fileio: extend comment about file sizes in virtual file systems

consider cgroupsv1 usage grounds for "tainting"

NEWS

@@ -21,10 +21,11 @@ CHANGES WITH 248:
           supported system extension level.
 
         * A new configuration file /etc/veritytab may be used to configure
-          integrity protection for block devices. Each line is in the format
+          dm-verity integrity protection for block devices. Each line is in the
-          "volume-name data-device hash-device roothash options".
+          format "volume-name data-device hash-device roothash options",
+          similar to /etc/crypttab.
 
-        * A new kernel command-line option systemd.verity.root-options= may be
+        * A new kernel command-line option systemd.verity.root_options= may be
           used to configure dm-verity behaviour for the root device.
 
         * The key file specified in /etc/crypttab (the third field) may now
@@ -40,11 +41,12 @@ CHANGES WITH 248:
           the need for configuration in an external file.
 
         * systemd-cryptsetup gained support for unlocking LUKS2 volumes using
-          TPM2 hardware, as well as FIDO2 security tokens.
+          TPM2 hardware, as well as FIDO2 security tokens (in addition to the
+          pre-existing support for PKCS#11 security tokens).
 
-        * systemd-repart may lock partitions using TPM2 hardware. This may be
+        * systemd-repart may enroll encrypted partitions using TPM2
-          useful for example to create an encrypted /var partition bound to the
+          hardware. This may be useful for example to create an encrypted /var
-          machine on first boot.
+          partition bound to the machine on first boot.
 
         * A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
           and PKCS#11 security tokens to LUKS volumes, list and destroy
@@ -55,17 +57,19 @@ CHANGES WITH 248:
           It also supports enrolling "recovery keys" and regular passphrases.
 
         * The libfido2 dependency is now based on dlopen(), so that the library
-          is used at runtime when installed, but not if not.
+          is used at runtime when installed, but is not a hard runtime
+          dependency.
 
         * systemd-cryptsetup gained support for two new options in
-          /etc/crypttab: no-write-workqueue and no-read-workqueue which request
+          /etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
-          synchronous processing of encryption/decryption IO.
+          request synchronous processing of encryption/decryption IO.
 
-        * The manager may be configured at compile time to use fexecve instead
+        * The manager may be configured at compile time to use the fexecve()
-          of execve when spawning children. Using fexecve closes a window
+          instead of the execve() system call when spawning processes. Using
-          between checking the security context of an executable and spawning
+          fexecve() closes a window between checking the security context of an
-          it, but unfortunately the kernel displays stale information in the
+          executable and spawning it, but unfortunately the kernel displays
-          comm field, which impacts ps output and such.
+          stale information in the process' "comm" field, which impacts ps
+          output and such.
 
         * The configuration option -Dcompat-gateway-hostname has been dropped.
           "_gateway" is now the only supported name.
@@ -73,6 +77,11 @@ CHANGES WITH 248:
         * The ConditionSecurity=tpm2 unit file setting may be used to check if
           the system has at least one TPM2 (tpmrm class) device.
 
+        * A new ConditionCPUFeature= has been added that may be used to
+          conditionalize units based on CPU features. For example,
+          ConditionCPUFeature=rdrand will condition a unit so that it is only
+          run when the system CPU supports the RDRAND opcode.
+
         * The tables of system calls in seccomps filters are now automatically
           generated from kernel lists exported on
           https://fedora.juszkiewicz.com.pl/syscalls.html.
@@ -95,7 +104,7 @@ CHANGES WITH 248:
           respectively as 'systemctl bind <unit> <path>…' and
           'systemctl mount-image <unit> <image>…'.
 
-        * The StandardOuput= and StandardError= settings can now specify files
+        * The StandardOutput= and StandardError= settings can now specify files
           to be truncated for output (as "truncate:<path>").
 
         * The ExecPaths= and NoExecPaths= settings may be used to specify
@@ -103,8 +112,8 @@ CHANGES WITH 248:
 
         * sd-bus has a new function sd_bus_open_user_machine() to open a
           connection to the session bus of a specific user in a local container
-          or on the local host. This is exposed in the -M switch to systemctl
+          or on the local host. This is exposed in the existing -M switch to
-          and similar tools:
+          systemctl and similar tools:
 
               systemctl --user -M lennart@foobar start foo
 
@@ -166,12 +175,13 @@ CHANGES WITH 248:
           even a single device.
 
         * udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
-          DATA_PREPARED_ID attributes for block devices (when available).
+          DATA_PREPARED_ID properties for block devices with ISO9660 file
+          systems.
 
-        * udev now exports decoded DMI information about used memory slots as
+        * udev now exports decoded DMI information about installed memory slots
-          device properties under the /sys/class/dmi/id/ pseudo device.
+          as device properties under the /sys/class/dmi/id/ pseudo device.
 
-        * /dev/ is not mounted noexec any more. This didn't provide any
+        * /dev/ is not mounted noexec anymore. This didn't provide any
           significant security benefits and would conflicts with the executable
           mappings used with /dev/sgx device nodes.
 
@@ -179,7 +189,8 @@ CHANGES WITH 248:
           and /dev/vhost-net are owned by the kvm group.
 
         * The hardware database has been extended with a list of fingerprint
-          readers that correctly support autosuspend using data from libfprint.
+          readers that correctly support USB auto-suspend using data from
+          libfprint.
 
         * systemd-resolved can now answer DNSSEC questions through the stub
           resolver interface in a way that allows local clients to do DNSSEC
@@ -195,6 +206,22 @@ CHANGES WITH 248:
           caching, under the assumption the local upstream server caches
           anyway.
 
+        * systemd-resolved now implements RFC5001 NSID in its local DNS
+          stub. This may be used by local clients to determine whether they are
+          talking to the DNS resolver stub or a different DNS server.
+
+        * When resolving host names and other records resolvectl will now
+          report where the data was acquired from (i.e. the local cache, the
+          network, locally synthesized, …) and whether the network traffic it
+          effected was encrypted or not. Moreover the tool acquired a number of
+          new options --cache=, --synthesize=, --network=, --zone=,
+          --trust-anchor=, --validate= that take booleans and may be used to
+          tweak a lookup, i.e. whether it may be answered from cached
+          information, locally synthesized information, information acquired
+          through the network, the local mDNS/LLMNR zone, the DNSSEC trust
+          anchor, and whether DNSSEC validation shall be executed for the
+          lookup.
+
         * systemd-nspawn gained a new --ambient-capability= setting
           (AmbientCapability= in .nspawn files) to configure ambient
           capabilities passed to the container payload.
@@ -202,8 +229,8 @@ CHANGES WITH 248:
         * systemd-nspawn gained the ability to configure the firewall using the
           nftables subsystem (in addition to the existing iptables
           support). Similar, systemd-networkd's IPMasquerade= option now
-          supports nftables as backend, too. In both cases NAT on IPv6 is now
+          supports nftables as back-end, too. In both cases NAT on IPv6 is now
-          supported too, in addition to IPv4 (the iptables backend still is
+          supported too, in addition to IPv4 (the iptables back-end still is
           IPv4-only).
 
         * systemd-importd will now download .verity and .roothash.p7s files
@@ -223,8 +250,8 @@ CHANGES WITH 248:
         * systemd-stdio-bridge gained --system/--user options to connect to the
           system bus (previous default) or the user session bus.
 
-        * When the hostname is set to "localhost", systemd-hostnamed will
+        * When the hostname is set explicitly to "localhost", systemd-hostnamed
-          accept this. Previously such a setting would be mostly silently
+          will respect this. Previously such a setting would be mostly silently
           ignored. The goal is to honour configuration as specified by the
           user.
 
