io_limit,                              0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.IOWriteIOPSMax,                      config_parse_io_limit,                              0,                                  offsetof({{type}}, cgroup_context)
 {{type}}.IODeviceLatencyTargetSec,            config_parse_io_device_latency,                     0,                                  offsetof({{type}}, cgroup_context)
-{{type}}.BlockIOAccounting,                   config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.blockio_accounting)
-{{type}}.BlockIOWeight,                       config_parse_blockio_weight,                        0,                                  offsetof({{type}}, cgroup_context.blockio_weight)
-{{type}}.StartupBlockIOWeight,                config_parse_blockio_weight,                        0,                                  offsetof({{type}}, cgroup_context.startup_blockio_weight)
-{{type}}.BlockIODeviceWeight,                 config_parse_blockio_device_weight,                 0,                                  offsetof({{type}}, cgroup_context)
-{{type}}.BlockIOReadBandwidth,                config_parse_blockio_bandwidth,                     0,                                  offsetof({{type}}, cgroup_context)
-{{type}}.BlockIOWriteBandwidth,               config_parse_blockio_bandwidth,                     0,                                  offsetof({{type}}, cgroup_context)
+{{type}}.BlockIOAccounting,                   config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.BlockIOWeight,                       config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.StartupBlockIOWeight,                config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.BlockIODeviceWeight,                 config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.BlockIOReadBandwidth,                config_parse_warn_compat,                           DISABLED_LEGACY,                    0
+{{type}}.BlockIOWriteBandwidth,               config_parse_warn_compat,                           DISABLED_LEGACY,                    0
 {{type}}.TasksAccounting,                     config_parse_bool,                                  0,                                  offsetof({{type}}, cgroup_context.tasks_accounting)
 {{type}}.TasksMax,                            config_parse_tasks_max,                             0,                                  offsetof({{type}}, cgroup_context.tasks_max)
 {{type}}.Delegate,                            config_parse_delegate,                              0,                                  offsetof({{type}}, cgroup_context)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@ -153,38 +153,13 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy);
 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference, managed_oom_preference, ManagedOOMPreference);
 DEFINE_CONFIG_PARSE_ENUM(config_parse_memory_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch);
 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1);
-DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t);
 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t);
 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight, cg_cpu_weight_parse, uint64_t);
-static DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares_internal, cg_cpu_shares_parse, uint64_t);
 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_propagation_flag, mount_propagation_flag_from_string, unsigned long);
 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1);
 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat);
 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping);

-int config_parse_cpu_shares(
-                const char *unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-
-        log_syntax(unit, LOG_WARNING, filename, line, 0,
-                   "Unit uses %s=; please use CPUWeight= instead. Support for %s= will be removed soon.",
-                   lvalue, lvalue);
-
-        return config_parse_cpu_shares_internal(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
-}
-
 bool contains_instance_specifier_superset(const char *s) {
        const char *p, *q;
        bool percent = false;
@ -3899,10 +3874,6 @@ int config_parse_memory_limit(
        else if (streq(lvalue, "StartupMemoryZSwapMax")) {
                c->startup_memory_zswap_max = bytes;
                c->startup_memory_zswap_max_set = true;
-        } else if (streq(lvalue, "MemoryLimit")) {
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
-                           "Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.");
-                c->memory_limit = bytes;
        } else
                return -EINVAL;

@ -4477,177 +4448,6 @@ int config_parse_io_limit(
        return 0;
 }

-int config_parse_blockio_device_weight(
-                const char *unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        _cleanup_free_ char *path = NULL, *resolved = NULL;
-        CGroupBlockIODeviceWeight *w;
-        CGroupContext *c = data;
-        const char *p = ASSERT_PTR(rvalue);
-        uint64_t u;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-
-        log_syntax(unit, LOG_WARNING, filename, line, 0,
-                   "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
-                   lvalue, lvalue);
-
-        if (isempty(rvalue)) {
-                while (c->blockio_device_weights)
-                        cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
-
-                return 0;
-        }
-
-        r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
-        if (r == -ENOMEM)
-                return log_oom();
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to extract device node and weight from '%s', ignoring.", rvalue);
-                return 0;
-        }
-        if (r == 0 || isempty(p)) {
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
-                           "Invalid device node or weight specified in '%s', ignoring.", rvalue);
-                return 0;
-        }
-
-        r = unit_path_printf(userdata, path, &resolved);
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
-                return 0;
-        }
-
-        r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
-        if (r < 0)
-                return 0;
-
-        r = cg_blkio_weight_parse(p, &u);
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
-                return 0;
-        }
-
-        assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
-
-        w = new0(CGroupBlockIODeviceWeight, 1);
-        if (!w)
-                return log_oom();
-
-        w->path = TAKE_PTR(resolved);
-        w->weight = u;
-
-        LIST_APPEND(device_weights, c->blockio_device_weights, w);
-        return 0;
-}
-
-int config_parse_blockio_bandwidth(
-                const char *unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        _cleanup_free_ char *path = NULL, *resolved = NULL;
-        CGroupBlockIODeviceBandwidth *b = NULL;
-        CGroupContext *c = data;
-        const char *p = ASSERT_PTR(rvalue);
-        uint64_t bytes;
-        bool read;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-
-        log_syntax(unit, LOG_WARNING, filename, line, 0,
-                   "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
-                   lvalue, lvalue);
-
-        read = streq("BlockIOReadBandwidth", lvalue);
-
-        if (isempty(rvalue)) {
-                LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
-                        t->rbps = CGROUP_LIMIT_MAX;
-                        t->wbps = CGROUP_LIMIT_MAX;
-                }
-                return 0;
-        }
-
-        r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
-        if (r == -ENOMEM)
-                return log_oom();
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
-                return 0;
-        }
-        if (r == 0 || isempty(p)) {
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
-                           "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue);
-                return 0;
-        }
-
-        r = unit_path_printf(userdata, path, &resolved);
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
-                return 0;
-        }
-
-        r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
-        if (r < 0)
-                return 0;
-
-        r = parse_size(p, 1000, &bytes);
-        if (r < 0 || bytes <= 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
-                return 0;
-        }
-
-        LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths)
-                if (path_equal(resolved, t->path)) {
-                        b = t;
-                        break;
-                }
-
-        if (!b) {
-                b = new0(CGroupBlockIODeviceBandwidth, 1);
-                if (!b)
-                        return log_oom();
-
-                b->path = TAKE_PTR(resolved);
-                b->rbps = CGROUP_LIMIT_MAX;
-                b->wbps = CGROUP_LIMIT_MAX;
-
-                LIST_APPEND(device_bandwidths, c->blockio_device_bandwidths, b);
-        }
-
-        if (read)
-                b->rbps = bytes;
-        else
-                b->wbps = bytes;
-
-        return 0;
-}
-
 int config_parse_job_mode_isolate(
                const char *unit,
                const char *filename,
@ -6372,7 +6172,6 @@ void unit_dump_config_items(FILE *f) {
 #endif
                { config_parse_namespace_flags,       "NAMESPACES" },
                { config_parse_restrict_filesystems,  "FILESYSTEMS"  },
-                { config_parse_cpu_shares,            "SHARES" },
                { config_parse_cg_weight,             "WEIGHT" },
                { config_parse_cg_cpu_weight,         "CPUWEIGHT" },
                { config_parse_memory_limit,          "LIMIT" },
@ -6381,9 +6180,6 @@ void unit_dump_config_items(FILE *f) {
                { config_parse_io_limit,              "LIMIT" },
                { config_parse_io_device_weight,      "DEVICEWEIGHT" },
                { config_parse_io_device_latency,     "DEVICELATENCY" },
-                { config_parse_blockio_bandwidth,     "BANDWIDTH" },
-                { config_parse_blockio_weight,        "WEIGHT" },
-                { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
                { config_parse_long,                  "LONG" },
                { config_parse_socket_service,        "SERVICE" },
 #if HAVE_SELINUX
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@ -81,7 +81,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_unset_environ);
 CONFIG_PARSER_PROTOTYPE(config_parse_unit_slice);
 CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight);
 CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight);
-CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares);
 CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit);
 CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max);
 CONFIG_PARSER_PROTOTYPE(config_parse_delegate);
@ -95,9 +94,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_device_allow);
 CONFIG_PARSER_PROTOTYPE(config_parse_io_device_latency);
 CONFIG_PARSER_PROTOTYPE(config_parse_io_device_weight);
 CONFIG_PARSER_PROTOTYPE(config_parse_io_limit);
-CONFIG_PARSER_PROTOTYPE(config_parse_blockio_weight);
-CONFIG_PARSER_PROTOTYPE(config_parse_blockio_device_weight);
-CONFIG_PARSER_PROTOTYPE(config_parse_blockio_bandwidth);
 CONFIG_PARSER_PROTOTYPE(config_parse_job_mode);
 CONFIG_PARSER_PROTOTYPE(config_parse_job_mode_isolate);
 CONFIG_PARSER_PROTOTYPE(config_parse_exec_selinux_context);
--- a/src/core/main.c
+++ b/src/core/main.c
@ -794,7 +794,7 @@ static int parse_config_file(void) {
                { "Manager", "DefaultCPUAccounting",         config_parse_bool,                  0,                        &arg_defaults.cpu_accounting      },
                { "Manager", "DefaultIOAccounting",          config_parse_bool,                  0,                        &arg_defaults.io_accounting       },
                { "Manager", "DefaultIPAccounting",          config_parse_bool,                  0,                        &arg_defaults.ip_accounting       },
-                { "Manager", "DefaultBlockIOAccounting",     config_parse_bool,                  0,                        &arg_defaults.blockio_accounting  },
+                { "Manager", "DefaultBlockIOAccounting",     config_parse_warn_compat,           DISABLED_LEGACY,          NULL                              },
                { "Manager", "DefaultMemoryAccounting",      config_parse_bool,                  0,                        &arg_defaults.memory_accounting   },
                { "Manager", "DefaultTasksAccounting",       config_parse_bool,                  0,                        &arg_defaults.tasks_accounting    },
                { "Manager", "DefaultTasksMax",              config_parse_tasks_max,             0,                        &arg_defaults.tasks_max           },
--- a/src/core/scope.c
+++ b/src/core/scope.c
@ -371,7 +371,7 @@ static int scope_enter_start_chown(Scope *s) {
                        }
                }

