discover-image: use _SD_PATH_INVALID where appropriate

The enum definition only exists for cases like this, use it, instead of
its literal value.

This doesn't effectively change anything, but cleans up the code a bit.

docs/AUTOMATIC_BOOT_ASSESSMENT.md

@@ -9,7 +9,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 
 systemd provides support for automatically reverting back to the previous
 version of the OS or kernel in case the system consistently fails to boot. The
-[Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)
+[UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)
 describes how to annotate boot loader entries with a counter that specifies how
 many attempts should be made to boot it. This document describes how systemd
 implements this scheme.
@@ -28,7 +28,7 @@ Here's a brief overview of the complete set of components:
 * The
   [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)
   boot loader optionally maintains a per-boot-loader-entry counter described by
-  the [Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)
+  the [UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)
   that is decreased by one on each attempt to boot the entry, prioritizing
   entries that have non-zero counters over those which already reached a
   counter of zero when choosing the entry to boot.
@@ -61,7 +61,7 @@ Here's a brief overview of the complete set of components:
 ## Details
 
 As described in the
-[Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting),
+[UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting),
 the boot counting data is stored in the file name of the boot loader entries as
 a plus (`+`), followed by a number, optionally followed by `-` and another
 number, right before the file name suffix (`.conf` or `.efi`).

docs/BOOT_LOADER_INTERFACE.md

@@ -136,7 +136,7 @@ the identifiers as passed in `LoaderEntries`, `LoaderEntryDefault`,
 names for them in UIs.
 
 1. When boot loader entries are defined through the
-   [Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/)
+   [BOOT.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/)
    files, the identifier should be derived directly from the file name,
    but with the `.conf` (Type #1 snippets) or `.efi` (Type #2 images)
    suffix removed.
@@ -167,8 +167,8 @@ names for them in UIs.
 
 ## Links
 
-[Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)<br>
-[Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)<br>
+[UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)<br>
+[UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)<br>
 [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)<br>
 [`bootctl(1)`](https://www.freedesktop.org/software/systemd/man/bootctl.html)<br>
 [`systemd-gpt-auto-generator(8)`](https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html)

docs/BUILDING_IMAGES.md

@@ -66,7 +66,7 @@ boot. For that it's essential to:
 The
 [`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html)
 logic used to generate
-[Boot Loader Specification Type #1](https://uapi-group.org/specifications/specs/boot_loader_specification/#type-1-boot-loader-specification-entries)
+[UAPI.1 Boot Loader Specification Type #1](https://uapi-group.org/specifications/specs/boot_loader_specification/#type-1-boot-loader-specification-entries)
 entries by default uses the machine ID as stored in `/etc/machine-id` for
 naming boot menu entries and the directories in the ESP to place kernel images in.
 This is done in order to allow multiple installations of the same OS on the
@@ -207,7 +207,7 @@ it, then format it.
    in. The `x-systemd.growfs` mount option in `/etc/fstab` is sufficient to
    enable this logic for specific mounts. Alternatively appropriately set up
    partitions can set GPT partition flag 59 to request this behaviour, see the
-   [Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)
+   [UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)
    for details. If the file system is already grown it executes no operation.
 
 3. Similar, the `systemd-makefs@.service` and `systemd-makeswap@.service`
@@ -268,8 +268,8 @@ fields.
 [`machine-id(5)`](https://www.freedesktop.org/software/systemd/man/machine-id.html)<br>
 [`systemd-random-seed(8)`](https://www.freedesktop.org/software/systemd/man/systemd-random-seed.service.html)<br>
 [`os-release(5)`](https://www.freedesktop.org/software/systemd/man/os-release.html)<br>
-[Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)<br>
-[Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)<br>
+[UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)<br>
+[UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)<br>
 [`mkosi`](https://github.com/systemd/mkosi)<br>
 [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)<br>
 [`systemd-repart(8)`](https://www.freedesktop.org/software/systemd/man/systemd-repart.service.html)<br>

docs/ENVIRONMENT.md

@@ -234,7 +234,7 @@ All tools:
   file may be checked for by services run during system shutdown in order to
   request the appropriate operation from the boot loader in an alternative
   fashion. Note that by default only boot loader entries which follow the
-  [Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)
+  [UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)
   and are placed in the ESP or the Extended Boot Loader partition may be
   selected this way. However, if a directory `/run/boot-loader-entries/`
   exists, the entries are loaded from there instead. The directory should
@@ -518,7 +518,7 @@ disk images with `--image=` or similar:
   to load the embedded Verity signature data. If enabled (which is the
   default), Verity root hash information and a suitable signature is
   automatically acquired from a signature partition, following the
-  [Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification).
+  [UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification).
   If disabled any such partition is ignored. Note that this only disables
   discovery of the root hash and its signature, the Verity data partition
   itself is still searched in the GPT image.
@@ -540,7 +540,7 @@ disk images with `--image=` or similar:
 * `$SYSTEMD_DISSECT_FSTYPE_<DESIGNATOR>=` – overrides the file system time to
   use when mounting the partition of the indicated designator. The
   `<DESIGNATOR>` string shall be one of `ROOT`, `USR`, `HOME`, `SRV`, `ESP`,
-  `XBOOTLDR`, `TMP`, `VAR` as per the [Discoverable Partitions
+  `XBOOTLDR`, `TMP`, `VAR` as per the [UAPI.2 Discoverable Partitions
   Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification/). If
   unspecified the image dissection logic will automatically probe the file
   system type (subject to `$SYSTEMD_DISSECT_FILE_SYSTEMS`, see above), except
@@ -560,8 +560,8 @@ disk images with `--image=` or similar:
 * `$SYSTEMD_DISSECT_VERITY_GUESS` – takes a boolean. Controls whether to guess
   the Verity root hash from the partition UUIDs of a suitable pair of data
   partition and matching Verity partition: the UUIDs two are simply joined and
-  used as root hash, in accordance with the recommendations in [Discoverable
-  Partitions
+  used as root hash, in accordance with the recommendations in [UAPI.2
+  Discoverable Partitions
   Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification). Defaults
   to true.
 

docs/MOUNT_REQUIREMENTS.md

@@ -11,7 +11,7 @@ This document describes the requirements placed by systemd
 on the time when various parts of the file system hierarchy
 must be available and mounted during boot.
 This document should be read in conjunction with
-[Linux File System Hierarchy](https://uapi-group.org/specifications/specs/linux_file_system_hierarchy/),
+[UAPI.9 Linux File System Hierarchy](https://uapi-group.org/specifications/specs/linux_file_system_hierarchy/),
 which describes the role of the mount points discussed here.
 
 If the file system backing a mount point is located on external or remote media

docs/PORTABLE_SERVICES.md

@@ -162,7 +162,7 @@ Specifically, the following requirements are made for an image that can be attac
    an image with a partition table understood by the Linux kernel with only a
    single partition defined, or alternatively, a GPT partition table with a set
    of properly marked partitions following the
-   [Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification).
+   [UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification).
 
 3. The image must at least contain one matching unit file, with the right name
    prefix and suffix (see above).

docs/PORTING_TO_NEW_ARCHITECTURES.md

@@ -27,7 +27,7 @@ architecture.
    partitions. Use `systemd-id128 new -p` to generate new suitable UUIDs you
    can use for this. Make sure to register your new types in the various
    functions in `gpt.c`. Also make sure to update the tables in
-   [Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)
+   [UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)
    and `man/systemd-gpt-auto-generator.xml` accordingly.
 
 3. If your architecture supports UEFI, make sure to update the `efi_arch`

docs/RELEASE.md

@@ -13,7 +13,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 4. Update hwdb (`ninja -C build update-hwdb`, `ninja -C build update-hwdb-autosuspend`, commit separately).
 5. Update syscall numbers (`ninja -C build update-syscall-tables update-syscall-header`).
 6. [RC1] Update library numbers in `meson.build`
-7. Update version number in `meson.version` (e.g. from `256~devel` to `256~rc1` or from `256~rc3` to `256`). Note that this uses a tilde (\~) instead of a hyphen (-) because tildes sort lower in version comparisons according to the [version format specification](https://uapi-group.org/specifications/specs/version_format_specification/), and we want `255~rc1` to sort lower than `255`.
+7. Update version number in `meson.version` (e.g. from `256~devel` to `256~rc1` or from `256~rc3` to `256`). Note that this uses a tilde (\~) instead of a hyphen (-) because tildes sort lower in version comparisons according to the [UAPI.10 Version Format Specification](https://uapi-group.org/specifications/specs/version_format_specification/), and we want `255~rc1` to sort lower than `255`.
 8. Check dbus docs with `ninja -C build update-dbus-docs`
 9. Check manpages list with `ninja -C build update-man-rules`
 10. Update translation strings (`ninja -C build systemd-pot`, `ninja -C build systemd-update-po`) - drop the header comments from `systemd.pot` + re-add SPDX before committing. If the only change in a file is the 'POT-Creation-Date' field, then ignore that file.

docs/ROOTFS_DISCOVERY.md

@@ -15,13 +15,13 @@ components:
    i.e. [`systemd-boot`](https://www.freedesktop.org/software/systemd/man/latest/systemd-boot.html)
    that provides interactive and programmatic control of what precisely to
    boot. It takes care of enumerating all possible boot targets (implementing
-   the [Boot Loader
+   the [UAPI.1 Boot Loader
    Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/)),
    potentially presenting it to the user in a menu, but otherwise picking an
    item automatically, implementing boot counting and automatic rollback if
    desired.
 
-2. A [unified kernel image
+2. A [UAPI.5 Unified Kernel Image
    ("UKI")](https://uapi-group.org/specifications/specs/unified_kernel_image/),
    i.e. an UEFI PE executable that combines
    [`systemd-stub`](https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html),
@@ -133,7 +133,7 @@ the same disk. Specifically:
    ESP as well, in particular below the `/loader/` subdirectory.
 
 2. The UKIs may either be placed in the ESP (below the `/EFI/Linux/`
-   subdirectory), or in the [Extended Boot Loader
+   subdirectory), or in the [UAPI.1 Extended Boot Loader
    Partition](https://uapi-group.org/specifications/specs/boot_loader_specification/#the-partitions)
    ("XBOOTLDR"), which can be placed on the same disk as the ESP and is also
    VFAT. XBOOTLDR is an optional concept and it's only *raison d'être* is that
@@ -146,7 +146,7 @@ the same disk. Specifically:
 3. The `rootfs` is placed on the same disk as the ESP/XBOOTLDR, in a partition
    marked with a special GPT partition type. Various other well-known types of
    partitions can be placed next to the `rootfs` and are automatically
-   discovered and mounted, see the [Discoverable Partitions
+   discovered and mounted, see the [UAPI.2 Discoverable Partitions
    Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification/)
    for details.
 
@@ -179,8 +179,8 @@ each of these resources:
    [`bootctl`](https://www.freedesktop.org/software/systemd/man/latest/bootctl.html),
    `efibootmgr` or `kernel-bootcfg`.
 
-2. The `systemd-boot` boot loader may be configured via [`Boot Loader
-   Specification Type #1`](https://uapi-group.org/specifications/specs/boot_loader_specification/)
+2. The `systemd-boot` boot loader may be configured via [UAPI.1 Boot Loader
+   Specification Type #1](https://uapi-group.org/specifications/specs/boot_loader_specification/)
    entries to acquire UKIs or similar from other locations.
 
 3. The `initrd` part of the UKI understands the `root=` (and `mount.usr=`)
@@ -220,7 +220,7 @@ local disk. This can happen at each of these three components:
    `rootfs` from HTTP
    sources](https://www.freedesktop.org/software/systemd/man/latest/systemd-import-generator.html),
    either in a GPT disk image (specifically:
-   [DDIs](https://uapi-group.org/specifications/specs/discoverable_disk_image/),
+   [UAPI.3 DDIs](https://uapi-group.org/specifications/specs/discoverable_disk_image/),
    with `.raw` suffix) or in a `.tar` file, which are placed in system RAM and
    then booted into (these downloads can be downloaded in compressed form and
    are automatically decompressed on-the-fly). This of course requires

docs/TPM2_PCR_MEASUREMENTS.md

@@ -17,7 +17,7 @@ to systemd's UEFI-mode measurements, and if the latter are not done the former
 aren't made either.
 
 See
-[Linux TPM PCR Registry](https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/)
+[UAPI.7 Linux TPM PCR Registry](https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/)
 for an overview of PCRs.
 
 systemd will measure to PCRs 5 (`boot-loader-config`), 11 (`kernel-boot`),
@@ -108,8 +108,8 @@ trailing NUL bytes).
 ### PCR 11, `EV_IPL`, PE section name
 
 A measurement is made for each PE section of the UKI that is defined by the
-[UKI
-specification](https://uapi-group.org/specifications/specs/unified_kernel_image/),
+[UAPI.5 UKI
+Specification](https://uapi-group.org/specifications/specs/unified_kernel_image/),
 in the canonical order described in the specification.
 
 Happens once for each UKI-defined PE section of the UKI, in the canonical UKI

man/bootctl.xml

@@ -81,7 +81,7 @@
 
     <para>These commands are available for all boot loaders that
     implement the <ulink
-    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot
+    url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot
     Loader Specification</ulink>, such as
     <command>systemd-boot</command>.</para>
 
@@ -90,7 +90,7 @@
         <term><option>list</option></term>
 
         <listitem><para>Shows all available boot loader entries implementing the <ulink
-        url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, as well as any
+        url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink>, as well as any
         other entries discovered or automatically generated by a boot loader implementing the <ulink
         url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.
         JSON output may be requested with <option>--json=</option>.</para>
@@ -126,7 +126,7 @@
     <title>Boot Loader Interface Commands</title>
 
     <para>These commands are available for all boot loaders that implement the <ulink
-    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> and the <ulink
+    url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink> and the <ulink
     url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, such as
     <command>systemd-boot</command>.</para>
 
@@ -152,7 +152,7 @@
         boot loader entry. These special IDs are resolved to the current values of the EFI variables
         <varname>LoaderEntryDefault</varname>, <varname>LoaderEntrySysFail</varname>, <varname>LoaderEntryOneShot</varname>
         and <varname>LoaderEntrySelected</varname>, see <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">
-        Boot Loader Specification</ulink> for details.
+        UAPI.1 Boot Loader Specification</ulink> for details.
         These special IDs are primarily useful as a quick way to persistently make the currently booted boot loader
         entry the default choice, or to upgrade the default boot loader entry for the next boot to the default boot
         loader entry for all future boots, but may be used for other operations too.</para>
@@ -314,7 +314,7 @@
         are applied to file system in the indicated disk image. This option is similar to
         <option>--root=</option>, but operates on file systems stored in disk images or block devices. The
         disk image should either contain just a file system or a set of file systems within a GPT partition
-        table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+        table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
         Specification</ulink>. For further information on supported disk images, see
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
         switch of the same name.</para>
@@ -444,7 +444,7 @@
       <varlistentry>
         <term><option>--make-entry-directory=yes|no</option></term>
         <listitem><para>Controls creation and deletion of the <ulink
-        url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> Type #1 entry
+        url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink> Type #1 entry
         directory on the file system containing resources such as kernel and initrd images during
         <option>install</option> and <option>remove</option>, respectively. The directory is named after the
         entry token, as specified with <option>--entry-token=</option> parameter described below, and is
@@ -705,7 +705,7 @@ Boot Loader Entries:
     <title>See Also</title>
     <para><simplelist type="inline">
       <member><citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
-      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink></member>
+      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink></member>
       <member><ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink></member>
       <member><citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
     </simplelist></para>

man/coredumpctl.xml

@@ -306,8 +306,9 @@
         are applied to file system in the indicated disk image. This option is similar to
         <option>--root=</option>, but operates on file systems stored in disk images or block devices. The
         disk image should either contain just a file system or a set of file systems within a GPT partition
-        table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
-        Specification</ulink>. For further information on supported disk images, see
+        table, following the <ulink
+        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2
+        Discoverable Partitions Specification</ulink>. For further information on supported disk images, see
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
         switch of the same name.</para>
 

man/file-hierarchy.xml

@@ -25,12 +25,11 @@
 
     <para>Operating systems using the
     <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> system and
-    service manager are organized based on a file system hierarchy inspired by UNIX,
-    as described in <ulink url="https://uapi-group.org/specifications/specs/linux_file_system_hierarchy/">
-    Linux File System Hierarchy</ulink>.
-    Additional requirements on <emphasis>when</emphasis> given parts of the hierarchy
-    must be available during boot are listed in
-    <ulink url="https://systemd.io/MOUNT_REQUIREMENTS/">Mount Requirements</ulink>.</para>
+    service manager are organized based on a file system hierarchy inspired by UNIX, as described in <ulink
+    url="https://uapi-group.org/specifications/specs/linux_file_system_hierarchy/"> UAPI.9 Linux File System
+    Hierarchy</ulink>.  Additional requirements on <emphasis>when</emphasis> given parts of the hierarchy
+    must be available during boot are listed in <ulink url="https://systemd.io/MOUNT_REQUIREMENTS/">Mount
+    Requirements</ulink>.</para>
 