@@ -234,8 +261,8 @@ CHANGES WITH 248:
 
         * systemd-hostnamed now exports the "HardwareVendor" and
           "HardwareModel" D-Bus properties, which are supposed to contain a
-          pair of cleaned up, human readable strings describing the system
+          pair of cleaned up, human readable strings describing the system's
-          vendor and model. It's typically source from the firmware's DMI
+          vendor and model. It's typically sourced from the firmware's DMI
           tables, but may be augmented from a new hwdb database. hostnamectl
           shows this in the status output.
 
@@ -261,32 +288,39 @@ CHANGES WITH 248:
           specific variables, and not the full inherited environment.
 
         * systemctl's status output now shows unit state with a more careful
-          selection of Unicode characters: units in maintenance show a "○"
+          choice of Unicode characters: units in maintenance show a "○" symbol
-          symbol instead of the usual "●", failed units show "×", and services
+          instead of the usual "●", failed units show "×", and services being
-          being reloaded "↻".
+          reloaded "↻".
 
         * coredumpctl gained a --debugger-arguments= switch to pass arguments
-          to the debugger.
+          to the debugger. It also gained support for showing coredump info in
+          a simple JSON format.
+
+        * systemctl/loginctl/machinectl's --signal= option now accept a special
+          value "list", which may be used to show a brief table with known
+          process signals and their numbers.
 
         * networkctl now shows the link activation policy in status.
 
-        * Various tools gained --pager/--no-pager/--json switches to
+        * Various tools gained --pager/--no-pager/--json= switches to
           enable/disable the pager and provide JSON output.
 
-        * Various tools now accept SYSTEMD_COLORS=16|256 to configure how
+        * Various tools now accept two new values for the SYSTEMD_COLORS
-          many terminal colours are used in output.
+          environment variable: "16" and "256", to configure how many terminal
+          colors are used in output.
 
-        * less 568 or newer is now required. Hyperlink ANSI sequences in
+        * less 568 or newer is now required for the auto-paging logic of the
-          terminal output are now used even if a pager is used, and older
+          various tools. Hyperlink ANSI sequences in terminal output are now
-          versions of less are not able to display these sequences
+          used even if a pager is used, and older versions of less are not able
-          correctly. SYSTEMD_URLIFY=0 may be used to disable it.
+          to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
+          disable this output again.
 
-        * Builds with support for separate / and /usr hierarchies (split-usr
+        * Builds with support for separate / and /usr/ hierarchies ("split-usr"
           builds, non-merged-usr builds) are now officially deprecated. A
           warning is emitted during build. Support is slated to be removed in
           about a year (when the Debian Bookworm release development starts).
 
-        * The main development branch has been renamed to 'main'.
+        * The main git development branch has been renamed to 'main'.
 
         * mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
           for partitions, as in the vast majority of cases they contain none
@@ -297,6 +331,45 @@ CHANGES WITH 248:
           by programs for detecting whether they were forked off by the service
           manager itself or are a process forked off further down the tree.
 
+        * The sd-device API gained three new calls sd_device_get_action() (for
+          determining the uevent add/remove/change/… action the device object
+          has been seen for), sd_device_get_seqno() (for determining the uevent
+          sequence number) and sd_device_new_from_stat_rdev() (for allocating a
+          new sd_device object from stat() data of a device node).
+
+        * For most tools the --no-legend= switch has been replaced by
+          --legend=no and --legend=yes, to force whether tables are shown with
+          headers/legends.
+
+        * Units acquired a new property "Markers" that takes a list of zero,
+          one or two of the following strings: "needs-reload" and
+          "needs-restart". These markers may be set via "systemctl
+          set-property". Once a marker is set, "systemctl reload-or-restart
+          --marked" may be invoked to execute the operation the units are
+          marked for. This is useful for package managers that want to mark
+          units for restart/reload while updating, but effect the actual
+          operations at a later step at once.
+
+        * The sd_bus_message_read_strv() API call of sd-bus may now also be
+          used to parse arrays of D-Bus signatures and D-Bus paths, in addition
+          to regular strings.
+
+        * bootctl will now report whether the UEFI firmware used a TPM2 device
+          and measured the boot process into it.
+
+        * systemd-tmpfiles learnt support for a new environment variable
+          $SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
+          the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
+          even if the root fs of the system is not itself a btrfs volume.
+
+        * systemd-detect-virt/ConditionVirtualization= will now explicitly
+          detect Docker/Podman environments where possible. Moreover, they
+          should be able to generically detect any container manager as long as
+          it assigns the container a cgroup.
+
+        * portablectl gained a new "reattach" verb for detaching/reattaching a
+          portable service image, useful for updating images on-the-fly.
+
 CHANGES WITH 247:
 
         * KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents

README

@@ -274,7 +274,7 @@ NSS:
         with machined to their respective IP addresses.
 
         nss-systemd enables resolution of users/group registered via the
-        User/Group Record Lookup API (https://systemd.io/USER_GROUP_API/),
+        User/Group Record Lookup API (https://systemd.io/USER_GROUP_API),
         including all dynamically allocated service users. (See the
         DynamicUser= setting in unit files.)
 

docs/ENVIRONMENT.md

@@ -19,18 +19,17 @@ documented in the proper man pages.
 
 All tools:
 
-* `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will
+* `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will refrain from
-  refrain from talking to PID 1; this has the same effect as the historical
+  talking to PID 1; this has the same effect as the historical detection of
-  detection of `chroot()`.  Setting this variable to `0` instead has a similar
+  `chroot()`. Setting this variable to `0` instead has a similar effect as
-  effect as `SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to
+  `SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to communicate with PID 1 even
-  communicate with PID 1 even if a `chroot()` environment is detected.
+  if a `chroot()` environment is detected. You almost certainly want to set
-  You almost certainly want to set this to `1` if you maintain a package build system
+  this to `1` if you maintain a package build system or similar and are trying
-  or similar and are trying to use a modern container system and not plain
+  to use a modern container system and not plain `chroot()`.
-  `chroot()`.
 
 * `$SYSTEMD_IGNORE_CHROOT=1` — if set, don't check whether being invoked in a
   `chroot()` environment. This is particularly relevant for systemctl, as it
-  will not alter its behaviour for `chroot()` environments if set.  Normally it
+  will not alter its behaviour for `chroot()` environments if set. Normally it
   refrains from talking to PID 1 in such a case; turning most operations such
   as `start` into no-ops.  If that's what's explicitly desired, you might
   consider setting `SYSTEMD_OFFLINE=1`.
@@ -39,21 +38,23 @@ All tools:
   will print latency information at runtime.
 
 * `$SYSTEMD_PROC_CMDLINE` — if set, the contents are used as the kernel command
-  line instead of the actual one in /proc/cmdline. This is useful for
+  line instead of the actual one in `/proc/cmdline`. This is useful for
   debugging, in order to test generators and other code against specific kernel
   command lines.
 
-* `$SYSTEMD_FSTAB` — if set, use this path instead of /etc/fstab. Only useful
+* `$SYSTEMD_FSTAB` — if set, use this path instead of `/etc/fstab`. Only useful
   for debugging.
 
-* `$SYSTEMD_CRYPTTAB` — if set, use this path instead of /etc/crypttab. Only
+* `$SYSTEMD_CRYPTTAB` — if set, use this path instead of `/etc/crypttab`. Only
-  useful for debugging. Currently only supported by systemd-cryptsetup-generator.
+  useful for debugging. Currently only supported by
+  `systemd-cryptsetup-generator`.
 