-                r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_runtime->cgroup_path, uid, gid);
+                r = cg_set_access(s->cgroup_runtime->cgroup_path, uid, gid);
                if (r < 0) {
                        log_unit_error_errno(UNIT(s), r, "Failed to adjust control group access: %m");
                        _exit(EXIT_CGROUP);
--- a/src/core/service.c
+++ b/src/core/service.c
@ -729,9 +729,6 @@ static int service_verify(Service *s) {
        if (s->type == SERVICE_SIMPLE && s->exec_command[SERVICE_EXEC_START_POST] && exec_context_has_credentials(&s->exec_context))
                log_unit_warning(UNIT(s), "Service uses a combination of Type=simple, ExecStartPost=, and credentials. This could lead to race conditions. Continuing.");

-        if (s->exit_type == SERVICE_EXIT_CGROUP && cg_unified() < CGROUP_UNIFIED_SYSTEMD)
-                log_unit_warning(UNIT(s), "Service has ExitType=cgroup set, but we are running with legacy cgroups v1, which might not work correctly. Continuing.");
-
        if (s->restart_max_delay_usec == USEC_INFINITY && s->restart_steps > 0)
                log_unit_warning(UNIT(s), "Service has RestartSteps= but no RestartMaxDelaySec= setting. Ignoring.");

--- a/src/core/unit.c
+++ b/src/core/unit.c
@ -173,7 +173,6 @@ static void unit_init(Unit *u) {

                cc->cpu_accounting = u->manager->defaults.cpu_accounting;
                cc->io_accounting = u->manager->defaults.io_accounting;
-                cc->blockio_accounting = u->manager->defaults.blockio_accounting;
                cc->memory_accounting = u->manager->defaults.memory_accounting;
                cc->tasks_accounting = u->manager->defaults.tasks_accounting;
                cc->ip_accounting = u->manager->defaults.ip_accounting;
@ -1572,9 +1571,6 @@ static int unit_add_oomd_dependencies(Unit *u) {
        if (!wants_oomd)
                return 0;

-        if (!cg_all_unified())
-                return 0;
-
        r = cg_mask_supported(&mask);
        if (r < 0)
                return log_debug_errno(r, "Failed to determine supported controllers: %m");
@ -4809,15 +4805,6 @@ int unit_kill_context(Unit *u, KillOperation k) {

                } else if (r > 0) {

-                        /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
-                         * we are running in a container or if this is a delegation unit, simply because cgroup
-                         * notification is unreliable in these cases. It doesn't work at all in containers, and outside
-                         * of containers it can be confused easily by left-over directories in the cgroup — which
-                         * however should not exist in non-delegated units. On the unified hierarchy that's different,
-                         * there we get proper events. Hence rely on them. */
-
-                        if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
-                            (detect_container() == 0 && !unit_cgroup_delegate(u)))
                        wait_for_exit = true;

                        if (send_sighup) {
@ -5418,7 +5405,7 @@ int unit_fork_helper_process(Unit *u, const char *name, bool into_cgroup, PidRef
        (void) ignore_signals(SIGPIPE);

        if (crt && crt->cgroup_path) {
-                r = cg_attach_everywhere(u->manager->cgroup_supported, crt->cgroup_path, 0);
+                r = cg_attach(crt->cgroup_path, 0);
                if (r < 0) {
                        log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", empty_to_root(crt->cgroup_path));
                        _exit(EXIT_CGROUP);
--- a/src/coredump/coredump-vacuum.c
+++ b/src/coredump/coredump-vacuum.c
@ -38,11 +38,10 @@ static VacuumCandidate* vacuum_candidate_free(VacuumCandidate *c) {
 }
 DEFINE_TRIVIAL_CLEANUP_FUNC(VacuumCandidate*, vacuum_candidate_free);

-static Hashmap* vacuum_candidate_hashmap_free(Hashmap *h) {
-        return hashmap_free_with_destructor(h, vacuum_candidate_free);
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Hashmap*, vacuum_candidate_hashmap_free);
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                vacuum_candidate_hash_ops,
+                void, trivial_hash_func, trivial_compare_func,
+                VacuumCandidate, vacuum_candidate_free);

 static int uid_from_file_name(const char *filename, uid_t *uid) {
        const char *p, *e, *u;
@ -141,7 +140,7 @@ int coredump_vacuum(int exclude_fd, uint64_t keep_free, uint64_t max_use) {
        }

        for (;;) {
-                _cleanup_(vacuum_candidate_hashmap_freep) Hashmap *h = NULL;
+                _cleanup_hashmap_free_ Hashmap *h = NULL;
                VacuumCandidate *worst = NULL;
                uint64_t sum = 0;

@ -171,10 +170,6 @@ int coredump_vacuum(int exclude_fd, uint64_t keep_free, uint64_t max_use) {
                        if (exclude_fd >= 0 && stat_inode_same(&exclude_st, &st))
                                continue;

-                        r = hashmap_ensure_allocated(&h, NULL);
-                        if (r < 0)
-                                return log_oom();
-
                        t = timespec_load(&st.st_mtim);

                        c = hashmap_get(h, UID_TO_PTR(uid));
@ -197,7 +192,7 @@ int coredump_vacuum(int exclude_fd, uint64_t keep_free, uint64_t max_use) {
                                        return r;
                                n->oldest_mtime = t;