     <para>Many of the paths described here can be queried
     with the

man/journalctl.xml

@@ -193,7 +193,7 @@
         option is similar to <option>--root=</option>, but operates on file systems stored in disk images or
         block devices, thus providing an easy way to extract log data from disk images. The disk image should
         either contain just a file system or a set of file systems within a GPT partition table, following
-        the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+        the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
         Specification</ulink>. For further information on supported disk images, see
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
         switch of the same name.</para>

man/kernel-install.xml

@@ -109,7 +109,7 @@
 
           <para>The third argument directly refers to the path where to place kernel images, initrd
           images and other resources for
-          <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot
+          <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot
           Loader Specification</ulink> Type #1 entries (the "entry directory"). If other boot loader schemes
           are used the parameter may be ignored.</para>
 
@@ -141,7 +141,7 @@
                 <filename>$BOOT/<replaceable>ENTRY-TOKEN</replaceable>/<replaceable>KERNEL_VERSION</replaceable>/<replaceable>INITRD-FILE</replaceable></filename>.
                 This can also be used to prepend microcode before the actual initrd. It also creates a boot
                 loader entry according to the
-                <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>
+                <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink>
                 (Type #1) in
                 <filename>$BOOT/loader/entries/<replaceable>ENTRY-TOKEN</replaceable>-<replaceable>KERNEL-VERSION</replaceable>.conf</filename>.
                 The title of the entry is the <replaceable>PRETTY_NAME</replaceable> parameter specified in
@@ -290,7 +290,7 @@
   <refsect1>
     <title>The <varname>$BOOT</varname> partition</title>
 
-    <para>The partition where the kernels and <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot
+    <para>The partition where the kernels and <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot
     Loader Specification</ulink> snippets are located is called <varname>$BOOT</varname>.
     <command>kernel-install</command> determines the location of this partition by checking
     <filename>/efi/</filename>, <filename>/boot/</filename>, and <filename>/boot/efi/</filename> in turn. The
@@ -310,7 +310,7 @@
         <term><option>--make-entry-directory=yes|no|auto</option></term>
         <listitem>
           <para>Controls creation and deletion of the
-          <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>
+          <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink>
           Type #1 entry directory on the file system containing resources such as kernel and initrd images
           during <option>add</option> and <option>remove</option>, respectively. The directory is named after
           the entry token, and is placed immediately below the boot root directory. When
@@ -410,7 +410,7 @@
         are applied to the file system in the indicated disk image. This option is similar to
         <option>--root=</option>, but operates on file systems stored in disk images or block devices. The
         disk image should either contain just a file system or a set of file systems within a GPT partition
-        table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+        table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
         Specification</ulink>. For further information on supported disk images, see
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
         switch of the same name.</para>
@@ -504,7 +504,7 @@
         <varlistentry>
           <term>bls</term>
           <listitem>
-            <para>Standard <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader
+            <para>Standard <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
             Specification</ulink> Type #1 layout, compatible with
             <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>:
             entries in
@@ -520,7 +520,7 @@
           <term>uki</term>
           <listitem>
             <para>Standard <ulink
-            url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader
+            url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
             Specification</ulink> Type #2 layout, compatible with
             <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>:
             unified kernel images under <filename>$BOOT/EFI/Linux</filename> as
@@ -787,7 +787,7 @@
       <member><citerefentry project='man-pages'><refentrytitle>depmod</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>ukify</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
-      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink></member>
+      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink></member>
     </simplelist></para>
   </refsect1>
 

man/loader.conf.xml

@@ -51,7 +51,7 @@
     and type #2 (<filename><replaceable>ESP</replaceable>/EFI/Linux/*.uki</filename>
     and <filename><replaceable>XBOOTLDR</replaceable>/EFI/Linux/*.uki</filename>).
     Those files are described by the
-    <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader
+    <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
     Specification</ulink>.</para>
 
     <para>Note: the behaviour of <command>systemd-boot</command> is also influenced by EFI variables. Some of

man/repart.d.xml

@@ -238,7 +238,7 @@
         <constant>x86</constant> (32-bit, aka i386) and <constant>x86-64</constant> (64-bit, aka amd64).</para>
 
         <para>Most of the partition type UUIDs listed above are defined in the <ulink
-        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
         Specification</ulink>.</para>
 
         <xi:include href="version-info.xml" xpointer="v245"/></listitem>
@@ -780,7 +780,7 @@
 
         <listitem><para>Configures the No-Auto, Read-Only and Grow-File-System partition flags (bit 63, 60
         and 59) of the partition table entry, as defined by the <ulink
-        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. Only
+        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink>. Only
         available for partition types supported by the specification. This option is a friendly way to set
         bits 63, 60 and 59 of the partition flags value without setting any of the other bits, and may be set
         via <varname>Flags=</varname> too, see above.</para>
@@ -1007,7 +1007,7 @@
         associated with it.</para>
 
         <para>For example, distributions can use this to implement <varname>$BOOT</varname> as defined in the
-        <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification/">Boot Loader
+        <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification/">UAPI.1 Boot Loader
         Specification</ulink>. Distributions may prefer to use the ESP as <varname>$BOOT</varname> whenever
         possible, but to adhere to the spec XBOOTLDR must sometimes be used instead. So, they should create
         two definitions: the first defining an ESP big enough to hold just the bootloader, and a second for

man/standard-options.xml

@@ -137,7 +137,7 @@
 
     <listitem>
       <para>Path to the Extended Boot Loader partition, as defined in the
-      <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>.
+      <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink>.
       If not specified, <filename>/boot/</filename> is checked. It is recommended to mount the Extended Boot
       Loader partition to <filename>/boot/</filename>, if possible.</para>
     </listitem>

man/systemctl.xml

@@ -1755,7 +1755,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
             </para>
 
             <para>To load a kernel, an enumeration is performed following the
-            <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>,
+            <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink>,
             and the default boot entry is loaded. For this step to succeed, the system must be using UEFI
             and the boot loader entries must be configured appropriately. <command>bootctl list</command>
             may be used to list boot entries, see
@@ -2646,7 +2646,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
         are applied to file system in the indicated disk image. This option is similar to
         <option>--root=</option>, but operates on file systems stored in disk images or block devices. The
         disk image should either contain just a file system or a set of file systems within a GPT partition
-        table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+        table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
         Specification</ulink>. For further information on supported disk images, see
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
         switch of the same name.</para>

man/systemd-analyze.xml

@@ -966,7 +966,7 @@ stored sock 0:8   4213190 -      socket:[4213190] ro
       <para>This command analyzes the specified image policy string, as per
       <citerefentry><refentrytitle>systemd.image-policy</refentrytitle><manvolnum>7</manvolnum></citerefentry>. The
       policy is normalized and simplified. For each currently defined partition identifier (as per the <ulink
-      url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable
+      url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable
       Partitions Specification</ulink>) the effect of the image policy string is shown in tabular form.</para>
 
       <example>

man/systemd-bless-boot.service.xml

@@ -36,15 +36,15 @@
     detects that <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry> style
     boot counting is used.</para>
 
-    <para>Internally, the service operates based on the <varname>LoaderBootCountPath</varname> EFI variable (of the
-    vendor UUID <constant>4a67b082-0a4c-41cf-b6c7-440b29bb8c4f</constant>), which is passed from the boot loader to the
-    OS. It contains a file system path (relative to the EFI system partition) of the <ulink
-    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> compliant boot loader entry
-    file or unified kernel image file that was used to boot up the
-    system. <command>systemd-bless-boot.service</command> removes the two "tries done" and "tries left" numeric boot
-    counters from the filename, which indicates to future invocations of the boot loader that the entry has completed
-    booting successfully at least once. (This service will hence rename the boot loader entry file or unified kernel
-    image file on the first successful boot.)</para>
+    <para>Internally, the service operates based on the <varname>LoaderBootCountPath</varname> EFI variable
+    (of the vendor UUID <constant>4a67b082-0a4c-41cf-b6c7-440b29bb8c4f</constant>), which is passed from the
+    boot loader to the OS. It contains a file system path (relative to the EFI system partition) of the
+    <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
+    Specification</ulink> compliant boot loader entry file or unified kernel image file that was used to boot
+    up the system. <command>systemd-bless-boot.service</command> removes the two "tries done" and "tries
+    left" numeric boot counters from the filename, which indicates to future invocations of the boot loader
+    that the entry has completed booting successfully at least once. (This service will hence rename the boot
+    loader entry file or unified kernel image file on the first successful boot.)</para>
   </refsect1>
 
   <refsect1>

man/systemd-boot.xml

@@ -39,12 +39,12 @@
 
     <itemizedlist>
       <listitem><para>Boot entries defined with <ulink
-      url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> Type #1
+      url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink> Type #1
       description files located in <filename>/loader/entries/</filename> on the ESP and the Extended Boot
       Loader Partition. These usually describe Linux kernel images with associated initrd images, but
       alternatively may also describe other arbitrary EFI executables.</para></listitem>
 
-      <listitem><para>Unified kernel images, <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot
+      <listitem><para>Unified kernel images, <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot
       Loader Specification</ulink> Type #2, which are executable EFI binaries in
       <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader Partition.</para></listitem>
 
@@ -373,11 +373,11 @@
     <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
 
     <para>Boot entry description files following the <ulink
-    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> are read from
+    url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink> are read from
     <filename>/loader/entries/</filename> on the ESP and the Extended Boot Loader partition.</para>
 
     <para>Unified kernel boot entries following the <ulink
-    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> are read from
+    url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink> are read from
     <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader partition.</para>
 
     <para>Optionally, a random seed for early boot entropy pool provisioning is stored in
@@ -657,7 +657,7 @@ uki-url http://example.com/somedir/fooos.efi</programlisting>
     <title>Boot Counting</title>
 
     <para><command>systemd-boot</command> implements a simple boot counting mechanism on top of the <ulink
-    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, for automatic and unattended
+    url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink>, for automatic and unattended
     fallback to older kernel versions/boot loader entries when a specific entry continuously fails. Any boot loader
     entry file and unified kernel image file that contains a <literal>+</literal> followed by one or two numbers (if
     two they need to be separated by a <literal>-</literal>), before the <filename>.conf</filename> or
@@ -742,7 +742,7 @@ uki-url http://example.com/somedir/fooos.efi</programlisting>
       <member><citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
-      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink></member>
+      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink></member>
       <member><ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink></member>
       <member><ulink url="https://systemd.io/TPM2_PCR_MEASUREMENTS">TPM2 PCR Measurements Made by systemd</ulink></member>
     </simplelist></para>

man/systemd-cryptenroll.xml

@@ -84,8 +84,8 @@
       <option>--tpm2-public-key-pcrs=</option>, <option>--tpm2-signature=</option> described below.
       </para>
 
-      <para>See <ulink url="https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/">Linux TPM
-      PCR Registry</ulink> for an authoritative list of PCRs and how they are updated. The table below
+      <para>See <ulink url="https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/">UAPI.7 Linux
+      TPM PCR Registry</ulink> for an authoritative list of PCRs and how they are updated. The table below
       contains a quick reference, describing in particular the PCRs modified by systemd.</para>
 
       <table>
@@ -218,7 +218,7 @@
       through the certificates measured into PCR 7. Validation through certificates hashes is typically
       preferable over validation through direct measurements as it is less brittle in context of OS/firmware
       updates: the measurements will change on every update, but signatures should remain unchanged. See the
-      <ulink url="https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/">Linux TPM PCR
+      <ulink url="https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/">UAPI.7 Linux TPM PCR
       Registry</ulink> for more discussion.</para>
     </refsect2>
   </refsect1>

man/systemd-dissect.xml

@@ -93,7 +93,7 @@
 
     <orderedlist>
       <listitem><para>OS disk images containing a GPT partition table envelope, with partitions marked
-      according to the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+      according to the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
       Specification</ulink>.</para></listitem>
 
       <listitem><para>OS disk images containing just a plain file-system without an enveloping partition
@@ -144,7 +144,7 @@
         <listitem><para>Mount the specified OS image to the specified directory. This will dissect the image,
         determine the OS root file system — as well as possibly other partitions — and mount them to the
         specified directory. If the OS image contains multiple partitions marked with the <ulink
-        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>
+        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink>
         multiple nested mounts are established. This command expects two arguments: a path to an image file
         and a path to a directory where to mount the image.</para>
 
@@ -421,7 +421,7 @@
         <option>--mount</option> or <option>--copy-to</option>) the file systems contained in the OS image
         are automatically grown to their partition sizes, if bit 59 in the GPT partition flags is set for
         partition types that are defined by the <ulink
-        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. This
+        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink>. This
         behavior may be switched off using <option>--growfs=no</option>. File systems are grown automatically
         on access if all of the following conditions are met:</para>
         <orderedlist>
@@ -492,7 +492,7 @@
         <option>--verity-data=</option> specifies a path to a file with the Verity data to use for the OS
         image, in case it is stored in a detached file. It is recommended to embed the Verity data directly
         in the image, using the Verity mechanisms in the <ulink
-        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>.
+        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink>.
         </para>
 
         <xi:include href="version-info.xml" xpointer="v247"/></listitem>
@@ -651,7 +651,7 @@
       <member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
-      <member><ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink></member>
+      <member><ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink></member>
       <member><citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
       <member><citerefentry project='man-pages'><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
       <member><citerefentry project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>

man/systemd-firstboot.xml

@@ -117,7 +117,7 @@
         are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
         but operates on file systems stored in disk images or block devices. The disk image should either
         contain just a file system or a set of file systems within a GPT partition table, following the
-        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
         Specification</ulink>. For further information on supported disk images, see
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
         switch of the same name.</para>

man/systemd-gpt-auto-generator.xml

@@ -36,7 +36,7 @@
     (XBOOTLDR), and swap partitions and creates mount and swap units for them, based on the partition type
     GUIDs of GUID partition tables (GPT). See <ulink url="https://uefi.org/specifications">UEFI
     Specification</ulink>, chapter 5 for more details. It implements the <ulink
-    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable
+    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable
     Partitions Specification</ulink>.</para>
 