-* `$SYSTEMD_VERITYTAB` — if set, use this path instead of /etc/veritytab. Only
+* `$SYSTEMD_VERITYTAB` — if set, use this path instead of
-  useful for debugging. Currently only supported by systemd-veritysetup-generator.
+  `/etc/veritytab`. Only useful for debugging. Currently only supported by
+  `systemd-veritysetup-generator`.
 
 * `$SYSTEMD_EFI_OPTIONS` — if set, used instead of the string in the
-  SystemdOptions EFI variable. Analogous to `$SYSTEMD_PROC_CMDLINE`.
+  `SystemdOptions` EFI variable. Analogous to `$SYSTEMD_PROC_CMDLINE`.
 
 * `$SYSTEMD_IN_INITRD=[auto|lenient|0|1]` — if set, specifies initrd detection
   method. Defaults to `auto`. Behavior is defined as follows:
@@ -69,23 +70,23 @@ All tools:
   to 0, then the built-in default is used.
 
 * `$SYSTEMD_MEMPOOL=0` — if set, the internal memory caching logic employed by
-  hash tables is turned off, and libc malloc() is used for all allocations.
+  hash tables is turned off, and libc `malloc()` is used for all allocations.
 
-* `$SYSTEMD_EMOJI=0` — if set, tools such as "systemd-analyze security" will
+* `$SYSTEMD_EMOJI=0` — if set, tools such as `systemd-analyze security` will
   not output graphical smiley emojis, but ASCII alternatives instead. Note that
   this only controls use of Unicode emoji glyphs, and has no effect on other
   Unicode glyphs.
 
 * `$RUNTIME_DIRECTORY` — various tools use this variable to locate the
-  appropriate path under /run. This variable is also set by the manager when
+  appropriate path under `/run/`. This variable is also set by the manager when
-  RuntimeDirectory= is used, see systemd.exec(5).
+  `RuntimeDirectory=` is used, see systemd.exec(5).
 
 * `$SYSTEMD_CRYPT_PREFIX` — if set configures the hash method prefix to use for
-  UNIX crypt() when generating passwords. By default the system's "preferred
+  UNIX `crypt()` when generating passwords. By default the system's "preferred
-  method" is used, but this can be overridden with this environment
+  method" is used, but this can be overridden with this environment variable.
-  variable. Takes a prefix such as `$6$` or `$y$`. (Note that this is only
+  Takes a prefix such as `$6$` or `$y$`. (Note that this is only honoured on
-  honoured on systems built with libxcrypt and is ignored on systems using
+  systems built with libxcrypt and is ignored on systems using glibc's
-  glibc's original, internal crypt() implementation.)
+  original, internal `crypt()` implementation.)
 
 * `$SYSTEMD_RDRAND=0` — if set, the RDRAND instruction will never be used,
   even if the CPU supports it.
@@ -94,10 +95,10 @@ All tools:
   support for it is compiled in and available in the kernel.
 
 * `$SYSTEMD_LOG_SECCOMP=1` — if set, system calls blocked by seccomp filtering,
-  for example in systemd-nspawn, will be logged to the audit log, if the current
+  for example in `systemd-nspawn`, will be logged to the audit log, if the
-  kernel version supports this.
+  kernel supports this.
 
-systemctl:
+`systemctl`:
 
 * `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID1's private D-Bus
   listener, and instead always connect through the dbus-daemon D-bus broker.
@@ -105,16 +106,16 @@ systemctl:
 * `$SYSTEMCTL_INSTALL_CLIENT_SIDE=1` — if set, enable or disable unit files on
   the client side, instead of asking PID 1 to do this.
 
-* `$SYSTEMCTL_SKIP_SYSV=1` — if set, do not call out to SysV compatibility hooks.
+* `$SYSTEMCTL_SKIP_SYSV=1` — if set, do not call SysV compatibility hooks.
 
-systemd-nspawn:
+`systemd-nspawn`:
 
-* `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1` — if set, force nspawn into unified
+* `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1` — if set, force `systemd-nspawn` into
-  cgroup hierarchy mode.
+  unified cgroup hierarchy mode.
 
-* `$SYSTEMD_NSPAWN_API_VFS_WRITABLE=1` — if set, make /sys and /proc/sys and
+* `$SYSTEMD_NSPAWN_API_VFS_WRITABLE=1` — if set, make `/sys/`, `/proc/sys/`,
-  friends writable in the container. If set to "network", leave only
+  and friends writable in the container. If set to "network", leave only
-  /proc/sys/net writable.
+  `/proc/sys/net/` writable.
 
 * `$SYSTEMD_NSPAWN_CONTAINER_SERVICE=…` — override the "service" name nspawn
   uses to register with machined. If unset defaults to "nspawn", but with this
@@ -125,40 +126,41 @@ systemd-nspawn:
 
 * `$SYSTEMD_NSPAWN_LOCK=0` — if set, do not lock container images when running.
 
-* `$SYSTEMD_NSPAWN_TMPFS_TMP=0` — if set, do not overmount /tmp in the
+* `$SYSTEMD_NSPAWN_TMPFS_TMP=0` — if set, do not overmount `/tmp/` in the
   container with a tmpfs, but leave the directory from the image in place.
 
-systemd-logind:
+`systemd-logind`:
 
 * `$SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1` — if set, report that
   hibernation is available even if the swap devices do not provide enough room
   for it.
 
-* `$SYSTEMD_REBOOT_TO_FIRMWARE_SETUP` — if set overrides systemd-logind's
+* `$SYSTEMD_REBOOT_TO_FIRMWARE_SETUP` — if set, overrides `systemd-logind`'s
-  built-in EFI logic of requesting a reboot into the firmware. Takes a
+  built-in EFI logic of requesting a reboot into the firmware. Takes a boolean.
-  boolean. If set to false the functionality is turned off entirely. If set to
+  If set to false, the functionality is turned off entirely. If set to true,
-  true instead of requesting a reboot into the firmware setup UI through EFI a
+  instead of requesting a reboot into the firmware setup UI through EFI a file,
-  file `/run/systemd/reboot-to-firmware-setup` is created whenever this is
+  `/run/systemd/reboot-to-firmware-setup` is created whenever this is
   requested. This file may be checked for by services run during system
   shutdown in order to request the appropriate operation from the firmware in
   an alternative fashion.
 
 * `$SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU` — similar to the above, allows
-  overriding of systemd-logind's built-in EFI logic of requesting a reboot into
+  overriding of `systemd-logind`'s built-in EFI logic of requesting a reboot
-  the boot loader menu. Takes a boolean. If set to false the functionality is
+  into the boot loader menu. Takes a boolean. If set to false, the
-  turned off entirely. If set to true instead of requesting a reboot into the
+  functionality is turned off entirely. If set to true, instead of requesting a
-  boot loader menu through EFI a file `/run/systemd/reboot-to-boot-loader-menu`
+  reboot into the boot loader menu through EFI, the file
-  is created whenever this is requested. The file contains the requested boot
+  `/run/systemd/reboot-to-boot-loader-menu` is created whenever this is
-  loader menu timeout in µs, formatted in ASCII decimals, or zero in case no
+  requested. The file contains the requested boot loader menu timeout in µs,
-  timeout is requested. This file may be checked for by services run during
+  formatted in ASCII decimals, or zero in case no timeout is requested. This
-  system shutdown in order to request the appropriate operation from the boot
+  file may be checked for by services run during system shutdown in order to
-  loader in an alternative fashion.
+  request the appropriate operation from the boot loader in an alternative
+  fashion.
 