-                                r = hashmap_put(h, UID_TO_PTR(uid), n);
+                                r = hashmap_ensure_put(&h, &vacuum_candidate_hash_ops, UID_TO_PTR(uid), n);
                                if (r < 0)
                                        return log_oom();

--- a/src/hostname/hostnamectl.c
+++ b/src/hostname/hostnamectl.c
@ -66,6 +66,9 @@ typedef struct StatusInfo {
        const char *hardware_serial;
        sd_id128_t product_uuid;
        uint32_t vsock_cid;
+        const char *hardware_family;
+        const char *hardware_sku;
+        const char *hardware_version;
 } StatusInfo;

 static const char* chassis_string_to_glyph(const char *chassis) {
@ -320,6 +323,30 @@ static int print_status_info(StatusInfo *i) {
                        return table_log_add_error(r);
        }

+        if (!isempty(i->hardware_family)) {
+                r = table_add_many(table,
+                                   TABLE_FIELD, "Hardware Family",
+                                   TABLE_STRING, i->hardware_family);
+                if (r < 0)
+                        return table_log_add_error(r);
+        }
+
+        if (!isempty(i->hardware_sku)) {
+                r = table_add_many(table,
+                                   TABLE_FIELD, "Hardware SKU",
+                                   TABLE_STRING, i->hardware_sku);
+                if (r < 0)
+                        return table_log_add_error(r);
+        }
+
+        if (!isempty(i->hardware_version)) {
+                r = table_add_many(table,
+                                   TABLE_FIELD, "Hardware Version",
+                                   TABLE_STRING, i->hardware_version);
+                if (r < 0)
+                        return table_log_add_error(r);
+        }
+
        if (!isempty(i->firmware_version)) {
                r = table_add_many(table,
                                   TABLE_FIELD, "Firmware Version",
@ -413,6 +440,9 @@ static int show_all_names(sd_bus *bus) {
                { "HomeURL",                     "s",  NULL,          offsetof(StatusInfo, home_url)         },
                { "HardwareVendor",              "s",  NULL,          offsetof(StatusInfo, hardware_vendor)  },
                { "HardwareModel",               "s",  NULL,          offsetof(StatusInfo, hardware_model)   },
+                { "HardwareFamily",              "s",  NULL,          offsetof(StatusInfo, hardware_family)  },
+                { "HardwareSKU",                 "s",  NULL,          offsetof(StatusInfo, hardware_sku)     },
+                { "HardwareVersion",             "s",  NULL,          offsetof(StatusInfo, hardware_version) },
                { "FirmwareVersion",             "s",  NULL,          offsetof(StatusInfo, firmware_version) },
                { "FirmwareDate",                "t",  NULL,          offsetof(StatusInfo, firmware_date)    },
                { "MachineID",                   "ay", bus_map_id128, offsetof(StatusInfo, machine_id)       },
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@ -62,6 +62,9 @@ typedef enum {
        PROP_LOCATION,
        PROP_HARDWARE_VENDOR,
        PROP_HARDWARE_MODEL,
+        PROP_HARDWARE_FAMILY,
+        PROP_HARDWARE_SKU,
+        PROP_HARDWARE_VERSION,

        /* Read from /etc/os-release (or /usr/lib/os-release) */
        PROP_OS_PRETTY_NAME,
@ -166,7 +169,10 @@ static void context_read_machine_info(Context *c) {
                      (UINT64_C(1) << PROP_DEPLOYMENT) |
                      (UINT64_C(1) << PROP_LOCATION) |
                      (UINT64_C(1) << PROP_HARDWARE_VENDOR) |
-                      (UINT64_C(1) << PROP_HARDWARE_MODEL));
+                      (UINT64_C(1) << PROP_HARDWARE_MODEL) |
+                      (UINT64_C(1) << PROP_HARDWARE_FAMILY) |
+                      (UINT64_C(1) << PROP_HARDWARE_SKU) |
+                      (UINT64_C(1) << PROP_HARDWARE_VERSION));

        r = parse_env_file(NULL, "/etc/machine-info",
                           "PRETTY_HOSTNAME", &c->data[PROP_PRETTY_HOSTNAME],
@ -175,7 +181,10 @@ static void context_read_machine_info(Context *c) {
                           "DEPLOYMENT", &c->data[PROP_DEPLOYMENT],
                           "LOCATION", &c->data[PROP_LOCATION],
                           "HARDWARE_VENDOR", &c->data[PROP_HARDWARE_VENDOR],
-                           "HARDWARE_MODEL", &c->data[PROP_HARDWARE_MODEL]);
+                           "HARDWARE_MODEL", &c->data[PROP_HARDWARE_MODEL],
+                           "HARDWARE_FAMILY", &c->data[PROP_HARDWARE_FAMILY],
+                           "HARDWARE_SKU", &c->data[PROP_HARDWARE_SKU],
+                           "HARDWARE_VERSION", &c->data[PROP_HARDWARE_VERSION]);
        if (r < 0 && r != -ENOENT)
                log_warning_errno(r, "Failed to read /etc/machine-info, ignoring: %m");

@ -395,6 +404,29 @@ static int get_hardware_serial(Context *c, char **ret) {
        return get_device_tree_sysattr(c, "serial-number", ret);
 }

+static int get_hardware_version(Context *c, char **ret) {
+        int r = -ENOENT;
+
+        assert(c);
+        assert(ret);
+
+        FOREACH_STRING(attr, "product_version", "board_version") {
+                r = get_dmi_sysattr(c, attr, ret);
+                if (r >= 0 || !ERRNO_IS_NEG_DEVICE_ABSENT(r))
+                        return r;
+        }
+
+        return r;
+}
+
+static int get_hardware_family(Context *c, char **ret) {
+        return get_dmi_sysattr(c, "product_family", ret);
+}
+
+static int get_hardware_sku(Context *c, char **ret) {
+        return get_dmi_sysattr(c, "product_sku", ret);
+}
+
 static int get_firmware_version(Context *c, char **ret) {
        return get_dmi_sysattr(c, "bios_version", ret);
 }
@ -820,7 +852,9 @@ static int property_get_hardware_property(

        assert(reply);
        assert(c);
-        assert(IN_SET(prop, PROP_HARDWARE_VENDOR, PROP_HARDWARE_MODEL));
+        assert(IN_SET(prop, PROP_HARDWARE_VENDOR, PROP_HARDWARE_MODEL,
+                      PROP_HARDWARE_FAMILY, PROP_HARDWARE_SKU,
+                      PROP_HARDWARE_VERSION));
        assert(getter);

        context_read_machine_info(c);
@ -855,6 +889,42 @@ static int property_get_hardware_model(
        return property_get_hardware_property(reply, userdata, PROP_HARDWARE_MODEL, get_hardware_model);
 }