     <para>Note that this generator has no effect on non-GPT systems. It will also not create mount point
@@ -138,7 +138,7 @@
             <entry>…</entry>
             <entry>Root partitions for other architectures</entry>
             <entry><filename>/</filename></entry>
-            <entry>The first partition with the type UUID matching the architecture, located on the same disk as the ESP used for booting, is used as the root file system <filename>/</filename>. For the full list and constant values, see <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>.</entry>
+            <entry>The first partition with the type UUID matching the architecture, located on the same disk as the ESP used for booting, is used as the root file system <filename>/</filename>. For the full list and constant values, see <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink>.</entry>
           </row>
           <row>
             <entry><constant>SD_GPT_HOME</constant></entry>
@@ -252,7 +252,7 @@
 
     <para>Mount and automount units for the EFI System Partition (ESP) and Extended Boot Loader Partition
     (XBOOTLDR) are generated on EFI systems. If the disk contains an XBOOTLDR partition, as defined in the
-    <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader
+    <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
     Specification</ulink>, it is made available at <filename>/boot/</filename>. This generator creates an
     automount unit; the mount will only be activated on-demand when accessed. The mount point will be created
     if necessary.</para>
@@ -354,7 +354,7 @@
         automatic discovery of the root partition based on GPT partition information is enabled. This is a
         superset of <varname>root=gpt-auto</varname>, as it automatically configures Verity partitions
         (including signature-based setup) following the logic defined for that in the <ulink
-        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification/">Discoverable
+        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification/">UAPI.2 Discoverable
         Partitions Specification</ulink>. Moreover it takes the configured image policy and image filter into
         account for all partition types, including the root file system. <literal>root=dissect</literal> will
         wait for the factory reset phase to be completed if it is in effect before activating the root file

man/systemd-id128.xml

@@ -96,7 +96,7 @@
     version 255.</para>
 
     <para><command>var-partition-uuid</command> prints a UUID which, following the <ulink
-    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable
+    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable
     Partitions Specification</ulink>, should be used as the GPT partition UUID for
     <filename>/var/</filename>, being derived from the GPT partition type, keyed by the local
     <filename>/etc/machine-id</filename>. Added in version 257.</para>

man/systemd-import-generator.xml

@@ -128,7 +128,7 @@
             from downloaded disk images. This is only supported for <literal>raw</literal> disk images.</para>
 
             <para>Note when this option is used with the purpose of mounting a disk image conforming to the
-            <ulink url="https://uapi-group.org/specifications/specs/discoverable_disk_image/">Discoverable
+            <ulink url="https://uapi-group.org/specifications/specs/discoverable_disk_image/">UAPI.3 Discoverable
             Disk Image Specification</ulink> as root file system, and the automatic GPT partition discovery
             logic as implemented by
             <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>

man/systemd-measure.xml

@@ -34,7 +34,7 @@
 
     <para><command>systemd-measure</command> is a tool that may be used to pre-calculate and sign the
     expected TPM2 PCR 11 values that should be seen when a Linux <ulink
-    url="https://uapi-group.org/specifications/specs/unified_kernel_image/">Unified Kernel Image
+    url="https://uapi-group.org/specifications/specs/unified_kernel_image/">UAPI.5 Unified Kernel Image
     (UKI)</ulink> based on
     <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry> is
     booted up. It accepts paths to the ELF kernel image file, initrd image file, devicetree file, kernel

man/systemd-mountfsd.service.xml

@@ -33,7 +33,7 @@
     file descriptors for the file systems contained therein to clients, via a Varlink IPC API.</para>
 
     <para>The disk images provided must contain a raw file system image or must follow the <ulink
-    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification/">Discoverable
+    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification/">UAPI.2 Discoverable
     Partitions Specification</ulink>. Before mounting any file systems authenticity of the disk image is
     established in one or a combination of the following ways:</para>
 

man/systemd-nspawn.xml

@@ -327,14 +327,12 @@
           partition of type
           0fc63daf-8483-4772-8e79-3d69d8477de4.</para></listitem>
 
-          <listitem><para>A GUID partition table (GPT) with a marked
-          root partition which is mounted as the root directory of the
-          container. Optionally, GPT images may contain a home and/or
-          a server data partition which are mounted to the appropriate
-          places in the container. All these partitions must be
-          identified by the partition types defined by the <ulink
-          url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable
-          Partitions Specification</ulink>.</para></listitem>
+          <listitem><para>A GUID partition table (GPT) with a marked root partition which is mounted as the
+          root directory of the container. Optionally, GPT images may contain a home and/or a server data
+          partition which are mounted to the appropriate places in the container. All these partitions must
+          be identified by the partition types defined by the <ulink
+          url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2
+          Discoverable Partitions Specification</ulink>.</para></listitem>
 
           <listitem><para>No partition table, and a single file system spanning the whole image.</para></listitem>
         </itemizedlist>

man/systemd-stub.xml

@@ -170,7 +170,7 @@
     or credentials) or bind encryption to booted kernels.</para>
 
     <para>For further details about the UKI concept, see the <ulink
-    url="https://uapi-group.org/specifications/specs/unified_kernel_image/">UKI specification</ulink>.</para>
+    url="https://uapi-group.org/specifications/specs/unified_kernel_image/">UAPI.5 UKI specification</ulink>.</para>
   </refsect1>
 
   <refsect1>
@@ -806,7 +806,7 @@
       <member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd-creds</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
-      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink></member>
+      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink></member>
       <member><ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink></member>
       <member><citerefentry><refentrytitle>ukify</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>

man/systemd-sysext.xml

@@ -90,7 +90,7 @@
     <orderedlist>
       <listitem><para>Plain directories or btrfs subvolumes containing the OS tree</para></listitem>
       <listitem><para>Disk images with a GPT disk label, following the <ulink
-      url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink></para></listitem>
+      url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink></para></listitem>
       <listitem><para>Disk images lacking a partition table, with a naked Linux file system (e.g. erofs,
       squashfs or ext4)</para></listitem>
     </orderedlist>

man/systemd-sysusers.xml

@@ -76,8 +76,8 @@
         are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
         but operates on file systems stored in disk images or block devices. The disk image should either
         contain just a file system or a set of file systems within a GPT partition table, following the
-        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
-        Specification</ulink>. For further information on supported disk images, see
+        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2
+        Discoverable Partitions Specification</ulink>. For further information on supported disk images, see
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
         switch of the same name.</para>
 

man/systemd-tmpfiles.xml

@@ -264,7 +264,7 @@
         are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
         but operates on file systems stored in disk images or block devices. The disk image should either
         contain just a file system or a set of file systems within a GPT partition table, following the
-        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
         Specification</ulink>. For further information on supported disk images, see
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
         switch of the same name.</para>

man/systemd-vmspawn.xml

@@ -196,7 +196,7 @@
             <para>Set the linux kernel image to use for direct kernel boot.
             If a directory type image is used and <option>--linux=</option> was omitted, vmspawn will search for boot loader entries
             according to the
-            <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> assuming
+            <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink> assuming
             XBOOTLDR to be located at /boot and ESP to be /efi respectively.
             If no kernel was installed into the image then the image will fail to boot.</para>
 
@@ -210,7 +210,7 @@
           <listitem>
             <para>Set the initrd to use for direct kernel boot.
             If the <option>--linux=</option> supplied is a
-            <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>
+            <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink>
             Type #2 entry, then this argument is not required.
             If no initrd was installed into the image then the image will fail to boot.</para>
 
@@ -739,7 +739,7 @@ $ ssh root@vsock/$my_vsock_cid -i /run/user/$UID/systemd/vmspawn/machine-*-syste
       <member><citerefentry project='debian'><refentrytitle>mkosi</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
-      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink></member>
+      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader Specification</ulink></member>
     </simplelist></para>
   </refsect1>
 </refentry>

man/systemd.exec.xml

@@ -174,9 +174,9 @@
         or loopback file instead of a directory. The device node or file system image file needs to contain a
         file system without a partition table, or a file system within an MBR/MS-DOS or GPT partition table
         with only a single Linux-compatible partition, or a set of file systems within a GPT partition table
-        that follows the
-        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">
-          Discoverable Partitions Specification</ulink>.</para>
+        that follows the <ulink
+        url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2
+        Discoverable Partitions Specification</ulink>.</para>
 
         <para>When <varname>DevicePolicy=</varname> is set to <literal>closed</literal> or
         <literal>strict</literal>, or set to <literal>auto</literal> and <varname>DeviceAllow=</varname> is

man/systemd.image-filter.xml

@@ -24,7 +24,7 @@
     <title>Description</title>
 
     <para>In systemd, whenever a disk image (DDI) implementing the <ulink
-    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable
+    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable
     Partitions Specification</ulink> is activated, a filter may be specified controlling which partitions to
     consider for mounting. Such a disk image dissection filter is a string that contains per-partition-type
     patterns, separated by colons (<literal>:</literal>). The individual rules consist of a partition

man/systemd.image-policy.xml

@@ -24,13 +24,13 @@
     <title>Description</title>
 
     <para>In systemd, whenever a disk image (DDI) implementing the <ulink
-    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable
-    Partitions Specification</ulink> is activated, a policy may be specified controlling which partitions to
-    mount and what kind of cryptographic protection to require. Such a disk image dissection policy is a
-    string that contains per-partition-type rules, separated by colons (<literal>:</literal>). The individual
-    rules consist of a partition identifier, an equal sign (<literal>=</literal>), and one or more flags
-    which may be set per partition. If multiple flags are specified per partition they are separated by a
-    plus sign (<literal>+</literal>).</para>
+    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2
+    Discoverable Partitions Specification</ulink> is activated, a policy may be specified controlling which
+    partitions to mount and what kind of cryptographic protection to require. Such a disk image dissection
+    policy is a string that contains per-partition-type rules, separated by colons
+    (<literal>:</literal>). The individual rules consist of a partition identifier, an equal sign
+    (<literal>=</literal>), and one or more flags which may be set per partition. If multiple flags are
+    specified per partition they are separated by a plus sign (<literal>+</literal>).</para>
 
     <para>The partition identifiers currently defined are: <option>root</option>, <option>usr</option>,
     <option>home</option>, <option>srv</option>, <option>esp</option>, <option>xbootldr</option>,

man/systemd.v.xml

@@ -81,7 +81,7 @@
 
     <para>The variable part of the filenames in the <literal>.v/</literal> directories are filtered and
     compared primarily with a version comparison, implementing <ulink
-    url="https://uapi-group.org/specifications/specs/version_format_specification/">Version Format
+    url="https://uapi-group.org/specifications/specs/version_format_specification/">UAPI.10 Version Format
     Specification</ulink>. However, additional rules apply:</para>
 
     <itemizedlist>

man/sysupdate.d.xml

@@ -84,8 +84,8 @@
       <listitem><para>A file <literal>https://download.example.com/foobarOS_47.root.xz</literal> should be
       downloaded, decompressed and written to a previously unused partition with GPT partition type UUID
       4f68bce3-e8cd-4db1-96e7-fbcaf984b709 for x86-64, as per <ulink
-      url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
-      Specification</ulink>.</para></listitem>
+      url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2
+      Discoverable Partitions Specification</ulink>.</para></listitem>
 
       <listitem><para>Similarly, a file <literal>https://download.example.com/foobarOS_47.verity.xz</literal>
       should be downloaded, decompressed and written to a previously empty partition with GPT partition type
@@ -93,7 +93,7 @@
       for x86-64 root file systems).</para></listitem>
 
       <listitem><para>Finally, a file <literal>https://download.example.com/foobarOS_47.efi</literal> (a
-      unified kernel, as per <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader
+      unified kernel, as per <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
       Specification</ulink> Type #2) should be downloaded, decompressed and written to the $BOOT file system,
       i.e. to <filename>EFI/Linux/foobarOS_47.efi</filename> in the ESP or XBOOTLDR partition.</para></listitem>
     </orderedlist>
@@ -368,21 +368,21 @@
             <entry><literal>@a</literal></entry>
             <entry>GPT partition flag NoAuto</entry>
             <entry>Either <literal>0</literal> or <literal>1</literal></entry>
-            <entry>Controls NoAuto bit of the GPT partition flags, as per <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>; only relevant if target resource type chosen as <constant>partition</constant></entry>
+            <entry>Controls NoAuto bit of the GPT partition flags, as per <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink>; only relevant if target resource type chosen as <constant>partition</constant></entry>
           </row>
 
           <row>
             <entry><literal>@g</literal></entry>
             <entry>GPT partition flag GrowFileSystem</entry>
             <entry>Either <literal>0</literal> or <literal>1</literal></entry>
-            <entry>Controls GrowFileSystem bit of the GPT partition flags, as per <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>; only relevant if target resource type chosen as <constant>partition</constant></entry>
+            <entry>Controls GrowFileSystem bit of the GPT partition flags, as per <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink>; only relevant if target resource type chosen as <constant>partition</constant></entry>
           </row>
 
           <row>
             <entry><literal>@r</literal></entry>
             <entry>Read-only flag</entry>
             <entry>Either <literal>0</literal> or <literal>1</literal></entry>
-            <entry>Controls ReadOnly bit of the GPT partition flags, as per <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink> and other output read-only flags, see <varname>ReadOnly=</varname> below</entry>
+            <entry>Controls ReadOnly bit of the GPT partition flags, as per <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions Specification</ulink> and other output read-only flags, see <varname>ReadOnly=</varname> below</entry>
           </row>
 
           <row>
@@ -681,12 +681,12 @@
         <para>If set to <constant>root</constant>, <constant>esp</constant>, <constant>xbootldr</constant>,
         the specified <varname>Path=</varname> will be resolved relative to the mount point of the
         corresponding partition, as defined by the
-        <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader
+        <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
         Specification</ulink>.</para>
 
         <para>If set to <constant>boot</constant>, the specified <varname>Path=</varname> will be resolved
         relative to the mount point of the $BOOT partition (i.e. the ESP or XBOOTLDR), as defined by the
-        <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader
+        <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
         Specification</ulink>.</para>
 
         <para>If set to <constant>explicit</constant>, the specified <varname>Path=</varname> will be
@@ -753,7 +753,7 @@
         overall <varname>PartitionFlags=</varname> flags setting and the individual flag settings
         <varname>PartitionNoAuto=</varname> and <varname>PartitionGrowFileSystem=</varname> are used (or the
         wildcards for them), then the latter override the former, i.e. the individual flag bit overrides the
-        overall flags value. See <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable
+        overall flags value. See <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable
         Partitions Specification</ulink> for details about these flags.</para>
 
         <para>Note that these settings are not used for matching, they only have effect on newly written
@@ -767,7 +767,7 @@
 
         <listitem><para>Controls whether to mark the resulting file, subvolume or partition read-only. If the
         target type is <constant>partition</constant> this controls the ReadOnly partition flag, as per
-        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+        <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">UAPI.2 Discoverable Partitions
         Specification</ulink>, similar to the <varname>PartitionNoAuto=</varname> and
         <varname>PartitionGrowFileSystem=</varname> flags described above. If the target type is
         <constant>regular-file</constant>, the writable bit is removed from the access mode. If the
@@ -987,7 +987,7 @@ TriesDone=0
 InstancesMax=2</programlisting></para>
 