 * `$SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY` — similar to the above, allows
-  overriding of systemd-logind's built-in EFI logic of requesting a reboot into
+  overriding of `systemd-logind`'s built-in EFI logic of requesting a reboot
-  a specific boot loader entry. Takes a boolean. If set to false the
+  into a specific boot loader entry. Takes a boolean. If set to false, the
-  functionality is turned off entirely. If set to true instead of requesting a
+  functionality is turned off entirely. If set to true, instead of requesting a
-  reboot into a specific boot loader entry through EFI a file
+  reboot into a specific boot loader entry through EFI, the file
   `/run/systemd/reboot-to-boot-loader-entry` is created whenever this is
   requested. The file contains the requested boot loader entry identifier. This
   file may be checked for by services run during system shutdown in order to
@@ -173,30 +175,31 @@ systemd-logind:
   `/run/boot-loader-entries/loader/entries/*.conf`, and the files referenced by
   the drop-ins (including the kernels and initrds) somewhere else below
   `/run/boot-loader-entries/`. Note that all these files may be (and are
-  supposed to be) symlinks. systemd-logind will load these files on-demand,
+  supposed to be) symlinks. `systemd-logind` will load these files on-demand,
   these files can hence be updated (ideally atomically) whenever the boot
   loader configuration changes. A foreign boot loader installer script should
   hence synthesize drop-in snippets and symlinks for all boot entries at boot
-  or whenever they change if it wants to integrate with systemd-logind's APIs.
+  or whenever they change if it wants to integrate with `systemd-logind`'s
+  APIs.
 
-systemd-udevd:
+`systemd-udevd`:
 
 * `$NET_NAMING_SCHEME=` – if set, takes a network naming scheme (i.e. one of
   "v238", "v239", "v240"…, or the special value "latest") as parameter. If
-  specified udev's net_id builtin will follow the specified naming scheme when
+  specified udev's `net_id` builtin will follow the specified naming scheme
-  determining stable network interface names. This may be used to revert to
+  when determining stable network interface names. This may be used to revert
-  naming schemes of older udev versions, in order to provide more stable naming
+  to naming schemes of older udev versions, in order to provide more stable
-  across updates. This environment variable takes precedence over the kernel
+  naming across updates. This environment variable takes precedence over the
-  command line option `net.naming-scheme=`, except if the value is prefixed
+  kernel command line option `net.naming-scheme=`, except if the value is
-  with `:` in which case the kernel command line option takes precedence, if it
+  prefixed with `:` in which case the kernel command line option takes
-  is specified as well.
+  precedence, if it is specified as well.
 
 installed systemd tests:
 
 * `$SYSTEMD_TEST_DATA` — override the location of test data. This is useful if
   a test executable is moved to an arbitrary location.
 
-nss-systemd:
+`nss-systemd`:
 
 * `$SYSTEMD_NSS_BYPASS_SYNTHETIC=1` — if set, `nss-systemd` won't synthesize
   user/group records for the `root` and `nobody` users if they are missing from
@@ -210,20 +213,20 @@ nss-systemd:
   dynamic user lookups. This is primarily useful to make `nss-systemd` work
   safely from within `dbus-daemon`.
 
-systemd-timedated:
+`systemd-timedated`:
 
 * `$SYSTEMD_TIMEDATED_NTP_SERVICES=…` — colon-separated list of unit names of
   NTP client services. If set, `timedatectl set-ntp on` enables and starts the
   first existing unit listed in the environment variable, and
   `timedatectl set-ntp off` disables and stops all listed units.
 
-systemd-sulogin-shell:
+`systemd-sulogin-shell`:
 
 * `$SYSTEMD_SULOGIN_FORCE=1` — This skips asking for the root password if the
   root password is not available (such as when the root account is locked).
   See `sulogin(8)` for more details.
 
-bootctl and other tools that access the EFI System Partition (ESP):
+`bootctl` and other tools that access the EFI System Partition (ESP):
 
 * `$SYSTEMD_RELAX_ESP_CHECKS=1` — if set, the ESP validation checks are
   relaxed. Specifically, validation checks that ensure the specified ESP path
@@ -232,11 +235,11 @@ bootctl and other tools that access the EFI System Partition (ESP):
 
 * `$SYSTEMD_ESP_PATH=…` — override the path to the EFI System Partition. This
   may be used to override ESP path auto detection, and redirect any accesses to
-  the ESP to the specified directory. Not that unlike with bootctl's --path=
+  the ESP to the specified directory. Note that unlike with `bootctl`'s
-  switch only very superficial validation of the specified path is done when
+  `--path=` switch only very superficial validation of the specified path is
-  this environment variable is used.
+  done when this environment variable is used.
 
-systemd itself:
+`systemd` itself:
 
 * `$SYSTEMD_ACTIVATION_UNIT` — set for all NSS and PAM module invocations that
   are done by the service manager on behalf of a specific unit, in child
@@ -254,34 +257,35 @@ systemd itself:
   it is either set to `system` or `user` depending on whether the NSS/PAM
   module is called by systemd in `--system` or `--user` mode.
 
-systemd-remount-fs:
+`systemd-remount-fs`:
 
 * `$SYSTEMD_REMOUNT_ROOT_RW=1` — if set and no entry for the root directory
-  exists in /etc/fstab (this file always takes precedence), then the root
+  exists in `/etc/fstab` (this file always takes precedence), then the root
   directory is remounted writable. This is primarily used by
-  systemd-gpt-auto-generator to ensure the root partition is mounted writable
+  `systemd-gpt-auto-generator` to ensure the root partition is mounted writable
   in accordance to the GPT partition flags.
 
-systemd-firstboot and localectl:
+`systemd-firstboot` and `localectl`:
 
-* `SYSTEMD_LIST_NON_UTF8_LOCALES=1` – if set non-UTF-8 locales are listed among
+* `SYSTEMD_LIST_NON_UTF8_LOCALES=1` – if set, non-UTF-8 locales are listed among
   the installed ones. By default non-UTF-8 locales are suppressed from the
   selection, since we are living in the 21st century.
 
-systemd-sysext:
+`systemd-sysext`:
 
-* `SYSTEMD_SYSEXT_HIERARCHIES` – if set to a colon-separated list of absolute
+* `SYSTEMD_SYSEXT_HIERARCHIES` – this variable may be used to override which
-  paths this variable may be used to override which hierarchies to manage with
+  hierarchies are managed by `systemd-sysext`. By default only `/usr/` and
-  `systemd-sysext`. By default only `/usr/` and `/opt/` are managed. With this
+  `/opt/` are managed, and directories may be added or removed to that list by
-  environment variable this list may be changed, in order to add or remove
+  setting this environment variable to a colon-separated list of absolute
-  directories from this list. This should only reference "real" file systems
+  paths. Only "real" file systems and directories that only contain "real" file
-  and directories that only contain "real" file systems as submounts — do not
+  systems as submounts should be used. Do not specify API file systems such as
-  specify API file systems such as `/proc/` or `/sys/` here, or hierarchies
+  `/proc/` or `/sys/` here, or hierarchies that have them as submounts. In
-  that have them as submounts. In particular, do not specify the root directory
+  particular, do not specify the root directory `/` here.
-  `/` here.
 