+static int property_get_hardware_family(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        return property_get_hardware_property(reply, userdata, PROP_HARDWARE_FAMILY, get_hardware_family);
+}
+
+static int property_get_hardware_sku(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        return property_get_hardware_property(reply, userdata, PROP_HARDWARE_SKU, get_hardware_sku);
+}
+
+static int property_get_hardware_version(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        return property_get_hardware_property(reply, userdata, PROP_HARDWARE_VERSION, get_hardware_version);
+}
+
 static int property_get_firmware_version(
                sd_bus *bus,
                const char *path,
@ -1535,7 +1605,8 @@ static int method_get_hardware_serial(sd_bus_message *m, void *userdata, sd_bus_
 static int build_describe_response(Context *c, bool privileged, sd_json_variant **ret) {
        _cleanup_free_ char *hn = NULL, *dhn = NULL, *in = NULL,
                *chassis = NULL, *vendor = NULL, *model = NULL, *serial = NULL, *firmware_version = NULL,
-                *firmware_vendor = NULL, *chassis_asset_tag = NULL;
+                *firmware_vendor = NULL, *chassis_asset_tag = NULL, *family = NULL, *sku = NULL,
+                *version = NULL;
        _cleanup_strv_free_ char **os_release_pairs = NULL, **machine_info_pairs = NULL;
        usec_t firmware_date = USEC_INFINITY, eol = USEC_INFINITY;
        _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
@ -1571,6 +1642,12 @@ static int build_describe_response(Context *c, bool privileged, sd_json_variant
                (void) get_hardware_vendor(c, &vendor);
        if (isempty(c->data[PROP_HARDWARE_MODEL]))
                (void) get_hardware_model(c, &model);
+        if (isempty(c->data[PROP_HARDWARE_FAMILY]))
+                (void) get_hardware_family(c, &family);
+        if (isempty(c->data[PROP_HARDWARE_SKU]))
+                (void) get_hardware_sku(c, &sku);
+        if (isempty(c->data[PROP_HARDWARE_VERSION]))
+                (void) get_hardware_version(c, &version);

        if (privileged) {
                /* The product UUID and hardware serial is only available to privileged clients */
@ -1624,6 +1701,9 @@ static int build_describe_response(Context *c, bool privileged, sd_json_variant
                        SD_JSON_BUILD_PAIR_STRING("HardwareVendor", vendor ?: c->data[PROP_HARDWARE_VENDOR]),
                        SD_JSON_BUILD_PAIR_STRING("HardwareModel", model ?: c->data[PROP_HARDWARE_MODEL]),
                        SD_JSON_BUILD_PAIR_STRING("HardwareSerial", serial),
+                        SD_JSON_BUILD_PAIR_STRING("HardwareFamily", family ?: c->data[PROP_HARDWARE_FAMILY]),
+                        SD_JSON_BUILD_PAIR_STRING("HardwareSKU", sku ?: c->data[PROP_HARDWARE_SKU]),
+                        SD_JSON_BUILD_PAIR_STRING("HardwareVersion", version ?: c->data[PROP_HARDWARE_VERSION]),
                        SD_JSON_BUILD_PAIR_STRING("FirmwareVersion", firmware_version),
                        SD_JSON_BUILD_PAIR_STRING("FirmwareVendor", firmware_vendor),
                        JSON_BUILD_PAIR_FINITE_USEC("FirmwareDate", firmware_date),
@ -1702,6 +1782,9 @@ static const sd_bus_vtable hostname_vtable[] = {
        SD_BUS_PROPERTY("BootID", "ay", property_get_boot_id, 0, SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("VSockCID", "u", property_get_vsock_cid, 0, SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("ChassisAssetTag", "s", property_get_chassis_asset_tag, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HardwareFamily", "s", property_get_hardware_family, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HardwareSKU", "s", property_get_hardware_sku, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HardwareVersion", "s", property_get_hardware_version, 0, SD_BUS_VTABLE_PROPERTY_CONST),

        SD_BUS_METHOD_WITH_ARGS("SetHostname",
                                SD_BUS_ARGS("s", hostname, "b", interactive),
--- a/src/import/export.c
+++ b/src/import/export.c
@ -43,6 +43,8 @@ static void determine_compression_from_filename(const char *p) {
                arg_compress = IMPORT_COMPRESS_GZIP;
        else if (endswith(p, ".bz2"))
                arg_compress = IMPORT_COMPRESS_BZIP2;
+        else if (endswith(p, ".zst"))
+                arg_compress = IMPORT_COMPRESS_ZSTD;
        else
                arg_compress = IMPORT_COMPRESS_UNCOMPRESSED;
 }
@ -254,6 +256,8 @@ static int parse_argv(int argc, char *argv[]) {
                                arg_compress = IMPORT_COMPRESS_GZIP;
                        else if (streq(optarg, "bzip2"))
                                arg_compress = IMPORT_COMPRESS_BZIP2;
+                        else if (streq(optarg, "zstd"))
+                                arg_compress = IMPORT_COMPRESS_ZSTD;
                        else
                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                       "Unknown format: %s", optarg);
--- a/src/import/import-compress.c
+++ b/src/import/import-compress.c
@ -19,6 +19,16 @@ void import_compress_free(ImportCompress *c) {
                        BZ2_bzCompressEnd(&c->bzip2);
                else
                        BZ2_bzDecompressEnd(&c->bzip2);
+#endif
+#if HAVE_ZSTD
+        } else if (c->type == IMPORT_COMPRESS_ZSTD) {
+                if (c->encoding) {
+                        ZSTD_freeCCtx(c->c_zstd);
+                        c->c_zstd = NULL;
+                } else {
+                        ZSTD_freeDCtx(c->d_zstd);
+                        c->d_zstd = NULL;
+                }
 #endif
        }

@ -35,6 +45,9 @@ int import_uncompress_detect(ImportCompress *c, const void *data, size_t size) {
        static const uint8_t bzip2_signature[] = {
                'B', 'Z', 'h'
        };
+        static const uint8_t zstd_signature[] = {
+                0x28, 0xb5, 0x2f, 0xfd
+        };

        int r;

@ -43,8 +56,9 @@ int import_uncompress_detect(ImportCompress *c, const void *data, size_t size) {
        if (c->type != IMPORT_COMPRESS_UNKNOWN)
                return 1;

-        if (size < MAX3(sizeof(xz_signature),
+        if (size < MAX4(sizeof(xz_signature),
                        sizeof(gzip_signature),
+                        sizeof(zstd_signature),
                        sizeof(bzip2_signature)))
                return 0;

@ -73,6 +87,14 @@ int import_uncompress_detect(ImportCompress *c, const void *data, size_t size) {
                        return -EIO;

                c->type = IMPORT_COMPRESS_BZIP2;
+#endif
+#if HAVE_ZSTD
+        } else if (memcmp(data, zstd_signature, sizeof(zstd_signature)) == 0) {
+                c->d_zstd = ZSTD_createDCtx();
+                if (!c->d_zstd)
+                        return -ENOMEM;
+
+                c->type = IMPORT_COMPRESS_ZSTD;
 #endif
        } else
                c->type = IMPORT_COMPRESS_UNCOMPRESSED;
@ -187,6 +209,35 @@ int import_uncompress(ImportCompress *c, const void *data, size_t size, ImportCo

                break;
 #endif
+#if HAVE_ZSTD
+        case IMPORT_COMPRESS_ZSTD: {
+                ZSTD_inBuffer input = {
+                        .src =  (void*) data,
+                        .size = size,
+                };
+
+                while (input.pos < input.size) {
+                        uint8_t buffer[16 * 1024];
+                        ZSTD_outBuffer output = {
+                                .dst = buffer,
+                                .size = sizeof(buffer),
+                        };
+                        size_t res;
+
+                        res = ZSTD_decompressStream(c->d_zstd, &output, &input);
+                        if (ZSTD_isError(res))
+                                return -EIO;
+
+                        if (output.pos > 0) {
+                                r = callback(output.dst, output.pos, userdata);
+                                if (r < 0)
+                                        return r;
+                        }
+                }
+
+                break;
+        }
+#endif

        default:
                assert_not_reached();
@ -231,6 +282,20 @@ int import_compress_init(ImportCompress *c, ImportCompressType t) {
                break;
 #endif

+#if HAVE_ZSTD
+        case IMPORT_COMPRESS_ZSTD:
+                c->c_zstd = ZSTD_createCCtx();
+                if (!c->c_zstd)
+                        return -ENOMEM;
+
+                r = ZSTD_CCtx_setParameter(c->c_zstd, ZSTD_c_compressionLevel, ZSTD_CLEVEL_DEFAULT);
+                if (ZSTD_isError(r))
+                        return -EIO;
+
+                c->type = IMPORT_COMPRESS_ZSTD;
+                break;
+#endif
+
        case IMPORT_COMPRESS_UNCOMPRESSED:
                c->type = IMPORT_COMPRESS_UNCOMPRESSED;
                break;
@ -351,6 +416,35 @@ int import_compress(ImportCompress *c, const void *data, size_t size, void **buf
                break;
 #endif