         <para>The above installs a unified kernel image into the $BOOT partition, as per
-        <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader
+        <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">UAPI.1 Boot Loader
         Specification</ulink> Type #2. This defines three possible patterns for the names of the kernel
         images, as per <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot Assessment</ulink>,
         and ensures when installing new kernels, they are set up with 3 tries left. No more than two parallel

man/ukify.xml

@@ -47,7 +47,7 @@
     <para><command>ukify</command> is a tool whose primary purpose is to combine components (usually a
     kernel, an initrd, and the
     <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry> UEFI
-    stub) to create a <ulink url="https://uapi-group.org/specifications/specs/unified_kernel_image/">Unified
+    stub) to create a <ulink url="https://uapi-group.org/specifications/specs/unified_kernel_image/">UAPI.5 Unified
     Kernel Image (UKI)</ulink> — a single PE binary that boots the system. When the UKI is executed, the stub
     extracts and boots the embedded linux kernel. The UKI can be started directly by the firmware or through
     a boot loader. When used with <ulink url="https://www.qemu.org/docs/master/">qemu</ulink>, a UKI can also

meson.build

@@ -1163,8 +1163,9 @@ endif
 
 libmount = dependency('mount',
                       version : fuzzer_build ? '>= 0' : '>= 2.30',
-                      disabler : true,
                       required : get_option('libmount'))
+have = libmount.found()
+conf.set10('HAVE_LIBMOUNT', have)
 libmount_cflags = libmount.partial_dependency(includes: true, compile_args: true)
 
 libfdisk = dependency('fdisk',

shell-completion/zsh/_sd_bus_address

@@ -4,47 +4,47 @@ local context state state_descr line
 typeset -A val_args
 
 _values -S: kind \
-	'unix[a unix domain socket]:unix properties:->unix' \
-	'tcp[a tcp socket]:tcp properties:->tcp' \
-	'unixexec[a process]:unixexec properties:->unixexec' \
-	'x-machine-unix[a container]:machine properties:->x-machine-unix'
+    'unix[a unix domain socket]:unix properties:->unix' \
+    'tcp[a tcp socket]:tcp properties:->tcp' \
+    'unixexec[a process]:unixexec properties:->unixexec' \
+    'x-machine-unix[a container]:machine properties:->x-machine-unix'
 
 _sd_bus_get_guid() {
-	local TYPE VALUE
-	local -a busname=(org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus)
+    local TYPE VALUE
+    local -a busname=(org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus)
 
-	_call_program -l dbus-guid busctl call $busname GetId |
-	while read TYPE VALUE; do
-		[[ $TYPE == 's' && -n $VALUE ]] && compadd "$@" - ${(Q)VALUE};
-	done
+    _call_program -l dbus-guid busctl call $busname GetId |
+    while read TYPE VALUE; do
+        [[ $TYPE == 's' && -n $VALUE ]] && compadd "$@" - ${(Q)VALUE};
+    done
 }
 
 local expl ret
 case $context in
-	unix)
-		_values -s, 'unix socket properties' \
-			'guid[bus guid]:bus guid:_sd_bus_get_guid -qS,' \
-			'(abstract)path[unix domain socket path]:path:_files -r, -g "*(=)"' \
-			'(path)abstract[unix domain socket path in the abstract namespace]:abstract path:_files -r, -P@ -g "*(=)"' \
-			'uid[unix uid]:uid:_numbers' \
-			'gid[unix gid]:gid:_numbers'
-		;;
-	tcp)
-		_values -s, 'unix socket properties' \
-			'guid[bus guid]:bus guid:_sd_bus_get_guid -qS,' \
-			'host[hostname]:hostname:_hosts -r,'\
-			'port[port]:port:_numbers' \
-			'family[address family]:address family:(ipv4 ipv6)'
-		;;
-	unixexec)
-		_values -s, 'unixexec properties' \
-			'guid[bus guid]:bus guid:_sd_bus_get_guid -qS,' \
-			'path[command path]:command path:_absolute_command_paths -r,'\
-		;;
-	x-machine-unix)
-		_values -s, 'machine properties' \
-			'guid[bus guid]:bus guid:_sd_bus_get_guid -qS,' \
-			'(pid)machine[machine]:machine:_call_function ret _sd_machines' \
-			'(machine)pid[pid]:pid:_pids'
-		;;
+    unix)
+        _values -s, 'unix socket properties' \
+            'guid[bus guid]:bus guid:_sd_bus_get_guid -qS,' \
+            '(abstract)path[unix domain socket path]:path:_files -r, -g "*(=)"' \
+            '(path)abstract[unix domain socket path in the abstract namespace]:abstract path:_files -r, -P@ -g "*(=)"' \
+            'uid[unix uid]:uid:_numbers' \
+            'gid[unix gid]:gid:_numbers'
+        ;;
+    tcp)
+        _values -s, 'unix socket properties' \
+            'guid[bus guid]:bus guid:_sd_bus_get_guid -qS,' \
+            'host[hostname]:hostname:_hosts -r,'\
+            'port[port]:port:_numbers' \
+            'family[address family]:address family:(ipv4 ipv6)'
+        ;;
+    unixexec)
+        _values -s, 'unixexec properties' \
+            'guid[bus guid]:bus guid:_sd_bus_get_guid -qS,' \
+            'path[command path]:command path:_absolute_command_paths -r,'\
+        ;;
+    x-machine-unix)
+        _values -s, 'machine properties' \
+            'guid[bus guid]:bus guid:_sd_bus_get_guid -qS,' \
+            '(pid)machine[machine]:machine:_call_function ret _sd_machines' \
+            '(machine)pid[pid]:pid:_pids'
+        ;;
 esac

src/basic/dlfcn-util.c

@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "dlfcn-util.h"
+#include "errno-util.h"
 #include "log.h"
 
 void* safe_dlclose(void *dl) {
@@ -47,18 +48,20 @@ int dlsym_many_or_warn_sentinel(void *dl, int log_level, ...) {
 }
 
 int dlopen_many_sym_or_warn_sentinel(void **dlp, const char *filename, int log_level, ...) {
-        _cleanup_(dlclosep) void *dl = NULL;
         int r;
 
         if (*dlp)
                 return 0; /* Already loaded */
 
-        dl = dlopen(filename, RTLD_NOW|RTLD_NODELETE);
-        if (!dl)
-                return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                       "%s is not installed: %s", filename, dlerror());
+        _cleanup_(dlclosep) void *dl = NULL;
+        const char *dle = NULL;
+        r = dlopen_safe(filename, &dl, &dle);
+        if (r < 0) {
+                log_debug_errno(r, "Shared library '%s' is not available: %s", filename, dle ?: STRERROR(r));
+                return -EOPNOTSUPP; /* Turn into recognizable error */
+        }
 
-        log_debug("Loaded '%s' via dlopen()", filename);
+        log_debug("Loaded shared library '%s' via dlopen().", filename);
 
         va_list ap;
         va_start(ap, log_level);
@@ -73,3 +76,52 @@ int dlopen_many_sym_or_warn_sentinel(void **dlp, const char *filename, int log_l
         *dlp = TAKE_PTR(dl);
         return 1;
 }
+
+static bool dlopen_blocked = false;
+
+void block_dlopen(void) {
+        dlopen_blocked = true;
+}
+
+int dlopen_safe(const char *filename, void **ret, const char **reterr_dlerror) {
+        int r;
+
+        assert(filename);
+
+        /* A wrapper around dlopen(), that takes dlopen_blocked into account, and tries to normalize the
+         * error reporting a bit. */
+
+        int flags = RTLD_NOW|RTLD_NODELETE; /* Always set RTLD_NOW + RTLD_NODELETE, for security reasons */
+
+        /* If dlopen() is blocked we'll still try it, but set RTLD_NOLOAD, so that it will still work if
+         * already loaded (for example because the binary linked to things regularly), but fail if not. */
+        if (dlopen_blocked)
+                flags |= RTLD_NOLOAD;
+
+        errno = 0;
+        void *p = dlopen(filename, flags);
+        if (!p) {
+                if (dlopen_blocked) {
+                        (void) dlerror(); /* consume error, so that no later call will return it */
+
+                        if (reterr_dlerror)
+                                *reterr_dlerror = NULL;
+
+                        return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Refusing loading of '%s', as loading further dlopen() modules has been blocked.", filename);
+                }
+
+                r = errno_or_else(ENOPKG);
+
+                if (reterr_dlerror)
+                        *reterr_dlerror = dlerror();
+                else
+                        (void) dlerror(); /* consume error, so that no later call will return it */
+
+                return r;
+        }
+
+        if (ret)
+                *ret = TAKE_PTR(p);
+
+        return 0;
+}

src/basic/dlfcn-util.h

@@ -72,3 +72,11 @@ int dlopen_many_sym_or_warn_sentinel(void **dlp, const char *filename, int log_l
  * _SONAME_ARRAY<X+1> will need to be added). */
 #define ELF_NOTE_DLOPEN(feature, description, priority, ...) \
         _ELF_NOTE_DLOPEN("[{\"feature\":\"" feature "\",\"description\":\"" description "\",\"priority\":\"" priority "\",\"soname\":" _SONAME_ARRAY(__VA_ARGS__) "}]", UNIQ_T(s, UNIQ))
+
+/* If called dlopen_many_sym_or_warn() will fail with EPERM. This can be used to block lazy loading of shared
+ * libs, if we transfer a process into a different namespace. Note that this does not work for all calls of
+ * dlopen(), just those through our dlopen_safe() wrapper (which we use comprehensively in our
+ * codebase). This hence has *no* effect on NSS. (Would be great if we could change that...) */
+void block_dlopen(void);
+
+int dlopen_safe(const char *filename, void **ret, const char **reterr_dlerror);

src/basic/pcapng.h

@@ -11,7 +11,7 @@
  */
 enum pcapng_block_types {
         PCAPNG_INTERFACE_BLOCK = 1,
-        PCAPNG_PACKET_BLOCK,		/* Obsolete */
+        PCAPNG_PACKET_BLOCK, /* Obsolete */
         PCAPNG_SIMPLE_PACKET_BLOCK,
         PCAPNG_NAME_RESOLUTION_BLOCK,
         PCAPNG_INTERFACE_STATS_BLOCK,
@@ -51,7 +51,7 @@ enum pcapng_section_opt {
 };
 
 struct pcapng_interface_block {
-        uint32_t block_type;	/* 1 */
+        uint32_t block_type;   /* 1 */
         uint32_t block_length;
         uint16_t link_type;
         uint16_t reserved;
@@ -59,7 +59,7 @@ struct pcapng_interface_block {
 };
 
 enum pcapng_interface_options {
-        PCAPNG_IFB_NAME	 = 2,
+        PCAPNG_IFB_NAME = 2,
         PCAPNG_IFB_DESCRIPTION,
         PCAPNG_IFB_IPV4ADDR,
         PCAPNG_IFB_IPV6ADDR,
@@ -76,7 +76,7 @@ enum pcapng_interface_options {
 };
 
 struct pcapng_enhance_packet_block {
-        uint32_t block_type;	/* 6 */
+        uint32_t block_type; /* 6 */
         uint32_t block_length;
         uint32_t interface_id;
         uint32_t timestamp_hi;
@@ -99,7 +99,7 @@ enum pcapng_epb_options {
 };
 
 struct pcapng_statistics_block {
-        uint32_t block_type;	/* 5 */
+        uint32_t block_type; /* 5 */
         uint32_t block_length;
         uint32_t interface_id;
         uint32_t timestamp_hi;

src/basic/process-util.c

@@ -22,6 +22,7 @@
 #include "argv-util.h"
 #include "cgroup-util.h"
 #include "dirent-util.h"
+#include "dlfcn-util.h"
 #include "env-file.h"
 #include "errno-util.h"
 #include "escape.h"
@@ -1695,6 +1696,15 @@ int pidref_safe_fork_full(
                                        r, "Failed to rename process, ignoring: %m");
         }
 
+        /* let's disable dlopen() in the child, as a paranoia safety precaution: children should not live for
+         * long and only do minimal work before exiting or exec()ing. Doing dlopen() is not either. If people
+         * want dlopen() they should do it before forking. This is a safety precuation in particular for
+         * cases where the child does namespace shenanigans: we should never end up loading a module from a
+         * foreign environment. Note that this has no effect on NSS! (i.e. it only has effect on uses of our
+         * dlopen_safe(), which we use comprehensively in our codebase, but glibc NSS doesn't bother, of
+         * course.) */
+        block_dlopen();
+
         if (flags & (FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGINT|FORK_DEATHSIG_SIGKILL))
                 if (prctl(PR_SET_PDEATHSIG, fork_flags_to_signal(flags)) < 0) {
                         log_full_errno(prio, errno, "Failed to set death signal: %m");

src/core/crash-handler.c

@@ -7,6 +7,7 @@
 
 #include "constants.h"
 #include "crash-handler.h"
+#include "dlfcn-util.h"
 #include "exit-status.h"
 #include "format-util.h"
 #include "log.h"
@@ -70,6 +71,9 @@ _noreturn_ static void crash(int sig, siginfo_t *siginfo, void *context) {
          * memory allocation is not async-signal-safe anyway — see signal-safety(7) for details —, and thus
          * is not permissible in signal handlers.) */
 
+        block_dlopen(); /* paranoia: never end up doing dlopen() as side-effect from some call anymore from
+                         * here */
+
         if (getpid_cached() != 1)
                 /* Pass this on immediately, if this is not PID 1 */
                 propagate_signal(sig, siginfo);

src/core/exec-invoke.c

@@ -32,6 +32,7 @@
 #include "constants.h"
 #include "copy.h"
 #include "coredump-util.h"
+#include "cryptsetup-util.h"
 #include "dissect-image.h"
 #include "dynamic-user.h"
 #include "env-util.h"
@@ -48,6 +49,7 @@
 #include "io-util.h"
 #include "iovec-util.h"
 #include "journal-send.h"
+#include "libmount-util.h"
 #include "manager.h"
 #include "memfd-util.h"
 #include "mkdir-label.h"
@@ -5818,6 +5820,16 @@ int exec_invoke(
                 }
         }
 
+        /* Load a bunch of libraries we'll possibly need later, before we turn off dlopen() */
+        (void) dlopen_bpf();
+        (void) dlopen_cryptsetup();
+        (void) dlopen_libmount();
+        (void) dlopen_libseccomp();
+
+        /* Let's now disable further dlopen()ing of libraries, since we are about to do namespace
+         * shenanigans, and do not want to mix resources from host and namespace */
+        block_dlopen();
+
         if (needs_sandboxing && !have_cap_sys_admin && exec_needs_cap_sys_admin(context, params)) {
                 /* If we're unprivileged, set up the user namespace first to enable use of the other namespaces.
                  * Users with CAP_SYS_ADMIN can set up user namespaces last because they will be able to

src/core/execute-serialize.c

@@ -2622,7 +2622,7 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) {
                                 return r;
                 } else if ((val = startswith(l, "exec-context-root-hash-sig="))) {
                         iovec_done(&c->root_hash_sig);
-                        r= unbase64mem(val, &c->root_hash_sig.iov_base, &c->root_hash_sig.iov_len);
+                        r = unbase64mem(val, &c->root_hash_sig.iov_base, &c->root_hash_sig.iov_len);
                         if (r < 0)
                                 return r;
                 } else if ((val = startswith(l, "exec-context-root-ephemeral="))) {

src/core/main.c

@@ -59,6 +59,7 @@
 #include "killall.h"
 #include "kmod-setup.h"
 #include "label-util.h"
+#include "libmount-util.h"
 #include "limits-util.h"
 #include "load-fragment.h"
 #include "log.h"
@@ -3310,6 +3311,12 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        r = dlopen_libmount();
+        if (r < 0) {
+                error_message = "Failed to load libmount.so";
+                goto finish;
+        }
+
         r = initialize_runtime(skip_setup,
                                first_boot,
                                &saved_rlimit_nofile,

src/core/meson.build

@@ -133,6 +133,8 @@ libcore_static = static_library(
         implicit_include_directories : false,
         c_args : ['-fvisibility=default'],
         dependencies : [libaudit_cflags,
+                        libbpf_cflags,
+                        libcryptsetup_cflags,
                         libdl,
                         libm,
                         libmount_cflags,
@@ -200,6 +202,7 @@ executables += [
                 'dependencies' : [
                         libapparmor_cflags,
                         libkmod_cflags,
+                        libmount_cflags,
                         libseccomp_cflags,
                         libselinux_cflags,
                 ],
@@ -212,6 +215,9 @@ executables += [
                 'link_with' : executor_libs,
                 'dependencies' : [
                         libapparmor_cflags,
+                        libbpf_cflags,
+                        libcryptsetup_cflags,
+                        libmount_cflags,
                         libpam_cflags,
                         libseccomp_cflags,
                         libselinux_cflags,

src/core/mount.c

@@ -60,7 +60,9 @@ static const UnitActiveState state_translation_table[_MOUNT_STATE_MAX] = {
 };
 
 static int mount_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
+#if HAVE_LIBMOUNT
 static int mount_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
+#endif
 static void mount_enter_dead(Mount *m, MountResult f, bool flush_result);
 static void mount_enter_mounted(Mount *m, MountResult f);
 static void mount_cycle_clear(Mount *m);
@@ -1744,6 +1746,7 @@ static int mount_dispatch_timer(sd_event_source *source, usec_t usec, void *user
         return 0;
 }
 