-systemd-tmpfiles:
+`systemd-tmpfiles`:
 
-* `SYSTEMD_TMPFILES_FORCE_SUBVOL` - if unset, v/q/Q lines will create subvolumes only if the
+* `SYSTEMD_TMPFILES_FORCE_SUBVOL` - if unset, `v`/`q`/`Q` lines will create
-  OS itself is installed into a subvolume. If set to 1 (or another true value), these lines will always create
+  subvolumes only if the OS itself is installed into a subvolume. If set to `1`
-  subvolumes (if the backing filesystem supports them). If set to 0, these lines will always create directories.
+  (or another value interpreted as true), these lines will always create
+  subvolumes if the backing filesystem supports them. If set to `0`, these
+  lines will always create directories.

docs/GROUP_RECORD.md

@@ -7,7 +7,7 @@ layout: default
 # JSON Group Records
 
 Long story short: JSON Group Records are to `struct group` what [JSON User
-Records](https://systemd.io/USER_RECORD.md) are to `struct passwd`.
+Records](https://systemd.io/USER_RECORD) are to `struct passwd`.
 
 Conceptually, much of what applies to JSON user records also applies to JSON
 group records. They also consist of seven sections, with similar properties and

docs/PORTABILITY_AND_STABILITY.md

@@ -82,7 +82,7 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
 | [hostnamed](https://www.freedesktop.org/wiki/Software/systemd/hostnamed) | D-Bus | yes | yes | GNOME | yes | [Ubuntu](https://launchpad.net/ubuntu/+source/ubuntu-system-service), [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
 | [localed](https://www.freedesktop.org/wiki/Software/systemd/localed) | D-Bus | yes | yes | GNOME | yes | [Ubuntu](https://launchpad.net/ubuntu/+source/ubuntu-system-service), [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
 | [timedated](https://www.freedesktop.org/wiki/Software/systemd/timedated) | D-Bus | yes | yes | GNOME | yes | [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
-| [initrd interface](https://systemd.io/INITRD_INTERFACE/) | Environment, flag files | yes | yes | dracut, ArchLinux | yes | ArchLinux | no |
+| [initrd interface](https://systemd.io/INITRD_INTERFACE) | Environment, flag files | yes | yes | dracut, ArchLinux | yes | ArchLinux | no |
 | [Container interface](https://systemd.io/CONTAINER_INTERFACE) | Environment, Mounts | yes | yes | libvirt/LXC | yes | - | no |
 | [Boot Loader interface](https://systemd.io/BOOT_LOADER_INTERFACE) | EFI variables | yes | yes | gummiboot | yes | - | no |
 | [Service bus API](https://www.freedesktop.org/wiki/Software/systemd/dbus) | D-Bus | yes | yes | system-config-services | no | - | no |
@@ -94,14 +94,14 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
 | [$XDG_RUNTIME_DIR](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html) | Environment | yes | yes | glib, GNOME | yes | - | no |
 | [$LISTEN_FDS $LISTEN_PID FD Passing](https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html) | Environment | yes | yes | numerous (via sd-daemon.h) | yes | - | no |
 | [$NOTIFY_SOCKET Daemon Notifications](https://www.freedesktop.org/software/systemd/man/sd_notify.html) | Environment | yes | yes | a few, including udev | yes | - | no |
-| [argv[0][0]='@' Logic](https://systemd.io/ROOT_STORAGE_DAEMONS/) | `/proc` marking | yes | yes | mdadm | yes | - | no |
+| [argv[0][0]='@' Logic](https://systemd.io/ROOT_STORAGE_DAEMONS) | `/proc` marking | yes | yes | mdadm | yes | - | no |
 | [Unit file format](https://www.freedesktop.org/software/systemd/man/systemd.unit.html) | File format | yes | yes | numerous | no | - | no |
 | [Network](https://www.freedesktop.org/software/systemd/man/systemd.network.html) & [Netdev file format](https://www.freedesktop.org/software/systemd/man/systemd.netdev.html) | File format | yes | yes | no | no | - | no |
 | [Link file format](https://www.freedesktop.org/software/systemd/man/systemd.link.html) | File format | yes | yes | no | no | - | no |
 | [Journal File Format](https://systemd.io/JOURNAL_FILE_FORMAT) | File format | yes | yes | - | maybe | - | no |
 | [Journal Export Format](https://www.freedesktop.org/wiki/Software/systemd/export) | File format | yes | yes | - | yes | - | no |
 | [Cooperation in cgroup tree](https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups) | Treaty | yes | yes | libvirt | yes | libvirt | no |
-| [Password Agents](https://systemd.io/PASSWORD_AGENTS/) | Socket+Files | yes | yes | - | yes | - | no |
+| [Password Agents](https://systemd.io/PASSWORD_AGENTS) | Socket+Files | yes | yes | - | yes | - | no |
 | [udev multi-seat properties](https://www.freedesktop.org/software/systemd/man/sd-login.html) | udev Property | yes | yes | X11, gdm | no | - | no |
 | udev session switch ACL properties | udev Property | no | no | - | no | - | no |
 | [CLI of systemctl,...](https://www.freedesktop.org/software/systemd/man/systemctl.html) | CLI | yes | yes | numerous | no | - | no |

docs/ROOT_STORAGE_DAEMONS.md

@@ -108,7 +108,7 @@ to find a different solution to your problem._
 The recommended way to distinguish between run-from-initrd and run-from-rootfs
 for a daemon is to check for `/etc/initrd-release` (which exists on all modern
 initrd implementations, see the [initrd
-Interface](https://systemd.io/INITRD_INTERFACE/) for details) which when exists
+Interface](https://systemd.io/INITRD_INTERFACE) for details) which when exists
 results in `argv[0][0]` being set to `@`, and otherwise doesn't. Something like
 this:
 
@@ -190,4 +190,4 @@ few additional notes for supporting these setups:
   program consult this blog story: [Socket
   Activation](http://0pointer.de/blog/projects/socket-activation.html)
 
-* Consider having a look at the [initrd Interface of systemd](https://systemd.io/INITRD_INTERFACE/).
+* Consider having a look at the [initrd Interface of systemd](https://systemd.io/INITRD_INTERFACE).

man/less-variables.xml

@@ -69,15 +69,15 @@
 
       <listitem><para>Takes a boolean argument. When true, the "secure" mode of the pager is enabled; if
       false, disabled. If <varname>$SYSTEMD_PAGERSECURE</varname> is not set at all, secure mode is enabled
-      if the effective UID is not the same as the owner of the login session, see <citerefentry
+      if the effective UID is not the same as the owner of the login session, see
-      project='man-pages'><refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum></citerefentry> and
+      <citerefentry project='man-pages'><refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-      <citerefentry><refentrytitle>sd_pid_get_owner_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+      and <citerefentry><refentrytitle>sd_pid_get_owner_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
       In secure mode, <option>LESSSECURE=1</option> will be set when invoking the pager, and the pager shall
       disable commands that open or create new files or start new subprocesses. When
       <varname>$SYSTEMD_PAGERSECURE</varname> is not set at all, pagers which are not known to implement
       secure mode will not be used. (Currently only
-      <citerefentry><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry> implements
+      <citerefentry project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-      secure mode.)</para>
+      implements secure mode.)</para>
 