+#if HAVE_ZSTD
+        case IMPORT_COMPRESS_ZSTD: {
+                ZSTD_inBuffer input = {
+                        .src = data,
+                        .size = size,
+                };
+
+                while (input.pos < input.size) {
+                        r = enlarge_buffer(buffer, buffer_size, buffer_allocated);
+                        if (r < 0)
+                                return r;
+
+                        ZSTD_outBuffer output = {
+                                .dst = ((uint8_t *) *buffer + *buffer_size),
+                                .size = *buffer_allocated - *buffer_size,
+                        };
+                        size_t res;
+
+                        res = ZSTD_compressStream2(c->c_zstd, &output, &input, ZSTD_e_continue);
+                        if (ZSTD_isError(res))
+                                return -EIO;
+
+                        *buffer_size += output.pos;
+                }
+
+                break;
+        }
+#endif
+
        case IMPORT_COMPRESS_UNCOMPRESSED:

                if (*buffer_allocated < size) {
@ -455,6 +549,32 @@ int import_compress_finish(ImportCompress *c, void **buffer, size_t *buffer_size
                break;
 #endif

+#if HAVE_ZSTD
+        case IMPORT_COMPRESS_ZSTD: {
+                ZSTD_inBuffer input = {};
+                size_t res;
+
+                do {
+                        r = enlarge_buffer(buffer, buffer_size, buffer_allocated);
+                        if (r < 0)
+                                return r;
+
+                        ZSTD_outBuffer output = {
+                                .dst = ((uint8_t *) *buffer + *buffer_size),
+                                .size = *buffer_allocated - *buffer_size,
+                        };
+
+                        res = ZSTD_compressStream2(c->c_zstd, &output, &input, ZSTD_e_end);
+                        if (ZSTD_isError(res))
+                                return -EIO;
+
+                        *buffer_size += output.pos;
+                } while (res != 0);
+
+                break;
+        }
+#endif
+
        case IMPORT_COMPRESS_UNCOMPRESSED:
                break;

@ -473,6 +593,9 @@ static const char* const import_compress_type_table[_IMPORT_COMPRESS_TYPE_MAX] =
 #if HAVE_BZIP2
        [IMPORT_COMPRESS_BZIP2] = "bzip2",
 #endif
+#if HAVE_ZSTD
+        [IMPORT_COMPRESS_ZSTD] = "zstd",
+#endif
 };

 DEFINE_STRING_TABLE_LOOKUP(import_compress_type, ImportCompressType);
--- a/src/import/import-compress.h
+++ b/src/import/import-compress.h
@ -7,6 +7,10 @@
 #include <lzma.h>
 #include <sys/types.h>
 #include <zlib.h>
+#if HAVE_ZSTD
+#include <zstd.h>
+#include <zstd_errors.h>
+#endif

 #include "macro.h"

@ -16,6 +20,7 @@ typedef enum ImportCompressType {
        IMPORT_COMPRESS_XZ,
        IMPORT_COMPRESS_GZIP,
        IMPORT_COMPRESS_BZIP2,
+        IMPORT_COMPRESS_ZSTD,
        _IMPORT_COMPRESS_TYPE_MAX,
        _IMPORT_COMPRESS_TYPE_INVALID = -EINVAL,
 } ImportCompressType;
@ -28,6 +33,10 @@ typedef struct ImportCompress {
                z_stream gzip;
 #if HAVE_BZIP2
                bz_stream bzip2;
+#endif
+#if HAVE_ZSTD
+                ZSTD_CCtx *c_zstd;
+                ZSTD_DCtx *d_zstd;
 #endif
        };
 } ImportCompress;
--- a/src/import/importctl.c
+++ b/src/import/importctl.c
@ -491,6 +491,8 @@ static void determine_compression_from_filename(const char *p) {
                arg_format = "gzip";
        else if (endswith(p, ".bz2"))
                arg_format = "bzip2";
+        else if (endswith(p, ".zst"))
+                arg_format = "zstd";
 }

 static int export_tar(int argc, char *argv[], void *userdata) {
@ -1018,7 +1020,8 @@ static int help(int argc, char *argv[], void *userdata) {
               "                              otherwise\n"
               "     --verify=MODE            Verification mode for downloaded images (no,\n"
               "                               checksum, signature)\n"
-               "     --format=xz|gzip|bzip2   Desired output format for export\n"
+               "     --format=xz|gzip|bzip2|zstd\n"
+               "                              Desired output format for export\n"
               "     --force                  Install image even if already exists\n"
               "  -m --class=machine          Install as machine image\n"
               "  -P --class=portable         Install as portable service image\n"
@ -1139,7 +1142,7 @@ static int parse_argv(int argc, char *argv[]) {
                        break;

                case ARG_FORMAT:
-                        if (!STR_IN_SET(optarg, "uncompressed", "xz", "gzip", "bzip2"))
+                        if (!STR_IN_SET(optarg, "uncompressed", "xz", "gzip", "bzip2", "zstd"))
                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                       "Unknown format: %s", optarg);

--- a/src/import/meson.build
+++ b/src/import/meson.build
@ -47,6 +47,7 @@ lib_import_common = static_library(
                libbzip2,
                libxz,
                libz,
+                libzstd,
                userspace,
        ],
        build_by_default : false)
@ -61,6 +62,7 @@ common_deps = [
        libcurl,
        libxz,
        libz,
+        libzstd,
 ]

 executables += [
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@ -17,6 +17,7 @@
 #include "logs-show.h"
 #include "main-func.h"
 #include "memory-util.h"
+#include "microhttpd-util.h"
 #include "parse-argument.h"
 #include "parse-helpers.h"
 #include "pretty-print.h"
@ -84,6 +85,33 @@ static const char* const journal_write_split_mode_table[_JOURNAL_WRITE_SPLIT_MAX
 DEFINE_PRIVATE_STRING_TABLE_LOOKUP(journal_write_split_mode, JournalWriteSplitMode);
 static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode, journal_write_split_mode, JournalWriteSplitMode);

+typedef struct MHDDaemonWrapper {
+        uint64_t fd;
+        struct MHD_Daemon *daemon;
+
+        sd_event_source *io_event;
+        sd_event_source *timer_event;
+} MHDDaemonWrapper;
+
+static MHDDaemonWrapper* MHDDaemonWrapper_free(MHDDaemonWrapper *d) {
+        if (!d)
+                return NULL;
+
+        if (d->daemon)
+                MHD_stop_daemon(d->daemon);
+        sd_event_source_unref(d->io_event);
+        sd_event_source_unref(d->timer_event);
+
+        return mfree(d);
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(MHDDaemonWrapper*, MHDDaemonWrapper_free);
+
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                mhd_daemon_hash_ops,
+                uint64_t, uint64_hash_func, uint64_compare_func,
+                MHDDaemonWrapper, MHDDaemonWrapper_free);
+
 /**********************************************************************
 **********************************************************************
 **********************************************************************/
@ -525,7 +553,7 @@ static int setup_microhttpd_server(RemoteServer *s,
        if (r < 0)
                return log_error_errno(r, "Failed to set source name: %m");

-        r = hashmap_ensure_put(&s->daemons, &uint64_hash_ops, &d->fd, d);
+        r = hashmap_ensure_put(&s->daemons, &mhd_daemon_hash_ops, &d->fd, d);
        if (r == -ENOMEM)
                return log_oom();
        if (r < 0)
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@ -30,20 +30,6 @@

 #define filename_escape(s) xescape((s), "/ ")