+#if HAVE_LIBMOUNT
 static int mount_setup_new_unit(
                 Manager *m,
                 const char *name,
@@ -1924,8 +1927,10 @@ static int mount_setup_unit(
 
         return 0;
 }
+#endif
 
 static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
+#if HAVE_LIBMOUNT
         _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
         _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
         _cleanup_set_free_ Set *devices = NULL;
@@ -1965,6 +1970,9 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
         }
 
         return 0;
+#else
+        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 static void mount_shutdown(Manager *m) {
@@ -2042,6 +2050,7 @@ static bool mount_is_mounted(Mount *m) {
         return UNIT(m)->perpetual || FLAGS_SET(m->proc_flags, MOUNT_PROC_IS_MOUNTED);
 }
 
+#if HAVE_LIBMOUNT
 static int mount_on_ratelimit_expire(sd_event_source *s, void *userdata) {
         Manager *m = ASSERT_PTR(userdata);
         Job *j;
@@ -2060,8 +2069,10 @@ static int mount_on_ratelimit_expire(sd_event_source *s, void *userdata) {
 
         return 0;
 }
+#endif
 
 static void mount_enumerate(Manager *m) {
+#if HAVE_LIBMOUNT
         int r;
 
         assert(m);
@@ -2154,9 +2165,14 @@ static void mount_enumerate(Manager *m) {
 
 fail:
         mount_shutdown(m);
+#else
+        log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Cannot enumerate mounts, as libmount support is not compiled in");
+        mount_shutdown(m);
+#endif
 }
 
 static int drain_libmount(Manager *m) {
+#if HAVE_LIBMOUNT
         bool rescan = false;
         int r;
 
@@ -2180,6 +2196,9 @@ static int drain_libmount(Manager *m) {
         } while (r == 0);
 
         return rescan;
+#else
+        return 0;
+#endif
 }
 
 static int mount_process_proc_self_mountinfo(Manager *m) {
@@ -2294,6 +2313,7 @@ static int mount_process_proc_self_mountinfo(Manager *m) {
         return 0;
 }
 
+#if HAVE_LIBMOUNT
 static int mount_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
         Manager *m = ASSERT_PTR(userdata);
 
@@ -2301,6 +2321,7 @@ static int mount_dispatch_io(sd_event_source *source, int fd, uint32_t revents,
 
         return mount_process_proc_self_mountinfo(m);
 }
+#endif
 
 static void mount_reset_failed(Unit *u) {
         Mount *m = MOUNT(u);

src/core/service.c

@@ -14,6 +14,7 @@
 #include "bus-error.h"
 #include "bus-util.h"
 #include "chase.h"
+#include "cryptsetup-util.h"
 #include "dbus-service.h"
 #include "dbus-unit.h"
 #include "devnum-util.h"
@@ -5552,6 +5553,8 @@ static int service_live_mount(
                                 u->id);
         }
 
+        (void) dlopen_cryptsetup();
+
         service_unwatch_control_pid(s);
         s->live_mount_result = SERVICE_SUCCESS;
         s->control_command = NULL;

src/creds/meson.build

@@ -1,5 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+if conf.get('HAVE_LIBMOUNT') != 1
+        subdir_done()
+endif
+
 executables += [
         executable_template + {
                 'name' : 'systemd-creds',

src/cryptsetup/meson.build

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
-if conf.get('HAVE_LIBCRYPTSETUP') != 1
+if conf.get('HAVE_LIBCRYPTSETUP') != 1 or conf.get('HAVE_LIBMOUNT') != 1
         subdir_done()
 endif
 

src/fstab-generator/meson.build

@@ -1,5 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+if conf.get('HAVE_LIBMOUNT') != 1
+        subdir_done()
+endif
+
 executables += [
         generator_template + {
                 'name' : 'systemd-fstab-generator',

src/fundamental/efi-fundamental.h

@@ -21,7 +21,7 @@ static inline bool efi_guid_equal(const EFI_GUID *a, const EFI_GUID *b) {
 
 typedef struct {
         EFI_GUID SignatureOwner;
-        uint8_t	SignatureData[];
+        uint8_t SignatureData[];
 } EFI_SIGNATURE_DATA;
 
 typedef struct {

src/keyutil/keyutil.c

@@ -10,7 +10,6 @@
 #include "fs-util.h"
 #include "log.h"
 #include "main-func.h"
-#include "memstream-util.h"
 #include "openssl-util.h"
 #include "parse-argument.h"
 #include "pretty-print.h"
@@ -303,21 +302,9 @@ static int verb_public(int argc, char *argv[], void *userdata) {
                 if (r < 0)
                         return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);
 
-                _cleanup_(memstream_done) MemStream m = {};
-                FILE *tf = memstream_init(&m);
-                if (!tf)
-                        return log_oom();
-
-                if (i2d_PUBKEY_fp(tf, private_key) != 1)
-                        return log_error_errno(SYNTHETIC_ERRNO(EIO),
-                                               "Failed to extract public key from private key file '%s'.", arg_private_key);
-
-                fflush(tf);
-                rewind(tf);
-
-                if (!d2i_PUBKEY_fp(tf, &public_key))
-                        return log_error_errno(SYNTHETIC_ERRNO(EIO),
-                                               "Failed to parse extracted public key of private key file '%s'.", arg_private_key);
+                r = openssl_extract_public_key(private_key, &public_key);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to extract public key from private key file '%s': %m", arg_private_key);
         } else
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "One of --certificate=, or --private-key= must be specified");
 

src/libsystemd/meson.build

@@ -203,7 +203,6 @@ simple_tests += files(
         'sd-bus/test-bus-vtable.c',
         'sd-device/test-device-util.c',
         'sd-device/test-sd-device-monitor.c',
-        'sd-device/test-sd-device.c',
         'sd-journal/test-journal-flush.c',
         'sd-journal/test-journal-interleaving.c',
         'sd-journal/test-journal-stream.c',
@@ -214,6 +213,10 @@ simple_tests += files(
 )
 
 libsystemd_tests += [
+        {
+                'sources' : files('sd-device/test-sd-device.c'),
+                'dependencies' : [ threads, libmount_cflags ],
+        },
         {
                 'sources' : files('sd-bus/test-bus-address.c'),
                 'dependencies' : threads

src/libsystemd/sd-device/test-sd-device.c

@@ -13,6 +13,7 @@
 #include "fd-util.h"
 #include "fs-util.h"
 #include "hashmap.h"
+#include "libmount-util.h"
 #include "mkdir.h"
 #include "mount-util.h"
 #include "mountpoint-util.h"
@@ -833,8 +834,14 @@ TEST(devname_from_devnum) {
 }
 
 static int intro(void) {
+        int r;
+
         if (path_is_mount_point("/sys") <= 0)
-                return log_tests_skipped("/sys is not mounted");
+                return log_tests_skipped("/sys/ is not mounted");
+
+        r = dlopen_libmount();
+        if (r < 0)
+                return log_tests_skipped("libmount not available.");
 
         return EXIT_SUCCESS;
 }

src/measure/measure-tool.c

@@ -15,7 +15,6 @@
 #include "hexdecoct.h"
 #include "log.h"
 #include "main-func.h"
-#include "memstream-util.h"
 #include "openssl-util.h"
 #include "pager.h"
 #include "parse-argument.h"
@@ -890,25 +889,10 @@ static int build_policy_digest(bool sign) {
                                         "Failed to extract public key from certificate %s.",
                                         arg_certificate);
         } else if (sign) {
-                _cleanup_(memstream_done) MemStream m = {};
-                FILE *tf;
-
                 /* No public key was specified, let's derive it automatically, if we can, when signing */
-
-                tf = memstream_init(&m);
-                if (!tf)
-                        return log_oom();
-
-                if (i2d_PUBKEY_fp(tf, privkey) != 1)
-                        return log_error_errno(SYNTHETIC_ERRNO(EIO),
-                                               "Failed to extract public key from private key file '%s'.", arg_private_key);
-
-                fflush(tf);
-                rewind(tf);
-
-                if (!d2i_PUBKEY_fp(tf, &pubkey))
-                        return log_error_errno(SYNTHETIC_ERRNO(EIO),
-                                               "Failed to parse extracted public key of private key file '%s'.", arg_private_key);
+                r = openssl_extract_public_key(privkey, &pubkey);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to extract public key from private key file '%s': %m", arg_private_key);
         }
 
         r = pcr_states_allocate(&pcr_states);

src/mount/meson.build

@@ -1,5 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+if conf.get('HAVE_LIBMOUNT') != 1
+        subdir_done()
+endif
+
 executables += [
         executable_template + {
                 'name' : 'systemd-mount',

src/nspawn/meson.build

@@ -47,6 +47,7 @@ executables += [
                         include_directories('.')
                 ],
                 'dependencies' : [
+                        libmount_cflags,
                         libseccomp_cflags,
                         libselinux_cflags,
                 ],

src/nspawn/nspawn.c

@@ -41,6 +41,7 @@
 #include "devnum-util.h"
 #include "discover-image.h"
 #include "dissect-image.h"
+#include "dlfcn-util.h"
 #include "env-util.h"
 #include "escape.h"
 #include "ether-addr-util.h"
@@ -58,6 +59,7 @@
 #include "image-policy.h"
 #include "in-addr-util.h"
 #include "io-util.h"
+#include "libmount-util.h"
 #include "log.h"
 #include "loop-util.h"
 #include "loopback-setup.h"
@@ -2551,14 +2553,12 @@ static int setup_hostname(void) {
         return 0;
 }
 
-static int setup_journal(const char *root_dir, const char *persistent_path, uid_t chown_uid, uid_t chown_range) {
+static int setup_journal(const char *directory, uid_t uid_shift, uid_t uid_range) {
         _cleanup_free_ char *d = NULL;
         sd_id128_t this_id;
         bool try;
         int r;
 
-        assert(root_dir);
-
         /* Don't link journals in ephemeral mode */
         if (arg_ephemeral)
                 return 0;
@@ -2568,17 +2568,6 @@ static int setup_journal(const char *root_dir, const char *persistent_path, uid_
 
         try = arg_link_journal_try || arg_link_journal == LINK_AUTO;
 
-        if (!persistent_path) {
-                if (try) {
-                        log_debug("No persistent path available, skipping journal linking.");
-                        return 0;
-                } else
-                        return log_error_errno(
-                                        SYNTHETIC_ERRNO(ENOENT),
-                                        "Journal linking requested but no persistent directory available. "
-                                        "Use --directory, or --link-journal=auto/try-guest/try-host for optional linking.");
-        }
-
         r = sd_id128_get_machine(&this_id);
         if (r < 0)
                 return log_error_errno(r, "Failed to retrieve machine ID: %m");
@@ -2592,7 +2581,7 @@ static int setup_journal(const char *root_dir, const char *persistent_path, uid_
         }
 
         FOREACH_STRING(dirname, "/var", "/var/log", "/var/log/journal") {
-                r = userns_mkdir(root_dir, dirname, 0755, 0, 0);
+                r = userns_mkdir(directory, dirname, 0755, 0, 0);
                 if (r < 0) {
                         bool ignore = r == -EROFS && try;
                         log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r,
@@ -2605,14 +2594,10 @@ static int setup_journal(const char *root_dir, const char *persistent_path, uid_
         if (!p)
                 return log_oom();
 
-        _cleanup_free_ char *q = path_join(persistent_path, p);
+        _cleanup_free_ char *q = path_join(directory, p);
         if (!q)
                 return log_oom();
 
-        _cleanup_free_ char *container_path = path_join(root_dir, p);
-        if (!container_path)
-                return log_oom();
-
         if (path_is_mount_point(p) > 0) {
                 if (try)
                         return 0;
@@ -2621,14 +2606,12 @@ static int setup_journal(const char *root_dir, const char *persistent_path, uid_
                                        "%s: already a mount point, refusing to use for journal", p);
         }
 
-        if (path_is_mount_point(container_path) > 0) {
+        if (path_is_mount_point(q) > 0) {
                 if (try)
                         return 0;
 
-                return log_error_errno(
-                                SYNTHETIC_ERRNO(EEXIST),
-                                "%s: already a mount point, refusing to use for journal",
-                                container_path);
+                return log_error_errno(SYNTHETIC_ERRNO(EEXIST),
+                                       "%s: already a mount point, refusing to use for journal", q);
         }
 
         r = readlink_and_make_absolute(p, &d);
@@ -2636,9 +2619,9 @@ static int setup_journal(const char *root_dir, const char *persistent_path, uid_
                 if (IN_SET(arg_link_journal, LINK_GUEST, LINK_AUTO) &&
                     path_equal(d, q)) {
 
-                        r = userns_mkdir(root_dir, p, 0755, 0, 0);
+                        r = userns_mkdir(directory, p, 0755, 0, 0);
                         if (r < 0)
-                                log_warning_errno(r, "Failed to create directory %s: %m", container_path);
+                                log_warning_errno(r, "Failed to create directory %s: %m", q);
                         return 0;
                 }
 
@@ -2668,9 +2651,9 @@ static int setup_journal(const char *root_dir, const char *persistent_path, uid_
                                 return log_error_errno(errno, "Failed to symlink %s to %s: %m", q, p);
                 }
 
-                r = userns_mkdir(root_dir, p, 0755, 0, 0);
+                r = userns_mkdir(directory, p, 0755, 0, 0);
                 if (r < 0)
-                        log_warning_errno(r, "Failed to create directory %s: %m", container_path);
+                        log_warning_errno(r, "Failed to create directory %s: %m", q);
                 return 0;
         }
 
@@ -2690,25 +2673,25 @@ static int setup_journal(const char *root_dir, const char *persistent_path, uid_
         } else if (access(p, F_OK) < 0)
                 return 0;
 
-        if (dir_is_empty(container_path, /* ignore_hidden_or_backup= */ false) == 0)
-                log_warning("%s is not empty, proceeding anyway.", container_path);
+        if (dir_is_empty(q, /* ignore_hidden_or_backup= */ false) == 0)
+                log_warning("%s is not empty, proceeding anyway.", q);
 