       <para>Note: when commands are invoked with elevated privileges, for example under <citerefentry
       project='man-pages'><refentrytitle>sudo</refentrytitle><manvolnum>8</manvolnum></citerefentry> or

man/sd_bus_reply_method_return.xml

@@ -61,8 +61,9 @@
     reply.</para>
 
     <para><function>sd_bus_reply()</function> takes a complete bus message object created with either
-    <citerefentry><refentrytitle>sd_bus_new_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry> or
+    <citerefentry><refentrytitle>sd_bus_message_new_method_return</refentrytitle><manvolnum>3</manvolnum></citerefentry>
-    <citerefentry><refentrytitle>sd_bus_new_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    or
+    <citerefentry><refentrytitle>sd_bus_message_new_method_error</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     and sends it as a reply to the <parameter>call</parameter> message.</para>
   </refsect1>
 

man/systemd-resolved.service.xml

@@ -224,7 +224,7 @@
     <para>This section provides a short summary of differences in the stub resolver implemented by
     <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry> together
     with <command>systemd-resolved</command> and the traditional stub resolver implemented in
-    <citerefentry><refentrytitle>nss-dns</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+    <filename>nss-dns</filename>.</para>
 
     <itemizedlist>
       <listitem><para>Some names are always resolved internally (see Synthetic Records above). Traditionally
@@ -235,7 +235,7 @@
       overridden with <varname>ResolveUnicastSingleLabel=</varname>, see
       <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
       This is similar to the <option>no-tld-query</option> option being set in
-      <citerefentry><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+      <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
       </para></listitem>
 
       <listitem><para>Search domains are not used for <emphasis>suffixing</emphasis> of multi-label names.
@@ -270,8 +270,8 @@
 
       <listitem><para>Environment variables <varname>$LOCALDOMAIN</varname> and
       <varname>$RES_OPTIONS</varname> described in
-      <citerefentry><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> are not
+      <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-      supported currently.</para></listitem>
+      are not supported currently.</para></listitem>
     </itemizedlist>
   </refsect1>
 

man/systemd-veritysetup-generator.xml

@@ -88,7 +88,7 @@
         <option>ignore-corruption</option>, <option>restart-on-corruption</option>, <option>ignore-zero-blocks</option>,
         <option>check-at-most-once</option>, <option>panic-on-corruption</option> and
         <option>root-hash-signature</option>. See
-        <citerefentry><refentrytitle>veritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for more
+        <citerefentry project='die-net'><refentrytitle>veritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for more
         details.</para></listitem>
       </varlistentry>
 

man/systemd.network.xml

@@ -735,17 +735,15 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         </varlistentry>
         <varlistentry>
           <term><varname>IPMasquerade=</varname></term>
-          <listitem><para>Configures IP masquerading for the network
+          <listitem><para>Configures IP masquerading for the network interface. If enabled, packets
-          interface. If enabled, packets forwarded from the network
+          forwarded from the network interface will be appear as coming from the local host. Takes one
-          interface will be appear as coming from the local host.
+          of <literal>ipv4</literal>, <literal>ipv6</literal>, <literal>both</literal>, or
-          Takes one of <literal>ipv4</literal>, <literal>ipv6</literal>,
+          <literal>no</literal>. Defaults to <literal>no</literal>. If enabled, this automatically sets
-          <literal>both</literal>, <literal>no</literal>.
+          <varname>IPForward=</varname> to one of <literal>ipv4</literal>, <literal>ipv6</literal> or
-          The setting <literal>yes</literal> is the same as <literal>ipv4</literal> and not as
+          <literal>yes</literal>.</para>
-          <literal>both</literal>!
+          <para>Note. Any positive boolean values such as <literal>yes</literal> or
-          Defaults to <literal>no</literal>.
+          <literal>true</literal> are now deprecated. Please use one of the values in the above.</para>
-          If enabled, this automatically sets <varname>IPForward</varname> to one of
+          </listitem>
-          <literal>ipv4</literal>, <literal>ipv6</literal> or <literal>both</literal>.
-          </para></listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>IPv6PrivacyExtensions=</varname></term>

man/systemd.service.xml

@@ -292,7 +292,11 @@
         will remove the file after the service has shut down if it still exists. The PID file does not need to be owned
         by a privileged user, but if it is owned by an unprivileged user additional safety restrictions are enforced:
         the file may not be a symlink to a file owned by a different user (neither directly nor indirectly), and the
-        PID file must refer to a process already belonging to the service.</para></listitem>
+        PID file must refer to a process already belonging to the service.</para>
+
+        <para>Note that PID files should be avoided in modern projects. Use <option>Type=notify</option> or
+        <option>Type=simple</option> where possible, which does not require use of PID files to determine the
+        main process of a service and avoids needless forking.</para></listitem>
       </varlistentry>
 
       <varlistentry>

src/basic/alloc-util.h

@@ -80,7 +80,7 @@ void* memdup_suffix0(const void *p, size_t l); /* We can't use _alloc_() here, s
         })
 
 static inline void freep(void *p) {
-        free(*(void**) p);
+        *(void**)p = mfree(*(void**) p);
 }
 
 #define _cleanup_free_ _cleanup_(freep)

src/basic/efivars.c

@@ -343,7 +343,7 @@ int cache_efi_options_variable(void) {
         int r;
 
         /* In SecureBoot mode this is probably not what you want. As your cmdline is cryptographically signed
-         * like when using Type #2 EFI Unified Kernel Images (https://systemd.io/BOOT_LOADER_SPECIFICATION/)
+         * like when using Type #2 EFI Unified Kernel Images (https://systemd.io/BOOT_LOADER_SPECIFICATION)
          * The user's intention is then that the cmdline should not be modified. You want to make sure that
          * the system starts up as exactly specified in the signed artifact.
          *

src/basic/fileio.c

@@ -385,7 +385,9 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re
         if (fd < 0)
                 return -errno;
 
-        /* Start size for files in /proc which usually report a file size of 0. */
+        /* Start size for files in /proc/ which usually report a file size of 0. (Files in /sys/ report a
+         * file size of 4K, which is probably OK for sizing our initial buffer, and sysfs attributes can't be
+         * larger anyway.) */
         size = LINE_MAX / 2;
 
         /* Limit the number of attempts to read the number of bytes returned by fstat(). */

src/core/manager.c

@@ -4799,6 +4799,7 @@ char *manager_taint_string(Manager *m) {
 
         buf = new(char, sizeof("split-usr:"
                                "cgroups-missing:"
+                               "cgrousv1:"
                                "local-hwclock:"
                                "var-run-bad:"
                                "overflowuid-not-65534:"
@@ -4815,6 +4816,9 @@ char *manager_taint_string(Manager *m) {
         if (access("/proc/cgroups", F_OK) < 0)
                 e = stpcpy(e, "cgroups-missing:");
 
+        if (cg_all_unified() == 0)
+                e = stpcpy(e, "cgroupsv1:");
+
         if (clock_is_localtime(NULL) > 0)
                 e = stpcpy(e, "local-hwclock:");
 

src/network/networkd-address.c

@@ -276,12 +276,7 @@ static int address_set_masquerade(Address *address, bool add) {
         if (address->scope >= RT_SCOPE_LINK)
                 return 0;
 
-        if (address->family == AF_INET &&
+        if (address->ip_masquerade_done == add)
-            address->ip_masquerade_done == add)
-                return 0;
-
-        if (address->family == AF_INET6 &&
-            address->ipv6_masquerade_done == add)
                 return 0;
 
         masked = address->in_addr;
@@ -293,10 +288,7 @@ static int address_set_masquerade(Address *address, bool add) {
         if (r < 0)
                 return r;
 
-        if (address->family == AF_INET)
+        address->ip_masquerade_done = add;
-                address->ip_masquerade_done = add;
-        else if (address->family == AF_INET6)
-                address->ipv6_masquerade_done = add;
 
         return 0;
 }

src/network/networkd-address.h

@@ -38,7 +38,6 @@ typedef struct Address {
 
         bool scope_set:1;
         bool ip_masquerade_done:1;
-        bool ipv6_masquerade_done:1;
         AddressFamily duplicate_address_detection;
 