-#if HAVE_MICROHTTPD
-MHDDaemonWrapper* MHDDaemonWrapper_free(MHDDaemonWrapper *d) {
-        if (!d)
-                return NULL;
-
-        if (d->daemon)
-                MHD_stop_daemon(d->daemon);
-        sd_event_source_unref(d->io_event);
-        sd_event_source_unref(d->timer_event);
-
-        return mfree(d);
-}
-#endif
-
 static int open_output(RemoteServer *s, Writer *w, const char *host) {
        _cleanup_free_ char *_filename = NULL;
        const char *filename;
@ -364,9 +350,7 @@ void journal_remote_server_destroy(RemoteServer *s) {
        if (!s)
                return;

-#if HAVE_MICROHTTPD
-        hashmap_free_with_destructor(s->daemons, MHDDaemonWrapper_free);
-#endif
+        hashmap_free(s->daemons);

        for (i = 0; i < MALLOC_ELEMENTSOF(s->sources); i++)
                remove_source(s, i);
--- a/src/journal-remote/journal-remote.h
+++ b/src/journal-remote/journal-remote.h
@ -8,23 +8,6 @@
 #include "journal-remote-write.h"
 #include "journal-vacuum.h"

-#if HAVE_MICROHTTPD
-#include "microhttpd-util.h"
-
-typedef struct MHDDaemonWrapper MHDDaemonWrapper;
-
-struct MHDDaemonWrapper {
-        uint64_t fd;
-        struct MHD_Daemon *daemon;
-
-        sd_event_source *io_event;
-        sd_event_source *timer_event;
-};
-
-MHDDaemonWrapper* MHDDaemonWrapper_free(MHDDaemonWrapper *d);
-DEFINE_TRIVIAL_CLEANUP_FUNC(MHDDaemonWrapper*, MHDDaemonWrapper_free);
-#endif
-
 struct RemoteServer {
        RemoteSource **sources;
        size_t active;
@ -36,9 +19,7 @@ struct RemoteServer {
        Writer *_single_writer;
        uint64_t event_count;

-#if HAVE_MICROHTTPD
        Hashmap *daemons;
-#endif
        const char *output;                    /* either the output file or directory */

        JournalWriteSplitMode split_mode;
--- a/src/journal/journald-context.c
+++ b/src/journal/journald-context.c
@ -182,8 +182,8 @@ static void client_context_reset(Server *s, ClientContext *c) {
        c->log_ratelimit_interval = s->ratelimit_interval;
        c->log_ratelimit_burst = s->ratelimit_burst;

-        c->log_filter_allowed_patterns = set_free_free(c->log_filter_allowed_patterns);
-        c->log_filter_denied_patterns = set_free_free(c->log_filter_denied_patterns);
+        c->log_filter_allowed_patterns = set_free(c->log_filter_allowed_patterns);
+        c->log_filter_denied_patterns = set_free(c->log_filter_denied_patterns);

        c->capability_quintet = CAPABILITY_QUINTET_NULL;
 }
--- a/src/journal/journald-kmsg.c
+++ b/src/journal/journald-kmsg.c
@ -104,7 +104,7 @@ void dev_kmsg_record(Server *s, char *p, size_t l) {
        unsigned long long usec;
        size_t n = 0, z = 0, j;
        int priority, r;
-        char *e, *f, *k;
+        char *e, *k;
        uint64_t serial;
        size_t pl;
        int saved_log_max_level = INT_MAX;
@ -116,6 +116,7 @@ void dev_kmsg_record(Server *s, char *p, size_t l) {
        if (l <= 0)
                return;

+        /* syslog prefix including priority and facility */
        e = memchr(p, ',', l);
        if (!e)
                return;
@ -128,6 +129,7 @@ void dev_kmsg_record(Server *s, char *p, size_t l) {
        if (s->forward_to_kmsg && LOG_FAC(priority) != LOG_KERN)
                return;

+        /* seqnum */
        l -= (e - p) + 1;
        p = e + 1;
        e = memchr(p, ',', l);
@ -158,23 +160,28 @@ void dev_kmsg_record(Server *s, char *p, size_t l) {
                *s->kernel_seqnum = serial + 1;
        }

+        /* monotonic timestamp */
        l -= (e - p) + 1;
        p = e + 1;
-        f = memchr(p, ';', l);
-        if (!f)
-                return;
-        /* Kernel 3.6 has the flags field, kernel 3.5 lacks that */
        e = memchr(p, ',', l);
-        if (!e || f < e)
-                e = f;
+        if (!e)
+                return;
        *e = 0;

        r = safe_atollu(p, &usec);
        if (r < 0)
                return;

-        l -= (f - p) + 1;
-        p = f + 1;
+        /* ignore flags and any other fields, and find the beginning of the message */
+        l -= (e - p) + 1;
+        p = e + 1;
+        e = memchr(p, ';', l);
+        if (!e)
+                return;
+
+        /* find the end of the message */
+        l -= (e - p) + 1;
+        p = e + 1;
        e = memchr(p, '\n', l);
        if (!e)
                return;
@ -320,19 +327,12 @@ static int server_read_dev_kmsg(Server *s) {

        assert(s);
        assert(s->dev_kmsg_fd >= 0);
+        assert(s->read_kmsg);

        l = read(s->dev_kmsg_fd, buffer, sizeof(buffer) - 1);
        if (l == 0)
                return 0;
        if (l < 0) {
-                /* Old kernels which don't allow reading from /dev/kmsg return EINVAL when we try. So handle
-                 * this cleanly, but don't try to ever read from it again. */
-                if (errno == EINVAL) {
-                        s->dev_kmsg_event_source = sd_event_source_unref(s->dev_kmsg_event_source);
-                        s->dev_kmsg_readable = false;
-                        return 0;
-                }
-
                if (ERRNO_IS_TRANSIENT(errno) || errno == EPIPE)
                        return 0;

@ -351,7 +351,7 @@ int server_flush_dev_kmsg(Server *s) {
        if (s->dev_kmsg_fd < 0)
                return 0;

-        if (!s->dev_kmsg_readable)
+        if (!s->read_kmsg)
                return 0;

        log_debug("Flushing /dev/kmsg...");
@ -388,44 +388,35 @@ int server_open_dev_kmsg(Server *s) {
        int r;

        assert(s);
+        assert(s->dev_kmsg_fd < 0);
+        assert(!s->dev_kmsg_event_source);

-        mode_t mode = O_CLOEXEC|O_NONBLOCK|O_NOCTTY|
-                (s->read_kmsg ? O_RDWR : O_WRONLY);
+        mode_t mode = O_CLOEXEC|O_NONBLOCK|O_NOCTTY|(s->read_kmsg ? O_RDWR : O_WRONLY);

-        s->dev_kmsg_fd = open("/dev/kmsg", mode);
-        if (s->dev_kmsg_fd < 0) {
+        _cleanup_close_ int fd = open("/dev/kmsg", mode);
+        if (fd < 0) {
                log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
                               errno, "Failed to open /dev/kmsg for %s access, ignoring: %m", accmode_to_string(mode));
                return 0;
        }

-        if (!s->read_kmsg)
+        if (!s->read_kmsg) {
+                s->dev_kmsg_fd = TAKE_FD(fd);
                return 0;
-
-        r = sd_event_add_io(s->event, &s->dev_kmsg_event_source, s->dev_kmsg_fd, EPOLLIN, dispatch_dev_kmsg, s);
-        if (r == -EPERM) { /* This will fail with EPERM on older kernels where /dev/kmsg is not readable. */
-                log_debug_errno(r, "Not reading from /dev/kmsg since that's not supported, apparently.");
-                r = 0;
-                goto finish;
-        }
-        if (r < 0) {
-                log_error_errno(r, "Failed to add /dev/kmsg fd to event loop: %m");
-                goto finish;
        }