-        r = userns_mkdir(root_dir, p, 0755, 0, 0);
+        r = userns_mkdir(directory, p, 0755, 0, 0);
         if (r < 0)
-                return log_error_errno(r, "Failed to create %s: %m", container_path);
+                return log_error_errno(r, "Failed to create %s: %m", q);
 
         return mount_custom(
-                        root_dir,
+                        directory,
                         &(CustomMount) {
                                 .type = CUSTOM_MOUNT_BIND,
-                                .options = (char*) (uid_is_valid(chown_uid) ? "rootidmap" : NULL),
+                                .options = (char*) (uid_is_valid(uid_shift) ? "rootidmap" : NULL),
                                 .source = p,
                                 .destination = p,
                                 .destination_uid = UID_INVALID,
                         },
                         /* n = */ 1,
-                        chown_uid,
-                        chown_range,
+                        uid_shift,
+                        uid_range,
                         arg_selinux_apifs_context,
                         MOUNT_NON_ROOT_ONLY);
 }
@@ -3880,7 +3863,6 @@ static DissectImageFlags determine_dissect_image_flags(void) {
 static int outer_child(
                 Barrier *barrier,
                 const char *directory,
-                const char *persistent_path,
                 int mount_fd,
                 DissectedImage *dissected_image,
                 int fd_outer_socket,
@@ -4287,7 +4269,7 @@ static int outer_child(
         if (r < 0)
                 return r;
 
-        r = setup_journal(directory, persistent_path, chown_uid, chown_range);
+        r = setup_journal(directory, chown_uid, chown_range);
         if (r < 0)
                 return r;
 
@@ -4372,6 +4354,9 @@ static int outer_child(
         if (pid == 0) {
                 fd_outer_socket = safe_close(fd_outer_socket);
 
+                /* In the child refuse dlopen(), so that we never mix shared libraries from payload and parent */
+                block_dlopen();
+
                 /* The inner child has all namespaces that are requested, so that we all are owned by the
                  * user if user namespaces are turned on. */
 
@@ -5085,7 +5070,6 @@ static int load_oci_bundle(void) {
 
 static int run_container(
                 const char *directory,
-                const char *persistent_path,
                 int mount_fd,
                 DissectedImage *dissected_image,
                 int userns_fd,
@@ -5236,7 +5220,6 @@ static int run_container(
 
                 r = outer_child(&barrier,
                                 directory,
-                                persistent_path,
                                 mount_fd,
                                 dissected_image,
                                 fd_outer_socket_pair[1],
@@ -5949,7 +5932,6 @@ static int run(int argc, char *argv[]) {
         _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
         _cleanup_(sd_netlink_unrefp) sd_netlink *nfnl = NULL;
         _cleanup_(pidref_done) PidRef pid = PIDREF_NULL;
-        _cleanup_free_ char *persistent_path_storage = NULL;
 
         log_setup();
 
@@ -5962,6 +5944,10 @@ static int run(int argc, char *argv[]) {
         if (arg_cleanup)
                 return do_cleanup();
 
+        (void) dlopen_libmount();
+        (void) dlopen_libseccomp();
+        (void) dlopen_libselinux();
+
         r = cg_has_legacy();
         if (r < 0)
                 goto finish;
@@ -6411,47 +6397,6 @@ static int run(int argc, char *argv[]) {
                         arg_architecture = dissected_image_architecture(dissected_image);
         }
 
-        /* Journal linking creates symlinks from the host's /var/log/journal/<uuid> to a persistent directory
-         * that survives container restarts, allowing journalctl -M to read container logs. But where that
-         * persistent directory is can be quite different depending on the mode:
-         *
-         * For --directory: The directory itself is the persistent location.
-         * For --image: Use /var/lib/machines/<machine-name> if it exists as a directory.
-         *
-         * Otherwise, we skip journal linking.
-         */
-        const char *persistent_path;
-        if (arg_directory)
-                persistent_path = arg_directory;
-        else if (arg_image) {
-                persistent_path_storage = path_join("/var/lib/machines", arg_machine);
-                if (!persistent_path_storage) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                /* Validate that the persistent path exists and is actually a directory. We cannot create it
-                 * ourselves as that would conflict with image management. */
-                struct stat st;
-                if (stat(persistent_path_storage, &st) < 0) {
-                        if (errno == ENOENT)
-                                log_debug("Persistent directory %s does not exist, skipping journal linking.",
-                                          persistent_path_storage);
-                        else
-                                log_warning_errno(
-                                                errno,
-                                                "Failed to access persistent directory %s, skipping journal linking: %m",
-                                                persistent_path_storage);
-                        persistent_path = NULL;
-                } else if (!S_ISDIR(st.st_mode)) {
-                        log_warning("%s exists but is not a directory, skipping journal linking.",
-                                    persistent_path_storage);
-                        persistent_path = NULL;
-                } else
-                        persistent_path = persistent_path_storage;
-        } else
-                assert_not_reached();
-
         /* Create a temporary place to mount stuff. */
         r = mkdtemp_malloc("/tmp/nspawn-root-XXXXXX", &rootdir);
         if (r < 0) {
@@ -6498,7 +6443,6 @@ static int run(int argc, char *argv[]) {
         for (;;) {
                 r = run_container(
                                 rootdir,
-                                persistent_path,
                                 mount_fd,
                                 dissected_image,
                                 userns_fd,

src/oom/oomd-util.c

@@ -237,6 +237,16 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) {
 
         assert(path);
 
+        /* First try to send SIG0 recursively to ensure all child cgroups can be killed. */
+        if (recurse)
+                r = cg_kill_recursive(path, /* sig= */ 0, CGROUP_IGNORE_SELF,
+                                      /* killed_pids= */ NULL, /* log_kill= */ NULL, /* userdata= */ NULL);
+        else
+                r = cg_kill(path, /* sig= */ 0, CGROUP_IGNORE_SELF,
+                            /* killed_pids= */ NULL, /* log_kill= */ NULL, /* userdata= */ NULL);
+        if (r < 0)
+                return log_debug_errno(r, "Failed to send SIG0 to processes in cgroup '%s': %m", path);
+
         if (dry_run) {
                 _cleanup_free_ char *cg_path = NULL;
 
@@ -337,12 +347,6 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char
                 if (c->pgscan == 0 && c->current_memory_usage == 0)
                         continue;
 
-                /* First try killing recursively to ensure all child cgroups can be killed. */
-                r = cg_kill_recursive(c->path, /* sig= */ 0, CGROUP_IGNORE_SELF, /* killed_pids= */ NULL,
-                                      /* log_kill= */ NULL, /* userdata= */ NULL);
-                if (r < 0)
-                        continue;
-
                 r = oomd_cgroup_kill(c->path, /* recurse= */ true, /* dry_run= */ dry_run);
                 if (r == -ENOMEM)
                         return r; /* Treat oom as a hard error */
@@ -387,12 +391,6 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run,
                 if (c->swap_usage <= threshold_usage)
                         continue;
 
-                /* First try killing recursively to ensure all child cgroups can be killed. */
-                r = cg_kill_recursive(c->path, /* sig= */ 0, CGROUP_IGNORE_SELF, /* killed_pids= */ NULL,
-                                      /* log_kill= */ NULL, /* userdata= */ NULL);
-                if (r < 0)
-                        continue;
-
                 r = oomd_cgroup_kill(c->path, /* recurse= */ true, /* dry_run= */ dry_run);
                 if (r == -ENOMEM)
                         return r; /* Treat oom as a hard error */

src/portable/meson.build

@@ -29,6 +29,8 @@ executables += [
                 'sources' : systemd_portabled_sources,
                 'link_with' : portabled_link_with,
                 'dependencies' : [
+                        libcryptsetup_cflags,
+                        libmount_cflags,
                         libselinux_cflags,
                         threads,
                 ],

src/portable/portable.c

@@ -12,6 +12,7 @@
 #include "chase.h"
 #include "conf-files.h"
 #include "copy.h"
+#include "cryptsetup-util.h"
 #include "data-fd-util.h"
 #include "dirent-util.h"
 #include "discover-image.h"
@@ -28,6 +29,7 @@
 #include "glyph-util.h"
 #include "install.h"
 #include "iovec-util.h"
+#include "libmount-util.h"
 #include "log-context.h"
 #include "log.h"
 #include "loop-util.h"
@@ -420,6 +422,10 @@ static int portable_extract_by_path(
 
                 BLOCK_SIGNALS(SIGCHLD);
 
+                /* Load some libraries before we fork workers off that want to use them */
+                (void) dlopen_cryptsetup();
+                (void) dlopen_libmount();
+
                 r = mkdtemp_malloc("/tmp/inspect-XXXXXX", &tmpdir);
                 if (r < 0)
                         return log_debug_errno(r, "Failed to create temporary directory: %m");

src/portable/profile/default/service.conf

@@ -9,9 +9,9 @@ BindReadOnlyPaths=/run/dbus/system_bus_socket
 DynamicUser=yes
 RemoveIPC=yes
 CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER \
-	CAP_FSETID CAP_IPC_LOCK CAP_IPC_OWNER CAP_KILL CAP_MKNOD CAP_NET_ADMIN \
-	CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_SETGID CAP_SETPCAP \
-	CAP_SETUID CAP_SYS_ADMIN CAP_SYS_CHROOT CAP_SYS_NICE CAP_SYS_RESOURCE
+                      CAP_FSETID CAP_IPC_LOCK CAP_IPC_OWNER CAP_KILL CAP_MKNOD CAP_NET_ADMIN \
+                      CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_SETGID CAP_SETPCAP \
+                      CAP_SETUID CAP_SYS_ADMIN CAP_SYS_CHROOT CAP_SYS_NICE CAP_SYS_RESOURCE
 PrivateDevices=yes
 PrivateUsers=yes
 ProtectSystem=strict

src/portable/profile/nonetwork/service.conf

@@ -8,8 +8,8 @@ BindReadOnlyPaths=/run/dbus/system_bus_socket
 DynamicUser=yes
 RemoveIPC=yes
 CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER \
-	CAP_FSETID CAP_IPC_LOCK CAP_IPC_OWNER CAP_KILL CAP_MKNOD CAP_SETGID CAP_SETPCAP \
-	CAP_SETUID CAP_SYS_ADMIN CAP_SYS_CHROOT CAP_SYS_NICE CAP_SYS_RESOURCE
+                      CAP_FSETID CAP_IPC_LOCK CAP_IPC_OWNER CAP_KILL CAP_MKNOD CAP_SETGID CAP_SETPCAP \
+                      CAP_SETUID CAP_SYS_ADMIN CAP_SYS_CHROOT CAP_SYS_NICE CAP_SYS_RESOURCE
 PrivateDevices=yes
 PrivateUsers=yes
 ProtectSystem=strict

src/remount-fs/meson.build

@@ -1,5 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+if conf.get('HAVE_LIBMOUNT') != 1
+        subdir_done()
+endif
+
 executables += [
         libexec_template + {
                 'name' : 'systemd-remount-fs',

src/repart/meson.build

@@ -16,6 +16,7 @@ executables += [
                 'dependencies' : [
                         libblkid_cflags,
                         libfdisk,
+                        libmount_cflags,
                         libopenssl,
                         threads,
                 ],
@@ -35,6 +36,7 @@ executables += [
                 'dependencies' : [
                         libblkid_cflags,
                         libfdisk,
+                        libmount_cflags,
                         libopenssl,
                         threads,
                 ],

src/repart/repart.c

@@ -50,6 +50,7 @@
 #include "initrd-util.h"
 #include "io-util.h"
 #include "json-util.h"
+#include "libmount-util.h"
 #include "list.h"
 #include "loop-util.h"
 #include "main-func.h"
@@ -6616,6 +6617,8 @@ static int partition_populate_filesystem(Context *context, Partition *p, const c
          * appear in the host namespace. Hence we fork a child that has its own file system namespace and
          * detached mount propagation. */
 
+        (void) dlopen_libmount();
+
         r = safe_fork("(sd-copy)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE, NULL);
         if (r < 0)
                 return r;

src/run/run.c

@@ -73,7 +73,7 @@ static bool arg_no_block = false;
 static bool arg_wait = false;
 static const char *arg_unit = NULL;
 static char *arg_description = NULL;
-static const char *arg_slice = NULL;
+static char *arg_slice = NULL;
 static bool arg_slice_inherit = false;
 static bool arg_expand_environment = true;
 static bool arg_send_sighup = false;
@@ -81,7 +81,7 @@ static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
 static const char *arg_host = NULL;
 static RuntimeScope arg_runtime_scope = RUNTIME_SCOPE_SYSTEM;
 static const char *arg_service_type = NULL;
-static const char *arg_exec_user = NULL;
+static char *arg_exec_user = NULL;
 static const char *arg_exec_group = NULL;
 static int arg_nice = 0;
 static bool arg_nice_set = false;
@@ -123,6 +123,8 @@ static bool arg_via_shell = false;
 static bool arg_empower = false;
 
 STATIC_DESTRUCTOR_REGISTER(arg_description, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_slice, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_exec_user, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_environment, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_property, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_path_property, strv_freep);
@@ -453,7 +455,9 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case ARG_SLICE:
-                        arg_slice = optarg;
+                        r = free_and_strdup_warn(&arg_slice, optarg);
+                        if (r < 0)
+                                return r;
                         break;
 
                 case ARG_SLICE_INHERIT:
@@ -490,7 +494,9 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case ARG_EXEC_USER:
-                        arg_exec_user = optarg;
+                        r = free_and_strdup_warn(&arg_exec_user, optarg);
+                        if (r < 0)
+                                return r;
                         break;
 
                 case ARG_EXEC_GROUP:
@@ -979,7 +985,9 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) {
                         break;
 
                 case ARG_SLICE:
-                        arg_slice = optarg;
+                        r = free_and_strdup_warn(&arg_slice, optarg);
+                        if (r < 0)
+                                return r;
                         break;
 
                 case ARG_SLICE_INHERIT:
@@ -987,7 +995,9 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) {
                         break;
 
                 case 'u':
-                        arg_exec_user = optarg;
+                        r = free_and_strdup_warn(&arg_exec_user, optarg);
+                        if (r < 0)
+                                return r;
                         break;
 
                 case 'g':
@@ -1098,6 +1108,12 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) {
                 arg_exec_user = getusername_malloc();
                 if (!arg_exec_user)
                         return log_oom();
+
+                if (arg_empower && !arg_working_directory) {
+                        r = safe_getcwd(&arg_working_directory);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get current working directory: %m");
+                }
         }
 
         if (!arg_working_directory) {
@@ -2756,16 +2772,20 @@ static int start_transient_scope(sd_bus *bus) {
         }
 
         if (arg_exec_user) {
-                const char *home, *shell;
+                const char *un = arg_exec_user, *home, *shell;
                 uid_t uid;
                 gid_t gid;
 
-                r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell,
+                r = get_user_creds(&un, &uid, &gid, &home, &shell,
                                    USER_CREDS_CLEAN|USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_PREFER_NSS);
                 if (r < 0)
                         return log_error_errno(r, "Failed to resolve user '%s': %s",
                                                arg_exec_user, STRERROR_USER(r));
 
+                r = free_and_strdup_warn(&arg_exec_user, un);
+                if (r < 0)
+                        return r;
+
                 if (home) {
                         r = strv_extendf(&user_env, "HOME=%s", home);
                         if (r < 0)

src/shared/bpf-dlopen.c

@@ -2,6 +2,7 @@
 
 #include "bpf-dlopen.h"
 #include "dlfcn-util.h"
+#include "errno-util.h"
 #include "initrd-util.h"
 #include "log.h"
 