         /* Called when address become ready */

src/network/networkd-network-gperf.gperf

@@ -111,7 +111,7 @@ Network.DNSSEC,                              config_parse_dnssec_mode,
 Network.DNSSECNegativeTrustAnchors,          config_parse_dnssec_negative_trust_anchors,               0,                             0
 Network.NTP,                                 config_parse_ntp,                                         0,                             offsetof(Network, ntp)
 Network.IPForward,                           config_parse_address_family_with_kernel,                  0,                             offsetof(Network, ip_forward)
-Network.IPMasquerade,                        config_parse_address_family_compat,                       0,                             offsetof(Network, ip_masquerade)
+Network.IPMasquerade,                        config_parse_ip_masquerade,                               0,                             offsetof(Network, ip_masquerade)
 Network.IPv6PrivacyExtensions,               config_parse_ipv6_privacy_extensions,                     0,                             offsetof(Network, ipv6_privacy_extensions)
 Network.IPv6AcceptRA,                        config_parse_tristate,                                    0,                             offsetof(Network, ipv6_accept_ra)
 Network.IPv6AcceptRouterAdvertisements,      config_parse_tristate,                                    0,                             offsetof(Network, ipv6_accept_ra)

src/network/networkd-util.c

@@ -40,6 +40,13 @@ static const char* const dhcp_deprecated_address_family_table[_ADDRESS_FAMILY_MA
         [ADDRESS_FAMILY_IPV6] = "v6",
 };
 
+static const char* const ip_masquerade_address_family_table[_ADDRESS_FAMILY_MAX] = {
+        [ADDRESS_FAMILY_NO]   = "no",
+        [ADDRESS_FAMILY_YES]  = "both",
+        [ADDRESS_FAMILY_IPV4] = "ipv4",
+        [ADDRESS_FAMILY_IPV6] = "ipv6",
+};
+
 static const char* const dhcp_lease_server_type_table[_SD_DHCP_LEASE_SERVER_TYPE_MAX] = {
         [SD_DHCP_LEASE_DNS]  = "DNS servers",
         [SD_DHCP_LEASE_NTP]  = "NTP servers",
@@ -65,18 +72,9 @@ DEFINE_STRING_TABLE_LOOKUP(duplicate_address_detection_address_family, AddressFa
 DEFINE_CONFIG_PARSE_ENUM(config_parse_link_local_address_family, link_local_address_family,
                          AddressFamily, "Failed to parse option");
 DEFINE_STRING_TABLE_LOOKUP_FROM_STRING(dhcp_deprecated_address_family, AddressFamily);
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(ip_masquerade_address_family, AddressFamily);
 DEFINE_STRING_TABLE_LOOKUP(dhcp_lease_server_type, sd_dhcp_lease_server_type_t);
 
-static AddressFamily address_family_compat_from_string(const char *s) {
-        if (streq_ptr(s, "yes"))         /* compat name */
-                return ADDRESS_FAMILY_IPV4;
-        if (streq_ptr(s, "both"))
-                return ADDRESS_FAMILY_YES;
-        return address_family_from_string(s);
-}
-DEFINE_CONFIG_PARSE_ENUM(config_parse_address_family_compat, address_family_compat,
-                         AddressFamily, "Failed to parse option");
-
 int config_parse_address_family_with_kernel(
                 const char* unit,
                 const char *filename,
@@ -119,6 +117,49 @@ int config_parse_address_family_with_kernel(
         return 0;
 }
 
+int config_parse_ip_masquerade(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        AddressFamily a, *ret = data;
+        int r;
+
+        if (isempty(rvalue)) {
+                *ret = ADDRESS_FAMILY_NO;
+                return 0;
+        }
+
+        r = parse_boolean(rvalue);
+        if (r >= 0) {
+                if (r)
+                        log_syntax(unit, LOG_WARNING, filename, line, 0,
+                                   "IPMasquerade=%s is deprecated, and it is handled as \"ipv4\" instead of \"both\". "
+                                   "Please use \"ipv4\" or \"both\".",
+                                   rvalue);
+
+                *ret = r ? ADDRESS_FAMILY_IPV4 : ADDRESS_FAMILY_NO;
+                return 0;
+        }
+
+        a = ip_masquerade_address_family_from_string(rvalue);
+        if (a < 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, a,
+                           "Failed to parse IPMasquerade= setting, ignoring assignment: %s", rvalue);
+                return 0;
+        }
+
+        *ret = a;
+        return 0;
+}
+
 /* Router lifetime can be set with netlink interface since kernel >= 4.5
  * so for the supported kernel we don't need to expire routes in userspace */
 int kernel_route_expiration_supported(void) {

src/network/networkd-util.h

@@ -28,7 +28,7 @@ typedef struct NetworkConfigSection {
 
 CONFIG_PARSER_PROTOTYPE(config_parse_link_local_address_family);
 CONFIG_PARSER_PROTOTYPE(config_parse_address_family_with_kernel);
-CONFIG_PARSER_PROTOTYPE(config_parse_address_family_compat);
+CONFIG_PARSER_PROTOTYPE(config_parse_ip_masquerade);
 
 const char *address_family_to_string(AddressFamily b) _const_;
 AddressFamily address_family_from_string(const char *s) _pure_;

src/resolve/resolved-dns-packet.c

@@ -2378,7 +2378,7 @@ static int dns_packet_extract_answer(DnsPacket *p, DnsAnswer **ret_answer) {
                                 return r;
                 }
 
-                /* Remember this RR, so that we potentically can merge it's ->key object with the
+                /* Remember this RR, so that we can potentially merge its ->key object with the
                  * next RR. Note that we only do this if we actually decided to keep the RR around.
                  */
                 dns_resource_record_unref(previous);

src/xdg-autostart-generator/xdg-autostart-service.c

@@ -320,33 +320,34 @@ XdgAutostartService *xdg_autostart_service_parse_desktop(const char *path) {
                 return NULL;
 