-        r = sd_event_source_set_priority(s->dev_kmsg_event_source, SD_EVENT_PRIORITY_IMPORTANT+10);
-        if (r < 0) {
-                log_error_errno(r, "Failed to adjust priority of kmsg event source: %m");
-                goto finish;
-        }
+        _cleanup_(sd_event_source_unrefp) sd_event_source *es = NULL;
+        r = sd_event_add_io(s->event, &es, fd, EPOLLIN, dispatch_dev_kmsg, s);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add /dev/kmsg fd to event loop: %m");

-        s->dev_kmsg_readable = true;
+        r = sd_event_source_set_priority(es, SD_EVENT_PRIORITY_IMPORTANT+10);
+        if (r < 0)
+                return log_error_errno(r, "Failed to adjust priority of kmsg event source: %m");
+
+        s->dev_kmsg_fd = TAKE_FD(fd);
+        s->dev_kmsg_event_source = TAKE_PTR(es);
        return 0;
-
-finish:
-        s->dev_kmsg_event_source = sd_event_source_unref(s->dev_kmsg_event_source);
-        s->dev_kmsg_fd = safe_close(s->dev_kmsg_fd);
-        return r;
 }

 int server_open_kernel_seqnum(Server *s) {
@ -436,7 +427,7 @@ int server_open_kernel_seqnum(Server *s) {
        /* We store the seqnum we last read in an mmapped file. That way we can just use it like a variable,
         * but it is persistent and automatically flushed at reboot. */

-        if (!s->dev_kmsg_readable)
+        if (!s->read_kmsg)
                return 0;

        r = server_map_seqnum_file(s, "kernel-seqnum", sizeof(uint64_t), (void**) &s->kernel_seqnum);
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@ -286,7 +286,7 @@ static int server_open_journal(
                (seal ? JOURNAL_SEAL : 0) |
                JOURNAL_STRICT_ORDER;

-        set_clear_with_destructor(s->deferred_closes, journal_file_offline_close);
+        set_clear(s->deferred_closes);

        if (reliably)
                r = journal_file_open_reliably(
@ -1477,8 +1477,8 @@ int server_relinquish_var(Server *s) {
        (void) server_system_journal_open(s, /* flush_requested */ false, /* relinquish_requested=*/ true);

        s->system_journal = journal_file_offline_close(s->system_journal);
-        ordered_hashmap_clear_with_destructor(s->user_journals, journal_file_offline_close);
-        set_clear_with_destructor(s->deferred_closes, journal_file_offline_close);
+        ordered_hashmap_clear(s->user_journals);
+        set_clear(s->deferred_closes);

        server_refresh_idle_timer(s);
        return 0;
@ -2031,17 +2031,8 @@ static int server_open_hostname(Server *s) {
                return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");

        r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
-        if (r < 0) {
-                /* kernels prior to 3.2 don't support polling this file. Ignore
-                 * the failure. */
-                if (r == -EPERM) {
-                        log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
-                        s->hostname_fd = safe_close(s->hostname_fd);
-                        return 0;
-                }
-
+        if (r < 0)
                return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
-        }

        r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
        if (r < 0)
@ -2503,7 +2494,7 @@ int server_init(Server *s, const char *namespace) {

        (void) mkdir_p(s->runtime_directory, 0755);

-        s->user_journals = ordered_hashmap_new(NULL);
+        s->user_journals = ordered_hashmap_new(&journal_file_hash_ops_offline_close);
        if (!s->user_journals)
                return log_oom();

@ -2511,7 +2502,7 @@ int server_init(Server *s, const char *namespace) {
        if (!s->mmap)
                return log_oom();

-        s->deferred_closes = set_new(NULL);
+        s->deferred_closes = set_new(&journal_file_hash_ops_offline_close);
        if (!s->deferred_closes)
                return log_oom();

@ -2708,7 +2699,7 @@ Server* server_free(Server *s) {
        free(s->namespace);
        free(s->namespace_field);

-        set_free_with_destructor(s->deferred_closes, journal_file_offline_close);
+        set_free(s->deferred_closes);

        while (s->stdout_streams)
                stdout_stream_free(s->stdout_streams);
@ -2718,7 +2709,7 @@ Server* server_free(Server *s) {
        (void) journal_file_offline_close(s->system_journal);
        (void) journal_file_offline_close(s->runtime_journal);

-        ordered_hashmap_free_with_destructor(s->user_journals, journal_file_offline_close);
+        ordered_hashmap_free(s->user_journals);

        sd_varlink_server_unref(s->varlink_server);

--- a/src/journal/journald-server.h
+++ b/src/journal/journald-server.h
@ -154,7 +154,6 @@ struct Server {
        Set *deferred_closes;

        uint64_t *kernel_seqnum;
-        bool dev_kmsg_readable:1;
        RateLimit kmsg_own_ratelimit;

        bool send_watchdog:1;
--- a/src/libsystemd/sd-device/device-enumerator.c
+++ b/src/libsystemd/sd-device/device-enumerator.c
@ -91,7 +91,7 @@ static void device_unref_many(sd_device **devices, size_t n) {
 static void device_enumerator_unref_devices(sd_device_enumerator *enumerator) {
        assert(enumerator);

-        hashmap_clear_with_destructor(enumerator->devices_by_syspath, sd_device_unref);
+        hashmap_clear(enumerator->devices_by_syspath);
        device_unref_many(enumerator->devices, enumerator->n_devices);
        enumerator->devices = mfree(enumerator->devices);
        enumerator->n_devices = 0;
@ -471,6 +471,11 @@ failed:
        return r;
 }

+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                device_hash_ops_by_syspath,
+                char, path_hash_func, path_compare,
+                sd_device, sd_device_unref);
+
 int device_enumerator_add_device(sd_device_enumerator *enumerator, sd_device *device) {
        const char *syspath;
        int r;
@ -482,7 +487,7 @@ int device_enumerator_add_device(sd_device_enumerator *enumerator, sd_device *de
        if (r < 0)
                return r;

-        r = hashmap_ensure_put(&enumerator->devices_by_syspath, &string_hash_ops, syspath, device);
+        r = hashmap_ensure_put(&enumerator->devices_by_syspath, &device_hash_ops_by_syspath, syspath, device);
        if (IN_SET(r, -EEXIST, 0))
                return 0;
        if (r < 0)
--- a/src/libsystemd/sd-device/device-private.c
+++ b/src/libsystemd/sd-device/device-private.c
@ -692,8 +692,8 @@ int device_clone_with_db(sd_device *device, sd_device **ret) {
 void device_cleanup_tags(sd_device *device) {
        assert(device);

-        device->all_tags = set_free_free(device->all_tags);
-        device->current_tags = set_free_free(device->current_tags);
+        device->all_tags = set_free(device->all_tags);
+        device->current_tags = set_free(device->current_tags);
        device->property_tags_outdated = true;
        device->tags_generation++;
 }
@ -701,7 +701,7 @@ void device_cleanup_tags(sd_device *device) {
 void device_cleanup_devlinks(sd_device *device) {
        assert(device);

-        set_free_free(device->devlinks);
+        set_free(device->devlinks);
        device->devlinks = NULL;
        device->property_devlinks_outdated = true;
        device->devlinks_generation++;
--- a/src/libsystemd/sd-journal/journal-file.c
+++ b/src/libsystemd/sd-journal/journal-file.c
@ -92,8 +92,13 @@
 #  pragma GCC diagnostic ignored "-Waddress-of-packed-member"
 #endif

+DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                journal_file_hash_ops_by_path,
+                char, path_hash_func, path_compare,
+                JournalFile, journal_file_close);
+
 static int mmap_prot_from_open_flags(int flags) {
-        switch (flags & O_ACCMODE) {
+        switch (flags & O_ACCMODE_STRICT) {
        case O_RDONLY:
                return PROT_READ;
        case O_WRONLY:
@ -4070,10 +4075,10 @@ int journal_file_open(
        assert(mmap_cache);
        assert(ret);