@@ -73,7 +74,6 @@ static int bpf_print_func(enum libbpf_print_level level, const char *fmt, va_lis
 }
 
 int dlopen_bpf_full(int log_level) {
-        _cleanup_(dlclosep) void *dl = NULL;
         static int cached = 0;
         int r;
 
@@ -87,17 +87,20 @@ int dlopen_bpf_full(int log_level) {
 
         DISABLE_WARNING_DEPRECATED_DECLARATIONS;
 
-        dl = dlopen("libbpf.so.1", RTLD_NOW|RTLD_NODELETE);
-        if (!dl) {
+        _cleanup_(dlclosep) void *dl = NULL;
+        r = dlopen_safe("libbpf.so.1", &dl, /* reterr_dlerror= */ NULL);
+        if (r < 0) {
                 /* libbpf < 1.0.0 (we rely on 0.1.0+) provide most symbols we care about, but
                  * unfortunately not all until 0.7.0. See bpf-compat.h for more details.
                  * Once we consider we can assume 0.7+ is present we can just use the same symbol
                  * list for both files, and when we assume 1.0+ is present we can remove this dlopen */
-                dl = dlopen("libbpf.so.0", RTLD_NOW|RTLD_NODELETE);
-                if (!dl)
-                        return cached = log_full_errno(in_initrd() ? LOG_DEBUG : log_level, SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                                       "Neither libbpf.so.1 nor libbpf.so.0 are installed, cgroup BPF features disabled: %s",
-                                                       dlerror());
+                const char *dle = NULL;
+                r = dlopen_safe("libbpf.so.0", &dl, &dle);
+                if (r < 0) {
+                        log_full_errno(in_initrd() ? LOG_DEBUG : log_level, r,
+                                       "Neither libbpf.so.1 nor libbpf.so.0 are installed, cgroup BPF features disabled: %s", dle ?: STRERROR(r));
+                        return (cached = -EOPNOTSUPP); /* turn into recognizable error */
+                }
 
                 log_debug("Loaded 'libbpf.so.0' via dlopen()");
 

src/shared/discover-image.c

@@ -171,13 +171,13 @@ static char** image_settings_path(Image *image, RuntimeScope scope) {
                 SD_PATH_SYSTEM_CONFIGURATION,
                 SD_PATH_SYSTEM_RUNTIME,
                 SD_PATH_SYSTEM_LIBRARY_PRIVATE,
-                UINT64_MAX
+                _SD_PATH_INVALID
         };
         static const uint64_t user_locations[] = {
                 SD_PATH_USER_CONFIGURATION,
                 SD_PATH_USER_RUNTIME,
                 SD_PATH_USER_LIBRARY_PRIVATE,
-                UINT64_MAX
+                _SD_PATH_INVALID
         };
         const uint64_t *locations;
 
@@ -194,7 +194,7 @@ static char** image_settings_path(Image *image, RuntimeScope scope) {
                 assert_not_reached();
         }
 
-        for (size_t k = 0; locations[k] != UINT64_MAX; k++) {
+        for (size_t k = 0; locations[k] != _SD_PATH_INVALID; k++) {
                 _cleanup_free_ char *s = NULL;
                 r = sd_path_lookup(locations[k], "systemd/nspawn", &s);
                 if (r == -ENXIO)

src/shared/dissect-image.c

@@ -49,6 +49,7 @@
 #include "io-util.h"
 #include "iovec-util.h"
 #include "json-util.h"
+#include "libmount-util.h"
 #include "loop-util.h"
 #include "mkdir-label.h"
 #include "mount-util.h"
@@ -3907,6 +3908,10 @@ int dissected_image_acquire_metadata(
 
         assert(m);
 
+        r = dlopen_libmount();
+        if (r < 0)
+                return r;
+
         for (; n_meta_initialized < _META_MAX; n_meta_initialized++) {
                 assert(paths[n_meta_initialized]);
 
@@ -4756,7 +4761,6 @@ int mountfsd_mount_image(
         int r;
 
         assert(path);
-        assert(verity);
         assert(ret);
 
         r = sd_varlink_connect_address(&vl, "/run/systemd/io.systemd.MountFileSystem");
@@ -4791,7 +4795,7 @@ int mountfsd_mount_image(
                         return log_error_errno(r, "Failed to format image policy to string: %m");
         }
 
-        if (verity->data_path) {
+        if (verity && verity->data_path) {
                 verity_data_fd = open(verity->data_path, O_RDONLY|O_CLOEXEC);
                 if (verity_data_fd < 0)
                         return log_error_errno(errno, "Failed to open verity data file '%s': %m", verity->data_path);
@@ -4814,8 +4818,8 @@ int mountfsd_mount_image(
                         SD_JSON_BUILD_PAIR_CONDITION(!!ps, "imagePolicy", SD_JSON_BUILD_STRING(ps)),
                         SD_JSON_BUILD_PAIR_BOOLEAN("veritySharing", FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE)),
                         SD_JSON_BUILD_PAIR_CONDITION(verity_data_fd >= 0, "verityDataFileDescriptor", SD_JSON_BUILD_UNSIGNED(userns_fd >= 0 ? 2 : 1)),
-                        JSON_BUILD_PAIR_IOVEC_HEX("verityRootHash", &verity->root_hash),
-                        JSON_BUILD_PAIR_IOVEC_BASE64("verityRootHashSignature", &verity->root_hash_sig),
+                        SD_JSON_BUILD_PAIR_CONDITION(verity && iovec_is_set(&verity->root_hash), "verityRootHash", JSON_BUILD_IOVEC_HEX(&verity->root_hash)),
+                        SD_JSON_BUILD_PAIR_CONDITION(verity && iovec_is_set(&verity->root_hash_sig), "verityRootHashSignature", JSON_BUILD_IOVEC_BASE64(&verity->root_hash_sig)),
                         SD_JSON_BUILD_PAIR_BOOLEAN("allowInteractiveAuthentication", FLAGS_SET(flags, DISSECT_IMAGE_ALLOW_INTERACTIVE_AUTH)));
         if (r < 0)
                 return r;

src/shared/fstab-util.c

@@ -38,6 +38,7 @@ bool fstab_enabled_full(int enabled) {
 }
 
 int fstab_has_fstype(const char *fstype) {
+#if HAVE_LIBMOUNT
         _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
         _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
         int r;
@@ -65,6 +66,9 @@ int fstab_has_fstype(const char *fstype) {
                 if (streq_ptr(sym_mnt_fs_get_fstype(fs), fstype))
                         return true;
         }
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 bool fstab_is_extrinsic(const char *mount, const char *opts) {
@@ -92,6 +96,7 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) {
         return false;
 }
 
+#if HAVE_LIBMOUNT
 static int fstab_is_same_node(const char *what_fstab, const char *path) {
         _cleanup_free_ char *node = NULL;
 
@@ -110,8 +115,10 @@ static int fstab_is_same_node(const char *what_fstab, const char *path) {
 
         return false;
 }
+#endif
 
 int fstab_has_mount_point_prefix_strv(char * const *prefixes) {
+#if HAVE_LIBMOUNT
         _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
         _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
         int r;
@@ -147,9 +154,13 @@ int fstab_has_mount_point_prefix_strv(char * const *prefixes) {
                 if (path_startswith_strv(path, prefixes))
                         return true;
         }
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 int fstab_is_mount_point_full(const char *where, const char *path) {
+#if HAVE_LIBMOUNT
         _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
         _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
         int r;
@@ -184,6 +195,9 @@ int fstab_is_mount_point_full(const char *where, const char *path) {
                 if (r > 0 || (r < 0 && !ERRNO_IS_DEVICE_ABSENT(r)))
                         return r;
         }
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 int fstab_filter_options(

src/shared/idn-util.c

@@ -41,7 +41,6 @@ DLSYM_PROTOTYPE(stringprep_ucs4_to_utf8) = NULL;
 DLSYM_PROTOTYPE(stringprep_utf8_to_ucs4) = NULL;
 
 int dlopen_idn(void) {
-        _cleanup_(dlclosep) void *dl = NULL;
         int r;
 
         ELF_NOTE_DLOPEN("idn",
@@ -52,14 +51,21 @@ int dlopen_idn(void) {
         if (idn_dl)
                 return 0; /* Already loaded */
 
-        dl = dlopen("libidn.so.12", RTLD_NOW|RTLD_NODELETE);
-        if (!dl) {
+        r = check_dlopen_blocked("libidn.so.12");
+        if (r < 0)
+                return r;
+
+        _cleanup_(dlclosep) void *dl = NULL;
+        r = dlopen_safe("libidn.so.12", &dl, /* reterr_dlerror= */ NULL);
+        if (r < 0) {
                 /* libidn broke ABI in 1.34, but not in a way we care about (a new field got added to an
                  * open-coded struct we do not use), hence support both versions. */
-                dl = dlopen("libidn.so.11", RTLD_NOW|RTLD_NODELETE);
-                if (!dl)
-                        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                               "libidn support is not installed: %s", dlerror());
+                const char *dle = NULL;
+                r = dlopen_safe("libidn.so.11", &dl, &dle);
+                if (r < 0) {
+                        log_debug_errno(r, "libidn support is not available: %s", dle ?: STRERROR(r));
+                        return -EOPNOTSUPP; /* turn into recognizable error */
+                }
                 log_debug("Loaded 'libidn.so.11' via dlopen()");
         } else
                 log_debug("Loaded 'libidn.so.12' via dlopen()");

src/shared/libmount-util.c

@@ -1,9 +1,11 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+#include "libmount-util.h"
+
+#if HAVE_LIBMOUNT
 #include <stdio.h>
 
 #include "fstab-util.h"
-#include "libmount-util.h"
 #include "log.h"
 
 static void *libmount_dl = NULL;
@@ -39,8 +41,10 @@ DLSYM_PROTOTYPE(mnt_table_parse_mtab) = NULL;
 DLSYM_PROTOTYPE(mnt_table_parse_stream) = NULL;
 DLSYM_PROTOTYPE(mnt_table_parse_swaps) = NULL;
 DLSYM_PROTOTYPE(mnt_unref_monitor) = NULL;
+#endif
 
 int dlopen_libmount(void) {
+#if HAVE_LIBMOUNT
         ELF_NOTE_DLOPEN("mount",
                         "Support for mount enumeration",
                         ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED,
@@ -81,8 +85,12 @@ int dlopen_libmount(void) {
                         DLSYM_ARG(mnt_table_parse_stream),
                         DLSYM_ARG(mnt_table_parse_swaps),
                         DLSYM_ARG(mnt_unref_monitor));
+#else
+        return -EOPNOTSUPP;
+#endif
 }
 
+#if HAVE_LIBMOUNT
 int libmount_parse_full(
                 const char *path,
                 FILE *source,
@@ -151,3 +159,4 @@ int libmount_is_leaf(
 
         return r == 1;
 }
+#endif

src/shared/libmount-util.h

@@ -1,11 +1,14 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once
 
+#include "shared-forward.h"
+
+#if HAVE_LIBMOUNT
+
 /* This needs to be after sys/mount.h */
 #include <libmount.h> /* IWYU pragma: export */
 
 #include "dlfcn-util.h"
-#include "shared-forward.h"
 
 extern DLSYM_PROTOTYPE(mnt_free_iter);
 extern DLSYM_PROTOTYPE(mnt_free_table);
@@ -39,8 +42,6 @@ extern DLSYM_PROTOTYPE(mnt_table_parse_stream);
 extern DLSYM_PROTOTYPE(mnt_table_parse_swaps);
 extern DLSYM_PROTOTYPE(mnt_unref_monitor);
 
-int dlopen_libmount(void);
-
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_RENAME(struct libmnt_table*, sym_mnt_free_table, mnt_free_tablep, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_RENAME(struct libmnt_iter*, sym_mnt_free_iter, mnt_free_iterp, NULL);
 
@@ -55,14 +56,12 @@ static inline int libmount_parse_mountinfo(
                 FILE *source,
                 struct libmnt_table **ret_table,
                 struct libmnt_iter **ret_iter) {
-
         return libmount_parse_full("/proc/self/mountinfo", source, MNT_ITER_FORWARD, ret_table, ret_iter);
 }
 
 static inline int libmount_parse_with_utab(
                 struct libmnt_table **ret_table,
                 struct libmnt_iter **ret_iter) {
-
         return libmount_parse_full(NULL, NULL, MNT_ITER_FORWARD, ret_table, ret_iter);
 }
 
@@ -71,3 +70,15 @@ int libmount_parse_fstab(struct libmnt_table **ret_table, struct libmnt_iter **r
 int libmount_is_leaf(
                 struct libmnt_table *table,
                 struct libmnt_fs *fs);
+#else
+
+struct libmnt_monitor;
+
+static inline void *sym_mnt_unref_monitor(struct libmnt_monitor *p) {
+        assert(p == NULL);
+        return NULL;
+}
+
+#endif
+
+int dlopen_libmount(void);

src/shared/mount-util.c

@@ -38,6 +38,7 @@
 #include "user-util.h"
 
 int umount_recursive_full(const char *prefix, int flags, char **keep) {
+#if HAVE_LIBMOUNT
         _cleanup_fclose_ FILE *f = NULL;
         int n = 0, r;
 
@@ -110,6 +111,9 @@ int umount_recursive_full(const char *prefix, int flags, char **keep) {
         }
 
         return n;
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 #define MS_CONVERTIBLE_FLAGS (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_NOSYMFOLLOW|MS_RELATIME|MS_NOATIME|MS_STRICTATIME|MS_NODIRATIME)
@@ -175,11 +179,6 @@ int bind_remount_recursive_with_mountinfo(
                 char **deny_list,
                 FILE *proc_self_mountinfo) {
 
-        _cleanup_fclose_ FILE *proc_self_mountinfo_opened = NULL;
-        _cleanup_set_free_ Set *done = NULL;
-        unsigned n_tries = 0;
-        int r;
-
         assert(prefix);
 
         if ((flags_mask & ~MS_CONVERTIBLE_FLAGS) == 0 && strv_isempty(deny_list) && !skip_mount_set_attr) {
@@ -206,6 +205,12 @@ int bind_remount_recursive_with_mountinfo(
                         return 0; /* Nice, this worked! */
         }
 
+#if HAVE_LIBMOUNT
+        _cleanup_fclose_ FILE *proc_self_mountinfo_opened = NULL;
+        _cleanup_set_free_ Set *done = NULL;
+        unsigned n_tries = 0;
+        int r;
+
         if (!proc_self_mountinfo) {
                 r = fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo_opened);
                 if (r < 0)
@@ -404,6 +409,9 @@ int bind_remount_recursive_with_mountinfo(
                         log_trace("Remounted %s.", x);
                 }
         }
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 int bind_remount_one_with_mountinfo(
@@ -412,12 +420,6 @@ int bind_remount_one_with_mountinfo(
                 unsigned long flags_mask,
                 FILE *proc_self_mountinfo) {
 
-        _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
-        unsigned long flags = 0;
-        struct libmnt_fs *fs;
-        const char *opts;
-        int r;
-
         assert(path);
         assert(proc_self_mountinfo);
 
@@ -438,6 +440,13 @@ int bind_remount_one_with_mountinfo(
                         return 0; /* Nice, this worked! */
         }
 
+#if HAVE_LIBMOUNT
+        _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
+        unsigned long flags = 0;
+        struct libmnt_fs *fs;
+        const char *opts;
+        int r;
+
         rewind(proc_self_mountinfo);
 
         r = dlopen_libmount();
@@ -481,6 +490,9 @@ int bind_remount_one_with_mountinfo(
         }
 
         return 0;
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 int bind_remount_one(const char *path, unsigned long new_flags, unsigned long flags_mask) {
@@ -859,6 +871,16 @@ int mount_option_mangle(
                 unsigned long *ret_mount_flags,
                 char **ret_remaining_options) {
 