         const ConfigTableItem items[] = {
-                { "Desktop Entry", "Name",                      xdg_config_parse_string, 0, &service->description},
+                { "Desktop Entry", "Name",                      xdg_config_parse_string, 0, &service->description             },
-                { "Desktop Entry", "Exec",                      xdg_config_parse_string, 0, &service->exec_string},
+                { "Desktop Entry", "Exec",                      xdg_config_parse_string, 0, &service->exec_string             },
-                { "Desktop Entry", "Path",                      xdg_config_parse_string, 0, &service->working_directory},
+                { "Desktop Entry", "Path",                      xdg_config_parse_string, 0, &service->working_directory       },
-                { "Desktop Entry", "TryExec",                   xdg_config_parse_string, 0, &service->try_exec},
+                { "Desktop Entry", "TryExec",                   xdg_config_parse_string, 0, &service->try_exec                },
-                { "Desktop Entry", "Type",                      xdg_config_parse_string, 0, &service->type},
+                { "Desktop Entry", "Type",                      xdg_config_parse_string, 0, &service->type                    },
-                { "Desktop Entry", "OnlyShowIn",                xdg_config_parse_strv, 0,   &service->only_show_in},
+                { "Desktop Entry", "OnlyShowIn",                xdg_config_parse_strv,   0, &service->only_show_in            },
-                { "Desktop Entry", "NotShowIn",                 xdg_config_parse_strv, 0,   &service->not_show_in},
+                { "Desktop Entry", "NotShowIn",                 xdg_config_parse_strv,   0, &service->not_show_in             },
-                { "Desktop Entry", "Hidden",                    xdg_config_parse_bool, 0,   &service->hidden},
+                { "Desktop Entry", "Hidden",                    xdg_config_parse_bool,   0, &service->hidden                  },
-                { "Desktop Entry", "AutostartCondition",        xdg_config_parse_string, 0, &service->autostart_condition},
+                { "Desktop Entry", "AutostartCondition",        xdg_config_parse_string, 0, &service->autostart_condition     },
-                { "Desktop Entry", "X-KDE-autostart-condition", xdg_config_parse_string, 0, &service->kde_autostart_condition},
+                { "Desktop Entry", "X-KDE-autostart-condition", xdg_config_parse_string, 0, &service->kde_autostart_condition },
-                { "Desktop Entry", "X-GNOME-Autostart-Phase",   xdg_config_parse_string, 0, &service->gnome_autostart_phase},
+                { "Desktop Entry", "X-GNOME-Autostart-Phase",   xdg_config_parse_string, 0, &service->gnome_autostart_phase   },
-                { "Desktop Entry", "X-systemd-skip",            xdg_config_parse_bool, 0,   &service->systemd_skip},
+                { "Desktop Entry", "X-systemd-skip",            xdg_config_parse_bool,   0, &service->systemd_skip            },
 
                 /* Common entries that we do not use currently. */
-                { "Desktop Entry", "Categories", NULL, 0, NULL},
+                { "Desktop Entry", "Categories",                NULL, 0, NULL},
-                { "Desktop Entry", "Comment", NULL, 0, NULL},
+                { "Desktop Entry", "Comment",                   NULL, 0, NULL},
-                { "Desktop Entry", "Encoding", NULL, 0, NULL},
+                { "Desktop Entry", "DBusActivatable",           NULL, 0, NULL},
-                { "Desktop Entry", "GenericName", NULL, 0, NULL},
+                { "Desktop Entry", "Encoding",                  NULL, 0, NULL},
-                { "Desktop Entry", "Icon", NULL, 0, NULL},
+                { "Desktop Entry", "GenericName",               NULL, 0, NULL},
-                { "Desktop Entry", "Keywords", NULL, 0, NULL},
+                { "Desktop Entry", "Icon",                      NULL, 0, NULL},
-                { "Desktop Entry", "MimeType", NULL, 0, NULL},
+                { "Desktop Entry", "Keywords",                  NULL, 0, NULL},
-                { "Desktop Entry", "NoDisplay", NULL, 0, NULL},
+                { "Desktop Entry", "MimeType",                  NULL, 0, NULL},
-                { "Desktop Entry", "StartupNotify", NULL, 0, NULL},
+                { "Desktop Entry", "NoDisplay",                 NULL, 0, NULL},
-                { "Desktop Entry", "StartupWMClass", NULL, 0, NULL},
+                { "Desktop Entry", "StartupNotify",             NULL, 0, NULL},
-                { "Desktop Entry", "Terminal", NULL, 0, NULL},
+                { "Desktop Entry", "StartupWMClass",            NULL, 0, NULL},
-                { "Desktop Entry", "URL", NULL, 0, NULL},
+                { "Desktop Entry", "Terminal",                  NULL, 0, NULL},
-                { "Desktop Entry", "Version", NULL, 0, NULL},
+                { "Desktop Entry", "URL",                       NULL, 0, NULL},
+                { "Desktop Entry", "Version",                   NULL, 0, NULL},
                 {}
         };
 
@@ -375,20 +376,17 @@ int xdg_autostart_format_exec_start(
         int r;
 
         /*
-         * Unfortunately, there is a mismatch between systemd's idea of $PATH
+         * Unfortunately, there is a mismatch between systemd's idea of $PATH and XDGs. I.e. we need to
-         * and XDGs. i.e. we need to ensure that we have an absolute path to
+         * ensure that we have an absolute path to support cases where $PATH has been modified from the
-         * support cases where $PATH has been modified from the default set.
+         * default set.
          *
-         * Note that this is only needed for development environments though;
+         * Note that this is only needed for development environments though; so while it is important, this
-         * so while it is important, this should have no effect in production
+         * should have no effect in production environments.
-         * environments.
          *
-         * To be compliant with the XDG specification, we also need to strip
+         * To be compliant with the XDG specification, we also need to strip certain parameters and
-         * certain parameters and such. Doing so properly makes parsing the
+         * such. Doing so properly makes parsing the command line unavoidable.
-         * command line unavoidable.
          *
-         * NOTE: Technically, XDG only specifies " as quotes, while this also
+         * NOTE: Technically, XDG only specifies " as quotes, while this also accepts '.
-         *       accepts '.
          */
         r = strv_split_full(&exec_split, exec, NULL, EXTRACT_UNQUOTE | EXTRACT_RELAX);
         if (r < 0)
@@ -424,28 +422,26 @@ int xdg_autostart_format_exec_start(
                 }
 
                 /*
-                 * Remove any standardised XDG fields; we assume they never appear as
+                 * Remove any standardised XDG fields; we assume they never appear as part of another
-                 * part of another argument as that just does not make any sense as
+                 * argument as that just does not make any sense as they can be empty (GLib will e.g. turn
-                 * they can be empty (GLib will e.g. turn "%f" into an empty argument).
+                 * "%f" into an empty argument).  Other implementations may handle this differently.
-                 * Other implementations may handle this differently.
                  */
                 if (STR_IN_SET(c,
                                "%f", "%F",
                                "%u", "%U",
                                "%d", "%D",
                                "%n", "%N",
-                               "%i", /* Location of icon, could be implemented. */
+                               "%i",          /* Location of icon, could be implemented. */
-                               "%c", /* Translated application name, could be implemented. */
+                               "%c",          /* Translated application name, could be implemented. */
-                               "%k", /* Location of desktop file, could be implemented. */
+                               "%k",          /* Location of desktop file, could be implemented. */
                                "%v",
                                "%m"
                                ))
                         continue;
 
                 /*
-                 * %% -> % and then % -> %% means that we correctly quote any %
+                 * %% -> % and then % -> %% means that we correctly quote any % and also quote any left over
-                 * and also quote any left over (and invalid) % specifier from
+                 * (and invalid) % specifier from the desktop file.
-                 * the desktop file.
                  */
                 raw = strreplace(c, "%%", "%");
                 if (!raw)
@@ -539,10 +535,8 @@ int xdg_autostart_service_generate_unit(
                 return 0;
         }
 
-        /*
+        /* The TryExec key cannot be checked properly from the systemd unit, it is trivial to check using
-         * The TryExec key cannot be checked properly from the systemd unit,
+         * find_executable though. */
-         * it is trivial to check using find_executable though.
-         */
         if (service->try_exec) {
                 r = find_executable(service->try_exec, NULL);
                 if (r < 0) {

sysctl.d/50-default.conf

@@ -41,7 +41,7 @@ net.ipv4.conf.*.promote_secondaries = 1
 # the kernel because of this definition in linux/include/net/ping.h:
 #   #define GID_T_MAX (((gid_t)~0U) >> 1)
 # That's not so bad because values between 2^31 and 2^32-1 are reserved on
-# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
+# systemd-based systems anyway: https://systemd.io/UIDS-GIDS#summary
 -net.ipv4.ping_group_range = 0 2147483647
 
 # Fair Queue CoDel packet scheduler to fight bufferbloat