-        if (!IN_SET((open_flags & O_ACCMODE), O_RDONLY, O_RDWR))
+        if (!IN_SET((open_flags & O_ACCMODE_STRICT), O_RDONLY, O_RDWR))
                return -EINVAL;

-        if ((open_flags & O_ACCMODE) == O_RDONLY && FLAGS_SET(open_flags, O_CREAT))
+        if ((open_flags & O_ACCMODE_STRICT) == O_RDONLY && FLAGS_SET(open_flags, O_CREAT))
                return -EINVAL;

        if (fname && (open_flags & O_CREAT) && !endswith(fname, ".journal"))
--- a/src/libsystemd/sd-journal/journal-file.h
+++ b/src/libsystemd/sd-journal/journal-file.h
@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once

-#include <fcntl.h>
 #include <inttypes.h>
 #include <sys/uio.h>

@ -15,6 +14,7 @@
 #include "compress.h"
 #include "hashmap.h"
 #include "journal-def.h"
+#include "missing_fcntl.h"
 #include "mmap-cache.h"
 #include "sparse-endian.h"
 #include "time-util.h"
@ -145,6 +145,8 @@ typedef struct {
        uint64_t hash;
 } EntryItem;

+extern const struct hash_ops journal_file_hash_ops_by_path;
+
 int journal_file_open(
                int fd,
                const char *fname,
@ -389,5 +391,5 @@ static inline uint32_t COMPRESSION_TO_HEADER_INCOMPATIBLE_FLAG(Compression c) {

 static inline bool journal_file_writable(JournalFile *f) {
        assert(f);
-        return (f->open_flags & O_ACCMODE) != O_RDONLY;
+        return (f->open_flags & O_ACCMODE_STRICT) != O_RDONLY;
 }
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@ -2296,7 +2296,7 @@ static sd_journal *journal_new(int flags, const char *path, const char *namespac
                        return NULL;
        }

-        j->files = ordered_hashmap_new(&path_hash_ops);
+        j->files = ordered_hashmap_new(&journal_file_hash_ops_by_path);
        if (!j->files)
                return NULL;

@ -2548,7 +2548,7 @@ _public_ void sd_journal_close(sd_journal *j) {
        if (j->mmap)
                mmap_cache_stats_log_debug(j->mmap);

-        ordered_hashmap_free_with_destructor(j->files, journal_file_close);
+        ordered_hashmap_free(j->files);
        iterated_cache_free(j->files_cache);

        hashmap_free(j->directories_by_path);
--- a/src/libsystemd/sd-netlink/netlink-genl.c
+++ b/src/libsystemd/sd-netlink/netlink-genl.c
@ -46,11 +46,21 @@ static GenericNetlinkFamily *genl_family_free(GenericNetlinkFamily *f) {

 DEFINE_TRIVIAL_CLEANUP_FUNC(GenericNetlinkFamily*, genl_family_free);

+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                genl_family_hash_ops_by_name,
+                char, string_hash_func, string_compare_func,
+                GenericNetlinkFamily, genl_family_free);
+
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                genl_family_hash_ops_by_id,
+                void, trivial_hash_func, trivial_compare_func,
+                GenericNetlinkFamily, genl_family_free);
+
 void genl_clear_family(sd_netlink *nl) {
        assert(nl);

-        nl->genl_family_by_name = hashmap_free_with_destructor(nl->genl_family_by_name, genl_family_free);
-        nl->genl_family_by_id = hashmap_free_with_destructor(nl->genl_family_by_id, genl_family_free);
+        nl->genl_family_by_name = hashmap_free(nl->genl_family_by_name);
+        nl->genl_family_by_id = hashmap_free(nl->genl_family_by_id);
 }

 static int genl_family_new_unsupported(
@ -80,7 +90,7 @@ static int genl_family_new_unsupported(
        if (!f->name)
                return -ENOMEM;

-        r = hashmap_ensure_put(&nl->genl_family_by_name, &string_hash_ops, f->name, f);
+        r = hashmap_ensure_put(&nl->genl_family_by_name, &genl_family_hash_ops_by_name, f->name, f);
        if (r < 0)
                return r;

@ -190,11 +200,11 @@ static int genl_family_new(
                        return r;
        }

-        r = hashmap_ensure_put(&nl->genl_family_by_id, NULL, UINT_TO_PTR(f->id), f);
+        r = hashmap_ensure_put(&nl->genl_family_by_id, &genl_family_hash_ops_by_id, UINT_TO_PTR(f->id), f);
        if (r < 0)
                return r;

-        r = hashmap_ensure_put(&nl->genl_family_by_name, &string_hash_ops, f->name, f);
+        r = hashmap_ensure_put(&nl->genl_family_by_name, &genl_family_hash_ops_by_name, f->name, f);
        if (r < 0) {
                hashmap_remove(nl->genl_family_by_id, UINT_TO_PTR(f->id));
                return r;
--- a/src/libsystemd/sd-netlink/netlink-socket.c
+++ b/src/libsystemd/sd-netlink/netlink-socket.c
@ -161,12 +161,13 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
        assert(fd >= 0);
        assert(peek || (buf && buf_size > 0));

+        /* Note: this might return successfully, but with a zero size under some transient conditions, such
+         * as the reception of a non-kernel message. In such a case the passed buffer might or might not be
+         * modified. Caller must treat a zero return as "no message, but also not an error". */
+
        n = recvmsg_safe(fd, &msg, peek ? (MSG_PEEK|MSG_TRUNC) : 0);
-        if (ERRNO_IS_NEG_TRANSIENT(n)) {
-                if (ret_mcast_group)
-                        *ret_mcast_group = 0;
-                return 0;
-        }
+        if (ERRNO_IS_NEG_TRANSIENT(n))
+                goto transient;
        if (n == -ENOBUFS)
                return log_debug_errno(n, "sd-netlink: kernel receive buffer overrun");
        if (n == -ECHRNG)
@ -181,15 +182,16 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
                log_debug("sd-netlink: ignoring message from PID %"PRIu32, sender.nl.nl_pid);

                if (peek) {
-                        /* drop the message */
+                        /* Drop the message. Note that we ignore ECHRNG/EXFULL errors here, which
+                         * recvmsg_safe() returns in case the payload or cdata is truncated. Given we just
+                         * want to drop the message we also don't care if its payload or cdata was
+                         * truncated. */
                        n = recvmsg_safe(fd, &msg, 0);
-                        if (n < 0)
+                        if (n < 0 && !IN_SET(n, -ECHRNG, -EXFULL))
                                return (int) n;
                }

-                if (ret_mcast_group)
-                        *ret_mcast_group = 0;
-                return 0;
+                goto transient;
        }

        if (ret_mcast_group) {
@ -203,6 +205,12 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
        }

        return (int) n;
+
+transient:
+        if (ret_mcast_group)
+                *ret_mcast_group = 0;
+
+        return 0;
 }

 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
--- a/src/libudev/libudev-device.c
+++ b/src/libudev/libudev-device.c
@ -436,7 +436,11 @@ _public_ struct udev_device *udev_device_get_parent(struct udev_device *udev_dev
 *
 * Returns: a new udev device, or #NULL if no matching parent exists.
 **/
-_public_ struct udev_device *udev_device_get_parent_with_subsystem_devtype(struct udev_device *udev_device, const char *subsystem, const char *devtype) {
+_public_ struct udev_device* udev_device_get_parent_with_subsystem_devtype(
+                struct udev_device *udev_device,
+                const char *subsystem,
+                const char *devtype) {
+
        sd_device *parent;
        int r;

--- a/Show More
+++ b/Show More