+        assert(ret_mount_flags);
+        assert(ret_remaining_options);
+
+        if (!options) {
+                *ret_mount_flags = mount_flags;
+                *ret_remaining_options = NULL;
+                return 0;
+        }
+
+#if HAVE_LIBMOUNT
         const struct libmnt_optmap *map;
         _cleanup_free_ char *ret = NULL;
         int r;
@@ -876,9 +898,6 @@ int mount_option_mangle(
          * The validity of options stored in '*ret_remaining_options' is not checked.
          * If 'options' is NULL, this just copies 'mount_flags' to *ret_mount_flags. */
 
-        assert(ret_mount_flags);
-        assert(ret_remaining_options);
-
         r = dlopen_libmount();
         if (r < 0)
                 return r;
@@ -922,6 +941,9 @@ int mount_option_mangle(
         *ret_remaining_options = TAKE_PTR(ret);
 
         return 0;
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 static int mount_in_namespace_legacy(
@@ -1640,6 +1662,7 @@ void sub_mount_array_free(SubMount *s, size_t n) {
         free(s);
 }
 
+#if HAVE_LIBMOUNT
 static int sub_mount_compare(const SubMount *a, const SubMount *b) {
         assert(a);
         assert(b);
@@ -1659,9 +1682,10 @@ static void sub_mount_drop(SubMount *s, size_t n) {
                         m = i;
         }
 }
+#endif
 
 int get_sub_mounts(const char *prefix, SubMount **ret_mounts, size_t *ret_n_mounts) {
-
+#if HAVE_LIBMOUNT
         _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
         _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
         SubMount *mounts = NULL;
@@ -1738,6 +1762,9 @@ int get_sub_mounts(const char *prefix, SubMount **ret_mounts, size_t *ret_n_moun
         *ret_mounts = TAKE_PTR(mounts);
         *ret_n_mounts = n;
         return 0;
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 int bind_mount_submounts(
@@ -2015,6 +2042,7 @@ int path_get_mount_info_at(
                 char **ret_options,
                 char **ret_source) {
 
+#if HAVE_LIBMOUNT
         _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
         _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
         int r, mnt_id;
@@ -2077,6 +2105,9 @@ int path_get_mount_info_at(
         }
 
         return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Cannot find mount ID %i from /proc/self/mountinfo.", mnt_id);
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libmount support not compiled in");
+#endif
 }
 
 int path_is_network_fs_harder_at(int dir_fd, const char *path) {

src/shared/openssl-util.c

@@ -1753,6 +1753,33 @@ int openssl_load_private_key(
 
         return 0;
 }
+
+int openssl_extract_public_key(EVP_PKEY *private_key, EVP_PKEY **ret) {
+        int r;
+
+        assert(private_key);
+        assert(ret);
+
+        _cleanup_(memstream_done) MemStream m = {};
+        FILE *tf = memstream_init(&m);
+        if (!tf)
+                return log_oom();
+
+        if (i2d_PUBKEY_fp(tf, private_key) != 1)
+                return -EIO;
+
+        _cleanup_(erase_and_freep) char *buf = NULL;
+        size_t len;
+        r = memstream_finalize(&m, &buf, &len);
+        if (r < 0)
+                return r;
+
+        const unsigned char *t = (unsigned char*) buf;
+        if (!d2i_PUBKEY(ret, &t, len))
+                return -EIO;
+
+        return 0;
+}
 #endif
 
 int parse_openssl_certificate_source_argument(

src/shared/openssl-util.h

@@ -195,6 +195,8 @@ int openssl_load_private_key(
                 EVP_PKEY **ret_private_key,
                 OpenSSLAskPasswordUI **ret_user_interface);
 
+int openssl_extract_public_key(EVP_PKEY *private_key, EVP_PKEY **ret);
+
 struct OpenSSLAskPasswordUI {
         AskPasswordRequest request;
 #ifndef OPENSSL_NO_UI_CONSOLE

src/shared/tpm2-util.c

@@ -13,6 +13,7 @@
 #include "dirent-util.h"
 #include "dlfcn-util.h"
 #include "efi-api.h"
+#include "errno-util.h"
 #include "extract-word.h"
 #include "fd-util.h"
 #include "fileio.h"
@@ -742,9 +743,12 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
                 if (!filename_is_valid(fn))
                         return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver);
 
-                context->tcti_dl = dlopen(fn, RTLD_NOW|RTLD_NODELETE);
-                if (!context->tcti_dl)
-                        return log_debug_errno(SYNTHETIC_ERRNO(ENOPKG), "Failed to load %s: %s", fn, dlerror());
+                const char *dle = NULL;
+                r = dlopen_safe(fn, &context->tcti_dl, &dle);
+                if (r < 0) {
+                        log_debug_errno(r, "Failed to load %s: %s", fn, dle ?: STRERROR(r));
+                        return -ENOPKG; /* Turn into recognizable error */
+                }
 
                 log_debug("Loaded '%s' via dlopen()", fn);
 

src/shared/userdb.c

@@ -1977,21 +1977,22 @@ int membershipdb_by_group_strv(const char *name, UserDBFlags flags, char ***ret)
 }
 
 int userdb_block_nss_systemd(int b) {
-        _cleanup_(dlclosep) void *dl = NULL;
-        int (*call)(bool b);
+        int r;
 
         /* Note that we might be called from libnss_systemd.so.2 itself, but that should be fine, really. */
 
-        dl = dlopen(LIBDIR "/libnss_systemd.so.2", RTLD_NOW|RTLD_NODELETE);
-        if (!dl) {
+        _cleanup_(dlclosep) void *dl = NULL;
+        const char *dle;
+        r = dlopen_safe(LIBDIR "/libnss_systemd.so.2", &dl, &dle);
+        if (r < 0) {
                 /* If the file isn't installed, don't complain loudly */
-                log_debug("Failed to dlopen(libnss_systemd.so.2), ignoring: %s", dlerror());
+                log_debug_errno(r, "Failed to dlopen(libnss_systemd.so.2), ignoring: %s", dle ?: STRERROR(r));
                 return 0;
         }
 
         log_debug("Loaded '%s' via dlopen()", LIBDIR "/libnss_systemd.so.2");
 
-        call = dlsym(dl, "_nss_systemd_block");
+        int (*call)(bool b) = dlsym(dl, "_nss_systemd_block");
         if (!call)
                 /* If the file is installed but lacks the symbol we expect, things are weird, let's complain */
                 return log_debug_errno(SYNTHETIC_ERRNO(ELIBBAD),

src/shutdown/meson.build

@@ -1,5 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+if conf.get('HAVE_LIBMOUNT') != 1
+        subdir_done()
+endif
+
 systemd_shutdown_sources = files(
         'detach-dm.c',
         'detach-loopback.c',

src/sysext/meson.build

@@ -6,6 +6,11 @@ executables += [
                 'public' : true,
                 'conditions' : ['ENABLE_SYSEXT'],
                 'sources' : files('sysext.c'),
+                'dependencies' : [
+                        libblkid_cflags,
+                        libcryptsetup_cflags,
+                        libmount_cflags,
+                ],
         },
 ]
 

src/sysext/sysext.c

@@ -11,6 +11,7 @@
 #include "sd-varlink.h"
 
 #include "argv-util.h"
+#include "blkid-util.h"
 #include "blockdev-util.h"
 #include "build.h"
 #include "bus-unit-util.h"
@@ -18,6 +19,7 @@
 #include "capability-util.h"
 #include "chase.h"
 #include "conf-parser.h"
+#include "cryptsetup-util.h"
 #include "devnum-util.h"
 #include "discover-image.h"
 #include "dissect-image.h"
@@ -33,6 +35,7 @@
 #include "image-policy.h"
 #include "initrd-util.h"
 #include "label-util.h"                 /* IWYU pragma: keep */
+#include "libmount-util.h"
 #include "log.h"
 #include "loop-util.h"
 #include "main-func.h"
@@ -523,6 +526,8 @@ static int unmerge(
         bool need_to_reload;
         int r;
 
+        (void) dlopen_libmount();
+
         r = need_reload(image_class, hierarchies, no_reload);
         if (r < 0)
                 return r;
@@ -2100,6 +2105,10 @@ static int merge(ImageClass image_class,
         pid_t pid;
         int r;
 
+        (void) dlopen_cryptsetup();
+        (void) dlopen_libblkid();
+        (void) dlopen_libmount();
+
         r = safe_fork("(sd-merge)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_NEW_MOUNTNS, &pid);
         if (r < 0)
                 return log_error_errno(r, "Failed to fork off child: %m");

src/sysupdate/sysupdated.c

@@ -2037,14 +2037,14 @@ static int manager_add_bus_objects(Manager *m) {
 static bool manager_is_idle(void *userdata) {
         Manager *m = ASSERT_PTR(userdata);
 
-	return hashmap_isempty(m->jobs);
+        return hashmap_isempty(m->jobs);
 }
 
 static void manager_check_idle(Manager *m) {
-	assert(m);
+        assert(m);
 
-	if (!hashmap_isempty(m->jobs))
-		return;
+        if (!hashmap_isempty(m->jobs))
+                return;
 
         hashmap_clear(m->targets);
         log_debug("Cleared target cache");

src/sysupdate/updatectl.c

@@ -655,7 +655,7 @@ static int check_describe_finished(sd_bus_message *reply, void *userdata, sd_bus
         _cleanup_(version_done) Version v = {};
         _cleanup_free_ char *update = NULL;
         const sd_bus_error *e;
-	sd_bus_error error = {};
+        sd_bus_error error = {};
         const char *lnk = NULL;
         char *current;
         int r;

src/test/meson.build

@@ -349,6 +349,7 @@ executables += [
         },
         test_template + {
                 'sources' : files('test-libmount.c'),
+                'conditions' : ['HAVE_LIBMOUNT'],
                 'dependencies' : [
                         libmount_cflags,
                         threads,
@@ -368,6 +369,7 @@ executables += [
         },
         test_template + {
                 'sources' : files('test-mount-util.c'),
+                'conditions' : ['HAVE_LIBMOUNT'],
                 'dependencies' : libmount_cflags,
         },
         test_template + {
@@ -574,6 +576,7 @@ executables += [
                 'sources' : files('test-namespace.c'),
                 'dependencies' : [
                         threads,
+                        libmount_cflags,
                 ],
         },
         core_test_template + {

src/test/test-dlopen-so.c

@@ -54,7 +54,7 @@ static int run(int argc, char **argv) {
         ASSERT_DLOPEN(dlopen_libblkid, HAVE_BLKID);
         ASSERT_DLOPEN(dlopen_libfido2, HAVE_LIBFIDO2);
         ASSERT_DLOPEN(dlopen_libkmod, HAVE_KMOD);
-        ASSERT_DLOPEN(dlopen_libmount, true);
+        ASSERT_DLOPEN(dlopen_libmount, HAVE_LIBMOUNT);
         ASSERT_DLOPEN(dlopen_libpam, HAVE_PAM);
         ASSERT_DLOPEN(dlopen_libseccomp, HAVE_SECCOMP);
         ASSERT_DLOPEN(dlopen_libselinux, HAVE_SELINUX);

src/test/test-dlopen.c

@@ -3,6 +3,7 @@
 #include <dlfcn.h>
 #include <stdlib.h>
 
+#include "dlfcn-util.h"
 #include "shared-forward.h"
 
 int main(int argc, char **argv) {
@@ -10,7 +11,7 @@ int main(int argc, char **argv) {
         int i;
 
         for (i = 0; i < argc - 1; i++)
-                assert_se(handles[i] = dlopen(argv[i + 1], RTLD_NOW|RTLD_NODELETE));
+                assert_se(dlopen_safe(argv[i + 1], handles + i, /* reterr_dlerror= */ NULL) >= 0);
 
         for (i--; i >= 0; i--)
                 assert_se(dlclose(handles[i]) == 0);

src/test/test-execute.c

@@ -20,6 +20,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "libmount-util.h"
 #include "manager.h"
 #include "mkdir.h"
 #include "mount-util.h"
@@ -1604,6 +1605,8 @@ TEST(run_tests_unprivileged) {
 }
 
 static int intro(void) {
+        int r;
+
 #if HAS_FEATURE_ADDRESS_SANITIZER
         if (strstr_ptr(ci_environment(), "travis") || strstr_ptr(ci_environment(), "github-actions"))
                 return log_tests_skipped("Running on Travis CI/GH Actions under ASan, see https://github.com/systemd/systemd/issues/10696");
@@ -1612,7 +1615,7 @@ static int intro(void) {
         if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
                 return log_tests_skipped("not privileged");
 
-        if (running_in_chroot() > 0)
+        if (running_in_chroot() != 0)
                 return log_tests_skipped("running in chroot");
 
         if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
@@ -1621,6 +1624,10 @@ static int intro(void) {
         if (path_is_read_only_fs("/sys") > 0)
                 return log_tests_skipped("/sys is mounted read-only");
 
+        r = dlopen_libmount();
+        if (r < 0)
+                return log_tests_skipped("libmount not available.");
+
         /* Create dummy network interface for testing PrivateNetwork=yes */
         have_net_dummy = system("ip link add dummy-test-exec type dummy") == 0;
 

src/test/test-loop-block.c

@@ -240,7 +240,7 @@ static int run(int argc, char *argv[]) {
         if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
                 return log_tests_skipped("not running privileged");
 
-        if (detect_container() > 0 || running_in_chroot() > 0)
+        if (detect_container() != 0 || running_in_chroot() != 0)
                 return log_tests_skipped("Test not supported in a container/chroot, requires udev/uevent notifications");
 
         assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, 0, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0);

src/test/test-mount-util.c

@@ -38,7 +38,7 @@
 #define CHECK_PRIV                                                      \
         if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)   \
                 return (void) log_tests_skipped("Not privileged");      \
-        if (running_in_chroot() > 0)                                    \
+        if (running_in_chroot() != 0)                                   \
                 return (void) log_tests_skipped("running in chroot");
 
 TEST(mount_option_mangle) {

src/test/test-mountpoint-util.c

@@ -457,7 +457,7 @@ static int intro(void) {
         /* let's move into our own mount namespace with all propagation from the host turned off, so
          * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
 
-        if (running_in_chroot() > 0) {
+        if (running_in_chroot() != 0) {
                 /* We cannot remount file system with MS_PRIVATE when running in chroot. */
                 log_notice("Running in chroot, proceeding in originating mount namespace.");
                 return EXIT_SUCCESS;

src/test/test-namespace.c

@@ -14,6 +14,7 @@
 #include "alloc-util.h"
 #include "fd-util.h"
 #include "fileio.h"
+#include "libmount-util.h"
 #include "namespace-util.h"
 #include "namespace.h"
 #include "pidref.h"
@@ -203,6 +204,7 @@ TEST(protect_kernel_logs) {
                 .root_directory_fd = -EBADF,
         };
         pid_t pid;
+        int r;
 
         if (geteuid() > 0) {
                 (void) log_tests_skipped("not root");
@@ -215,6 +217,13 @@ TEST(protect_kernel_logs) {
                 return;
         }
 
+        r = dlopen_libmount();
+        if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) {
+                (void) log_tests_skipped("libmount support not compiled in");
+                return;
+        }
+        ASSERT_OK(r);
+
         pid = fork();
         ASSERT_OK_ERRNO(pid);